Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Well hidden malware [Solved]


  • This topic is locked This topic is locked

#1
Cotutor

Cotutor

    Member

  • Member
  • PipPipPip
  • 494 posts
Ok a little background. I'm a freshman in Geek U. In the process of learning I attempted to run OTL on one of my own desktops, and it wouldn't run. It would hang up at scanning xmlprov... So since at the time my system didn't give any indication of infection, I consulted with my instructor in Geek U and she recommended I post a question there in order to further my learning.
Not sure if it will help, but here is a link to the original question: http://www.geekstogo...ed/page__st__30

Now this system was used when I got it, but since it didn't seem to have any problems, I just used it 'as is' without any wipe and reload, and other than general internet, it's not used for much.
IN the process of working with CompCav and OTL and others we managed to get OTL to run, non standard, and discovered there are definite signs of infections, and so I'm posting here for help. This is going to be a learning experience for me as well, and my Geek U teacher is aware of the unusual circumstances. So if you could help me to work thru this without messing it up even worse, I would greatly appreciate it.
Below are the OTL logs and I will add a reply with the extras log to make it easier to review.
Before reading thru them keep in mind that in order to get OTL to run I had to use the following settings in OTL:

Select Scan All Users

Under Services select None

Under Drivers select None

Select Lop Check and Purity Check

Under Extra Registry select Use SafeList

Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT



OTL logfile created on: 7/23/2012 9:00:31 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 68.32% Memory free
1.95 Gb Paging File | 1.55 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 160.40 Gb Free Space | 86.10% Space Free | Partition Type: NTFS

Computer Name: STANLEY-B78766E | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 08:52:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2012/07/04 22:49:03 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2012/07/04 22:49:00 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2011/11/30 03:28:49 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/12 12:08:14 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTimeUpdater.exe
PRC - [2011/05/03 17:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
PRC - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 11:58:50 | 000,076,384 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSLAUNCH.EXE
PRC - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/04 22:51:34 | 000,030,888 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2012/06/21 06:11:11 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/21 06:08:46 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/21 06:08:23 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/10 03:14:01 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:13:34 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/10 03:07:57 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 03:07:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/12 12:08:26 | 000,223,232 | ---- | M] () -- C:\Documents and Settings\John\Application Data\QuickTime\IE\sqlite3.dll
MOD - [2011/07/12 12:08:14 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTimeUpdater.exe
MOD - [2009/08/05 11:59:08 | 000,199,264 | ---- | M] () -- C:\Program Files\Charter Security Suite\Spam Control\fsas.dll
MOD - [2009/08/05 11:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dll
MOD - [2009/08/05 11:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fsumi.dll
MOD - [2009/05/26 09:48:24 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/05/26 09:48:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/05/26 09:48:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/05/26 09:48:23 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/05/26 09:48:21 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3343.28330__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/05/26 09:48:21 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3343.28328__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/05/26 09:48:21 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/05/26 09:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/05/26 09:48:21 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/05/26 09:48:21 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/05/26 09:48:20 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3343.28199__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/05/26 09:48:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3343.28329__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 08:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...e=tb50TB50CLie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...e=tb50TB50CLie7
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{FD9D2D24-074E-46F5-93AB-EBA56AF0962F}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/07/15 17:43:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Charter Security Suite\NRS\[email protected] [2012/07/04 22:55:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2012/06/25 14:39:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (QuickTime) - {D26AE2EA-3F14-42DF-AC75-14380C4ACFD0} - C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTime.dll (Apple Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-220523388-1647877149-725345543-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340811782687 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE2205F-57FA-4CD3-8DB4-99DA7343A9B4}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/22 15:11:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: xmlprov - %SystemRoot%\System32\xmlprov.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 08:52:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2012/07/17 15:48:10 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/13 15:04:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John\Desktop\dds.exe
[2012/07/04 22:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\f-secure
[2012/07/04 22:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Charter Security Suite
[2012/07/04 22:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2012/07/04 22:35:31 | 000,080,000 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2012/07/04 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Charter Security Suite
[2012/07/04 22:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2012/07/04 22:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/07/04 21:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes
[2012/07/04 21:29:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/27 12:05:52 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/25 14:51:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/25 14:12:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/23 08:52:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2012/07/20 17:57:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/20 17:57:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 17:57:07 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/20 16:55:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/13 15:06:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John\Desktop\dds.exe
[2012/07/04 22:56:10 | 000,044,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/07/04 22:43:21 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Charter Security Suite.lnk
[2012/07/04 22:35:38 | 000,449,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/04 22:35:37 | 000,075,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/04 21:38:13 | 000,022,716 | ---- | M] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2012/06/27 12:09:29 | 000,000,494 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Computer Tutor Remote Help.lnk
[2012/06/27 12:07:27 | 000,000,433 | RHS- | M] () -- C:\boot.ini
[2012/06/27 12:05:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/27 12:05:52 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/26 09:07:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/25 14:39:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/04 22:43:21 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Charter Security Suite.lnk
[2012/07/04 22:36:50 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/06/27 12:09:29 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Computer Tutor Remote Help.lnk
[2012/06/27 11:40:54 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Shortcut to My Documents.lnk
[2012/06/27 11:40:27 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Juanita Resume.wps
[2012/06/27 11:13:06 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Service call Quitting time.wps
[2012/06/27 11:12:52 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Quote for Cagle.wps
[2012/06/27 11:12:46 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Pam and Randy invoice.wps
[2012/06/27 11:08:22 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\John\My Documents\GCHS spay and neuter.wps
[2012/06/27 11:08:22 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\John\My Documents\GCHS Cond. repair.wps
[2012/06/27 11:07:58 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Ellwood Dr invoice.wps
[2012/06/27 11:04:57 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\John\My Documents\#1&#4 Bl Cantwell.wps
[2012/06/27 11:04:56 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\John\My Documents\#% BLCANTWELL.wps
[2012/06/25 14:13:11 | 000,000,317 | ---- | C] () -- C:\Boot.bak
[2012/06/25 14:13:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/16 01:22:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/17 16:29:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\ixiqoyejamiyum.dll
[2011/01/17 04:17:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\emebebag.dll
[2011/01/16 03:53:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\oxupuzegixoret.dll
[2011/01/14 05:07:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\unejasuq.dll
[2011/01/13 20:59:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\exogebute.dll
[2010/09/27 10:41:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufujorecewekife.dll
[2010/09/27 08:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aweqemej.dll
[2010/09/27 06:37:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivufisequpalir.dll
[2010/09/27 04:35:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\amesuzupijaf.dll
[2010/09/27 02:33:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elogizoyowohow.dll
[2010/09/27 00:31:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihemuligizoyowoh.dll
[2010/09/26 22:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acoriwitatuxo.dll
[2010/09/26 20:27:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urofiwuzoza.dll
[2010/09/26 18:25:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\unolifasufoli.dll
[2010/09/26 16:23:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyerowig.dll
[2010/09/26 14:21:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxapilidarex.dll
[2010/09/26 12:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\evexazivaz.dll
[2010/09/26 10:17:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onodoleq.dll
[2010/09/26 08:15:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adevalanah.dll
[2010/09/26 06:13:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oguqewid.dll
[2010/09/26 04:11:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ucecefuhe.dll
[2010/09/26 02:09:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipohoriqowaqifi.dll
[2010/09/26 00:07:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onaluwenu.dll
[2010/09/25 22:05:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\amotazet.dll
[2010/09/25 20:03:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyeyesubasebiwey.dll
[2010/09/25 18:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwonalul.dll
[2010/09/25 15:59:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igetezezuqujarow.dll
[2010/09/25 13:57:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezowumifo.dll
[2010/09/25 11:55:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igitafapititefe.dll
[2010/09/25 09:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqosuwul.dll
[2010/09/25 07:51:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epabefovahu.dll
[2010/09/25 05:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iporesoxiwuv.dll
[2010/09/25 03:47:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umefulohoqusiw.dll
[2010/09/25 01:45:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqolevetecof.dll
[2010/09/24 23:43:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ojuwusehih.dll
[2010/09/24 21:41:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofaqafot.dll
[2010/09/24 19:39:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azekurub.dll
[2010/09/24 17:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axopexom.dll
[2010/09/24 15:35:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqasifiziwesi.dll
[2010/09/24 13:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyoqisefac.dll
[2010/09/24 11:31:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epecazuw.dll
[2010/09/19 09:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugawixanimi.dll
[2010/09/19 06:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxugereciyozo.dll
[2010/09/19 04:57:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epikidon.dll
[2010/09/19 02:55:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agevepas.dll
[2010/09/19 00:53:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usuxidigibavuk.dll
[2010/09/18 22:51:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\useradew.dll
[2010/09/18 20:49:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipacarez.dll
[2010/09/18 18:47:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afohixusoyaqoxi.dll
[2010/09/18 16:45:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\equduxox.dll
[2010/09/18 14:43:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihikikik.dll
[2010/09/18 12:41:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asagavopiwamikux.dll
[2010/09/18 10:39:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olikuvayadepir.dll
[2010/09/18 08:37:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uguhadajakucuraq.dll
[2010/09/18 06:35:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itenipucov.dll
[2010/09/18 04:33:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awevixipabu.dll
[2010/09/18 02:31:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\areyoxiyalogu.dll
[2010/09/18 00:29:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufabakezako.dll
[2010/09/17 22:27:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uyagaxeyu.dll
[2010/09/17 20:25:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxiruvozer.dll
[2010/09/17 18:23:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otezodulipor.dll
[2010/09/17 16:21:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihufepov.dll
[2010/09/17 14:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibewopikebeg.dll
[2010/09/17 12:17:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axakoxevo.dll
[2010/09/17 10:15:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyivakad.dll
[2010/09/17 08:13:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urosikuno.dll
[2010/09/17 06:11:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igiruxec.dll
[2010/09/17 04:09:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\evujodohujeh.dll
[2010/09/17 02:07:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejequvetidacir.dll
[2010/09/17 00:05:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itupopeg.dll
[2010/09/16 22:03:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acejudoyatupek.dll
[2010/09/16 20:01:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogezakoboxagijo.dll
[2010/09/16 17:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozeceris.dll
[2010/09/16 15:57:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iyupoxaziguquxu.dll
[2010/09/16 13:55:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipujokilomini.dll
[2010/09/16 11:53:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udebidovug.dll
[2010/09/16 09:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwanevud.dll
[2010/09/16 07:49:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ajumudivos.dll
[2010/09/16 05:47:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asuyivoqubub.dll
[2010/09/16 03:45:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osuwareheguri.dll
[2010/09/16 01:43:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehizixuqoto.dll
[2010/09/15 23:41:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqifikaha.dll
[2010/09/15 21:39:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atiwikisoxe.dll
[2010/09/15 19:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufuxavowiyelukig.dll
[2010/09/15 17:35:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqalidemawixor.dll
[2010/09/15 15:33:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oruvadazaderirif.dll
[2010/09/15 13:31:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ovafipul.dll
[2010/09/15 11:29:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqanojow.dll
[2010/09/15 09:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etaruxile.dll
[2010/09/15 07:25:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukupikep.dll
[2010/09/15 05:23:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axuxaxed.dll
[2010/09/15 03:21:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akoyelukig.dll
[2010/09/15 01:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecolarej.dll
[2010/09/14 23:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axirifucipisozoq.dll
[2010/09/14 21:25:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asezewujonafaz.dll
[2010/09/14 19:23:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asiqizoqosi.dll
[2010/09/14 17:21:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umopevog.dll
[2010/09/14 15:19:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzijilesoqa.dll
[2010/09/14 13:17:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ojedezenocopo.dll
[2010/09/14 11:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqicuwusehihev.dll
[2010/09/14 09:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uluhefozujec.dll
[2010/09/14 07:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azanerulat.dll
[2010/09/14 05:09:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozorawaxozuv.dll
[2010/09/14 03:07:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iheguzel.dll
[2010/09/14 01:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otumilap.dll
[2010/09/13 23:03:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okuyazada.dll
[2010/09/13 21:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibojazij.dll
[2010/09/13 18:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzizafit.dll
[2010/09/13 16:57:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\utefarip.dll
[2010/09/13 14:55:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oliwaruy.dll
[2010/09/13 12:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\obegufag.dll
[2010/09/13 10:51:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aridalumihu.dll
[2010/09/13 08:49:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akovolovolovo.dll
[2010/09/13 06:47:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itefaveleriweso.dll
[2010/09/13 04:45:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elasuliz.dll
[2010/09/13 02:43:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arerifad.dll
[2010/09/13 00:41:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibovuroviloxegir.dll
[2010/09/12 22:39:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otuxomodoruvoz.dll
[2010/09/12 20:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ekidawevevuk.dll
[2010/09/12 18:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axajiliqu.dll
[2010/09/12 16:33:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osutuzuh.dll
[2010/09/12 14:31:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugucosaq.dll
[2010/09/12 12:29:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anoxisigiha.dll
[2010/09/12 10:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itenoweturet.dll
[2010/09/12 08:25:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icemoxobuz.dll
[2010/09/12 06:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebehofusocac.dll
[2010/09/12 04:21:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejajirazoh.dll
[2010/09/12 02:19:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogesozomufavele.dll
[2010/09/12 00:17:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozigevop.dll
[2010/09/11 22:15:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etamoledunumulo.dll
[2010/09/11 20:13:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihayezevuqana.dll
[2010/09/11 18:11:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ohodifexemexiz.dll
[2010/09/11 16:09:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anuvifoh.dll
[2010/09/11 14:07:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adofewoq.dll
[2010/09/11 12:05:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzesofihutafuzac.dll
[2010/09/11 10:03:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imajazetijoki.dll
[2010/09/11 08:01:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehodilaweti.dll
[2010/09/11 05:59:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exirezate.dll
[2010/09/11 03:57:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atimazizufe.dll
[2010/09/11 01:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isajefif.dll
[2010/09/10 23:53:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iheteriwed.dll
[2010/09/10 21:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\omucimafeyut.dll
[2010/09/08 16:28:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehuhibew.dll
[2010/09/08 14:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecijumafuxuja.dll
[2010/09/08 12:24:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqokimup.dll
[2010/09/08 10:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebepuwido.dll
[2010/09/08 08:24:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arotigokidonot.dll
[2010/09/08 06:18:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibesuyaxukow.dll
[2010/09/06 02:13:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afonizokizi.dll
[2010/09/06 00:08:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edakuvom.dll
[2010/09/05 22:06:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uripediwihe.dll
[2010/09/05 20:04:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ixehawagurin.dll
[2010/09/05 18:02:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inotowuwuqecuz.dll
[2010/09/05 16:03:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adacafofoceq.dll
[2010/09/05 14:01:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezapuwowoh.dll
[2010/09/05 11:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imisulej.dll
[2010/09/05 09:54:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ohibozer.dll
[2010/08/28 16:36:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogiraxijumafuxu.dll
[2010/08/22 17:32:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okopoxubacepexo.dll
[2010/08/19 21:02:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ajifepuxekuvay.dll
[2010/08/19 19:00:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecuqiqurihik.dll
[2010/08/19 17:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owakuhoxaj.dll
[2010/08/19 16:55:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewuxuquxojapon.dll
[2010/08/12 03:24:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uhuxosokarad.dll
[2010/08/05 18:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acojihano.dll
[2010/07/30 08:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ikazuyufomor.dll
[2010/07/30 06:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udixagawoy.dll
[2010/07/30 04:52:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukoseyomebuf.dll
[2010/07/30 02:50:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ahanoyiv.dll
[2010/07/30 00:52:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igovuwoxutapimo.dll
[2010/07/29 22:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atexamecusura.dll
[2010/07/29 20:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esowitatuxofumu.dll
[2010/07/29 18:46:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ubezubohidozo.dll
[2010/07/29 16:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owoqogun.dll
[2010/07/29 14:38:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egiyesicogotobuh.dll
[2010/07/29 12:36:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ifoxiyet.dll
[2010/07/29 10:34:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okalugaw.dll
[2010/07/29 08:36:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukotamaga.dll
[2010/07/29 06:34:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezibomuredi.dll
[2010/07/29 04:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ojonawifu.dll
[2010/07/29 02:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apuqotiw.dll
[2010/07/29 00:24:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azagogajekumibol.dll
[2010/07/28 22:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyamosarevegub.dll
[2010/07/28 20:24:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uhoyonoxuxab.dll
[2010/07/28 18:18:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebojegohewateb.dll
[2010/07/28 17:05:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejiqodadujo.dll
[2010/07/28 15:03:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\enizudanawoza.dll
[2010/07/28 13:01:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akamevocogi.dll
[2010/07/28 10:59:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otoyejuhediqadun.dll
[2010/07/28 08:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipepiriqurejad.dll
[2010/07/28 06:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihelukigatekudat.dll
[2010/07/28 04:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulekixuy.dll
[2010/07/28 02:51:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alusidub.dll
[2010/07/28 00:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihejuduli.dll
[2010/07/27 22:47:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvoqaviv.dll
[2010/07/27 20:45:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alocadis.dll
[2010/07/27 18:43:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebamajapimogud.dll
[2010/07/27 16:41:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itayoradiyub.dll
[2010/07/27 14:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arihaxovab.dll
[2010/07/27 12:37:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebatoxicedoj.dll
[2010/07/27 10:35:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oguxudipotafa.dll
[2010/07/27 08:33:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulelepetiyogovi.dll
[2010/07/27 06:31:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ubawudehibewa.dll
[2010/07/27 04:29:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ovemadoyadomipu.dll
[2010/07/27 02:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ekikukub.dll
[2010/07/27 00:25:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axevaxit.dll
[2010/07/26 22:23:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ajiloxeg.dll
[2010/07/26 20:21:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukerurul.dll
[2010/07/26 18:19:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehuyaparohijepu.dll
[2010/07/26 16:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acuxevuqa.dll
[2010/07/26 14:18:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imilodipoki.dll
[2010/07/26 12:13:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iyocupodo.dll
[2010/07/26 10:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usogajekumibol.dll
[2010/07/26 08:09:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulokexaquvetidac.dll
[2010/07/26 06:07:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozohukuhoxajed.dll
[2010/07/26 04:05:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otinujuqodih.dll
[2010/07/26 02:06:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqomipob.dll
[2010/07/26 00:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukasodamape.dll
[2010/07/25 21:59:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzabivebaxiti.dll
[2010/07/25 19:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agativol.dll
[2010/07/25 17:55:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvirexowexul.dll
[2010/07/25 15:53:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itugirifad.dll
[2010/07/25 13:51:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odisarevegub.dll
[2010/07/25 11:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebubixudum.dll
[2010/07/25 09:47:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxokodur.dll
[2010/07/25 07:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otivipeji.dll
[2010/07/25 05:43:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okisevih.dll
[2010/07/25 03:41:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibirediqa.dll
[2010/07/25 01:39:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibonokec.dll
[2010/07/24 23:37:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iworukem.dll
[2010/07/24 21:35:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emopixoh.dll
[2010/07/24 19:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecijekumiboludos.dll
[2010/07/24 17:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukotudiwo.dll
[2010/07/24 15:29:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izucepexominopa.dll
[2010/07/24 13:27:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itupadew.dll
[2010/07/24 11:25:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eludadodexadape.dll
[2010/07/24 09:26:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxebukukaseg.dll
[2009/07/22 21:16:19 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 21:23:17 | 000,022,716 | ---- | C] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2009/05/22 15:27:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2009/05/22 15:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/11/23 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2009/05/26 16:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/07/04 22:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/07/04 22:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/07/11 21:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova
[2009/05/30 13:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/03 21:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/11/23 16:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/08/03 11:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/03/29 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\DriverCure
[2012/07/04 22:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\f-secure
[2010/03/22 10:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MSNInstaller
[2011/07/25 23:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\PhotoScape
[2009/08/02 15:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Skinux
[2012/03/29 21:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\SpeedyPC Software
[2009/05/28 21:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Template
[2011/11/23 17:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Tific

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/07/08 17:07:46 | 090,666,697 | ---- | M] (Aladdin Systems, Inc.) -- C:\Novasoftware_1.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2004/08/10 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.EXE-2F433351.PF >
[2012/07/20 17:58:37 | 000,009,908 | ---- | M] () MD5=2EB8969E7F0220BCC9D8D51AB85A3859 -- C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf

< MD5 for: SERVICES.LNK >
[2009/05/28 16:53:00 | 000,001,602 | ---- | M] () MD5=37AC63691C61B61FBFF86828B62FD89D -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/10 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 03:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >
  • 0

Advertisements


#2
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
Ok, here is the extras log, as well as I thought I might mention I just made another discovery. Notepad.exe seems to have received some sort of corruption.
If I try double clicking on a .txt file it will open the window asking me what to open it with. If I go into explorer and try to set the file association for .txt files to notepad, notepad isn't listed in the available or recommended programs. If I browse to the windows folder and choose notepad.exe it does not set the file association. I can however open notepad from the run command. If I go to the programs menu and find notepad, the shortcut was pointing to c:\windows\system32\actmovie.exe I have since renamed this file, figuring it was malware, to actmovie.old. But left it there awaiting further instructions. I did fix the shortcut to point to the appropriate place, but I am still unable to fix the file association.

Thank you for the help.

OTL Extras logfile created on: 7/23/2012 9:00:31 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 68.32% Memory free
1.95 Gb Paging File | 1.55 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 160.40 Gb Free Space | 86.10% Space Free | Partition Type: NTFS

Computer Name: STANLEY-B78766E | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UPDATESDISABLENOTIFY" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1249312896\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1249312896\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0A8ACB60-16A4-4FC0-886B-98C3CC50BAE0}" = Diabetes Software
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{686695ED-BB3F-415D-B0DB-18CF535F7B50}" = Driver Manager
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91295A0F-A58C-4CF5-A66C-EB5D12D58E7E}" = Diabetes Software
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}" = ATI MCE Transcode
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A8D920E3-A9A3-488F-86D5-B6CA3636CC3B}" = Diabetes Software
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF18FC6D-5EB6-492B-8635-4E2CDEF5D97E}" = Diabetes Software
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7140A5F-B4D9-4285-97FE-59591A5B8E4E}" = Diabetes Software
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ESPNMotion" = ESPNMotion
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"F-Secure Product 444" = Charter Security Suite
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonPCCheckup" = Norton PC Checkup
"ParadigmPAL" = MM ParadigmPAL
"PhotoScape" = PhotoScape
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2011 2:46:01 PM | Computer Name = STANLEY-B78766E | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 7/18/2012 2:30:58 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/18/2012 2:36:08 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/18/2012 2:41:18 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/18/2012 2:46:28 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/18/2012 2:51:38 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/18/2012 2:56:48 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/18/2012 3:01:58 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/18/2012 3:07:08 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/18/2012 3:12:18 PM | Computer Name = STANLEY-B78766E | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.104. The machine with the IP address 192.168.0.134 did
not allow the name to be claimed by this machine.

Error - 7/20/2012 6:00:39 PM | Computer Name = STANLEY-B78766E | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Cotutor! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Please post:

aswMBR log

  • 0

#4
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
CompCav,
Thanks for taking this on. aswMRB is scanning now, will post log when it's finished. Would you mind sharing with me what determined your next course of action to scan with asw?
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
See my PM on your question.
  • 0

#6
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
Ok CompCav,
ASWmbr ran for a while and then force closed. I captured a screen shot of the error, and it is attached. It basically said that an unexpected error occurred and was forced to close...
Awaiting further instructions.

Attached Thumbnails

  • screen shot.JPG

Edited by Cotutor, 25 July 2012 - 04:48 PM.

  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    O2 - BHO: (QuickTime) - {D26AE2EA-3F14-42DF-AC75-14380C4ACFD0} - C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTime.dll (Apple Inc.)
    [2011/01/17 16:29:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\ixiqoyejamiyum.dll
    [2011/01/17 04:17:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\emebebag.dll
    [2011/01/16 03:53:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\oxupuzegixoret.dll
    [2011/01/14 05:07:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\unejasuq.dll
    [2011/01/13 20:59:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\exogebute.dll
    [2010/09/27 10:41:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufujorecewekife.dll
    [2010/09/27 08:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aweqemej.dll
    [2010/09/27 06:37:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivufisequpalir.dll
    [2010/09/27 04:35:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\amesuzupijaf.dll
    [2010/09/27 02:33:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elogizoyowohow.dll
    [2010/09/27 00:31:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihemuligizoyowoh.dll
    [2010/09/26 22:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acoriwitatuxo.dll
    [2010/09/26 20:27:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urofiwuzoza.dll
    [2010/09/26 18:25:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\unolifasufoli.dll
    [2010/09/26 16:23:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyerowig.dll
    [2010/09/26 14:21:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxapilidarex.dll
    [2010/09/26 12:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\evexazivaz.dll
    [2010/09/26 10:17:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onodoleq.dll
    [2010/09/26 08:15:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adevalanah.dll
    [2010/09/26 06:13:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oguqewid.dll
    [2010/09/26 04:11:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ucecefuhe.dll
    [2010/09/26 02:09:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipohoriqowaqifi.dll
    [2010/09/26 00:07:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\onaluwenu.dll
    [2010/09/25 22:05:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\amotazet.dll
    [2010/09/25 20:03:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyeyesubasebiwey.dll
    [2010/09/25 18:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwonalul.dll
    [2010/09/25 15:59:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igetezezuqujarow.dll
    [2010/09/25 13:57:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezowumifo.dll
    [2010/09/25 11:55:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igitafapititefe.dll
    [2010/09/25 09:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqosuwul.dll
    [2010/09/25 07:51:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epabefovahu.dll
    [2010/09/25 05:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iporesoxiwuv.dll
    [2010/09/25 03:47:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umefulohoqusiw.dll
    [2010/09/25 01:45:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqolevetecof.dll
    [2010/09/24 23:43:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ojuwusehih.dll
    [2010/09/24 21:41:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofaqafot.dll
    [2010/09/24 19:39:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azekurub.dll
    [2010/09/24 17:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axopexom.dll
    [2010/09/24 15:35:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqasifiziwesi.dll
    [2010/09/24 13:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyoqisefac.dll
    [2010/09/24 11:31:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epecazuw.dll
    [2010/09/19 09:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugawixanimi.dll
    [2010/09/19 06:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxugereciyozo.dll
    [2010/09/19 04:57:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epikidon.dll
    [2010/09/19 02:55:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agevepas.dll
    [2010/09/19 00:53:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usuxidigibavuk.dll
    [2010/09/18 22:51:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\useradew.dll
    [2010/09/18 20:49:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipacarez.dll
    [2010/09/18 18:47:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afohixusoyaqoxi.dll
    [2010/09/18 16:45:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\equduxox.dll
    [2010/09/18 14:43:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihikikik.dll
    [2010/09/18 12:41:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asagavopiwamikux.dll
    [2010/09/18 10:39:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olikuvayadepir.dll
    [2010/09/18 08:37:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uguhadajakucuraq.dll
    [2010/09/18 06:35:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itenipucov.dll
    [2010/09/18 04:33:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awevixipabu.dll
    [2010/09/18 02:31:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\areyoxiyalogu.dll
    [2010/09/18 00:29:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufabakezako.dll
    [2010/09/17 22:27:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uyagaxeyu.dll
    [2010/09/17 20:25:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxiruvozer.dll
    [2010/09/17 18:23:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otezodulipor.dll
    [2010/09/17 16:21:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihufepov.dll
    [2010/09/17 14:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibewopikebeg.dll
    [2010/09/17 12:17:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axakoxevo.dll
    [2010/09/17 10:15:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyivakad.dll
    [2010/09/17 08:13:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urosikuno.dll
    [2010/09/17 06:11:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igiruxec.dll
    [2010/09/17 04:09:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\evujodohujeh.dll
    [2010/09/17 02:07:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejequvetidacir.dll
    [2010/09/17 00:05:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itupopeg.dll
    [2010/09/16 22:03:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acejudoyatupek.dll
    [2010/09/16 20:01:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogezakoboxagijo.dll
    [2010/09/16 17:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozeceris.dll
    [2010/09/16 15:57:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iyupoxaziguquxu.dll
    [2010/09/16 13:55:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipujokilomini.dll
    [2010/09/16 11:53:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udebidovug.dll
    [2010/09/16 09:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uwanevud.dll
    [2010/09/16 07:49:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ajumudivos.dll
    [2010/09/16 05:47:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asuyivoqubub.dll
    [2010/09/16 03:45:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osuwareheguri.dll
    [2010/09/16 01:43:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehizixuqoto.dll
    [2010/09/15 23:41:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqifikaha.dll
    [2010/09/15 21:39:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atiwikisoxe.dll
    [2010/09/15 19:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufuxavowiyelukig.dll
    [2010/09/15 17:35:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqalidemawixor.dll
    [2010/09/15 15:33:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oruvadazaderirif.dll
    [2010/09/15 13:31:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ovafipul.dll
    [2010/09/15 11:29:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqanojow.dll
    [2010/09/15 09:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etaruxile.dll
    [2010/09/15 07:25:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukupikep.dll
    [2010/09/15 05:23:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axuxaxed.dll
    [2010/09/15 03:21:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akoyelukig.dll
    [2010/09/15 01:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecolarej.dll
    [2010/09/14 23:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axirifucipisozoq.dll
    [2010/09/14 21:25:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asezewujonafaz.dll
    [2010/09/14 19:23:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asiqizoqosi.dll
    [2010/09/14 17:21:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umopevog.dll
    [2010/09/14 15:19:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzijilesoqa.dll
    [2010/09/14 13:17:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ojedezenocopo.dll
    [2010/09/14 11:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iqicuwusehihev.dll
    [2010/09/14 09:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uluhefozujec.dll
    [2010/09/14 07:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azanerulat.dll
    [2010/09/14 05:09:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozorawaxozuv.dll
    [2010/09/14 03:07:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iheguzel.dll
    [2010/09/14 01:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otumilap.dll
    [2010/09/13 23:03:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okuyazada.dll
    [2010/09/13 21:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibojazij.dll
    [2010/09/13 18:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzizafit.dll
    [2010/09/13 16:57:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\utefarip.dll
    [2010/09/13 14:55:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oliwaruy.dll
    [2010/09/13 12:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\obegufag.dll
    [2010/09/13 10:51:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aridalumihu.dll
    [2010/09/13 08:49:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akovolovolovo.dll
    [2010/09/13 06:47:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itefaveleriweso.dll
    [2010/09/13 04:45:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elasuliz.dll
    [2010/09/13 02:43:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arerifad.dll
    [2010/09/13 00:41:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibovuroviloxegir.dll
    [2010/09/12 22:39:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otuxomodoruvoz.dll
    [2010/09/12 20:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ekidawevevuk.dll
    [2010/09/12 18:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axajiliqu.dll
    [2010/09/12 16:33:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\osutuzuh.dll
    [2010/09/12 14:31:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugucosaq.dll
    [2010/09/12 12:29:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anoxisigiha.dll
    [2010/09/12 10:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itenoweturet.dll
    [2010/09/12 08:25:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icemoxobuz.dll
    [2010/09/12 06:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebehofusocac.dll
    [2010/09/12 04:21:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejajirazoh.dll
    [2010/09/12 02:19:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogesozomufavele.dll
    [2010/09/12 00:17:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozigevop.dll
    [2010/09/11 22:15:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etamoledunumulo.dll
    [2010/09/11 20:13:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihayezevuqana.dll
    [2010/09/11 18:11:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ohodifexemexiz.dll
    [2010/09/11 16:09:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anuvifoh.dll
    [2010/09/11 14:07:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adofewoq.dll
    [2010/09/11 12:05:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzesofihutafuzac.dll
    [2010/09/11 10:03:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imajazetijoki.dll
    [2010/09/11 08:01:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehodilaweti.dll
    [2010/09/11 05:59:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exirezate.dll
    [2010/09/11 03:57:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atimazizufe.dll
    [2010/09/11 01:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isajefif.dll
    [2010/09/10 23:53:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iheteriwed.dll
    [2010/09/10 21:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\omucimafeyut.dll
    [2010/09/08 16:28:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehuhibew.dll
    [2010/09/08 14:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecijumafuxuja.dll
    [2010/09/08 12:24:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqokimup.dll
    [2010/09/08 10:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebepuwido.dll
    [2010/09/08 08:24:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arotigokidonot.dll
    [2010/09/08 06:18:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibesuyaxukow.dll
    [2010/09/06 02:13:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afonizokizi.dll
    [2010/09/06 00:08:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edakuvom.dll
    [2010/09/05 22:06:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uripediwihe.dll
    [2010/09/05 20:04:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ixehawagurin.dll
    [2010/09/05 18:02:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inotowuwuqecuz.dll
    [2010/09/05 16:03:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adacafofoceq.dll
    [2010/09/05 14:01:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezapuwowoh.dll
    [2010/09/05 11:56:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imisulej.dll
    [2010/09/05 09:54:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ohibozer.dll
    [2010/08/28 16:36:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogiraxijumafuxu.dll
    [2010/08/22 17:32:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okopoxubacepexo.dll
    [2010/08/19 21:02:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ajifepuxekuvay.dll
    [2010/08/19 19:00:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecuqiqurihik.dll
    [2010/08/19 17:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owakuhoxaj.dll
    [2010/08/19 16:55:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewuxuquxojapon.dll
    [2010/08/12 03:24:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uhuxosokarad.dll
    [2010/08/05 18:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acojihano.dll
    [2010/07/30 08:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ikazuyufomor.dll
    [2010/07/30 06:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udixagawoy.dll
    [2010/07/30 04:52:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukoseyomebuf.dll
    [2010/07/30 02:50:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ahanoyiv.dll
    [2010/07/30 00:52:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igovuwoxutapimo.dll
    [2010/07/29 22:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atexamecusura.dll
    [2010/07/29 20:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esowitatuxofumu.dll
    [2010/07/29 18:46:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ubezubohidozo.dll
    [2010/07/29 16:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owoqogun.dll
    [2010/07/29 14:38:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egiyesicogotobuh.dll
    [2010/07/29 12:36:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ifoxiyet.dll
    [2010/07/29 10:34:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okalugaw.dll
    [2010/07/29 08:36:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukotamaga.dll
    [2010/07/29 06:34:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezibomuredi.dll
    [2010/07/29 04:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ojonawifu.dll
    [2010/07/29 02:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apuqotiw.dll
    [2010/07/29 00:24:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azagogajekumibol.dll
    [2010/07/28 22:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyamosarevegub.dll
    [2010/07/28 20:24:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uhoyonoxuxab.dll
    [2010/07/28 18:18:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebojegohewateb.dll
    [2010/07/28 17:05:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejiqodadujo.dll
    [2010/07/28 15:03:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\enizudanawoza.dll
    [2010/07/28 13:01:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akamevocogi.dll
    [2010/07/28 10:59:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otoyejuhediqadun.dll
    [2010/07/28 08:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipepiriqurejad.dll
    [2010/07/28 06:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihelukigatekudat.dll
    [2010/07/28 04:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulekixuy.dll
    [2010/07/28 02:51:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alusidub.dll
    [2010/07/28 00:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihejuduli.dll
    [2010/07/27 22:47:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvoqaviv.dll
    [2010/07/27 20:45:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alocadis.dll
    [2010/07/27 18:43:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebamajapimogud.dll
    [2010/07/27 16:41:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itayoradiyub.dll
    [2010/07/27 14:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arihaxovab.dll
    [2010/07/27 12:37:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebatoxicedoj.dll
    [2010/07/27 10:35:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oguxudipotafa.dll
    [2010/07/27 08:33:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulelepetiyogovi.dll
    [2010/07/27 06:31:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ubawudehibewa.dll
    [2010/07/27 04:29:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ovemadoyadomipu.dll
    [2010/07/27 02:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ekikukub.dll
    [2010/07/27 00:25:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axevaxit.dll
    [2010/07/26 22:23:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ajiloxeg.dll
    [2010/07/26 20:21:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukerurul.dll
    [2010/07/26 18:19:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehuyaparohijepu.dll
    [2010/07/26 16:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acuxevuqa.dll
    [2010/07/26 14:18:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imilodipoki.dll
    [2010/07/26 12:13:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iyocupodo.dll
    [2010/07/26 10:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\usogajekumibol.dll
    [2010/07/26 08:09:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulokexaquvetidac.dll
    [2010/07/26 06:07:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozohukuhoxajed.dll
    [2010/07/26 04:05:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otinujuqodih.dll
    [2010/07/26 02:06:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eqomipob.dll
    [2010/07/26 00:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukasodamape.dll
    [2010/07/25 21:59:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzabivebaxiti.dll
    [2010/07/25 19:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agativol.dll
    [2010/07/25 17:55:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvirexowexul.dll
    [2010/07/25 15:53:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itugirifad.dll
    [2010/07/25 13:51:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odisarevegub.dll
    [2010/07/25 11:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebubixudum.dll
    [2010/07/25 09:47:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxokodur.dll
    [2010/07/25 07:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otivipeji.dll
    [2010/07/25 05:43:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okisevih.dll
    [2010/07/25 03:41:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibirediqa.dll
    [2010/07/25 01:39:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibonokec.dll
    [2010/07/24 23:37:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iworukem.dll
    [2010/07/24 21:35:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emopixoh.dll
    [2010/07/24 19:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecijekumiboludos.dll
    [2010/07/24 17:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukotudiwo.dll
    [2010/07/24 15:29:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izucepexominopa.dll
    [2010/07/24 13:27:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itupadew.dll
    [2010/07/24 11:25:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eludadodexadape.dll
    [2010/07/24 09:26:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxebukukaseg.dll
    
    
    
    
    :files
    ipconfig /flushdns /c
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

  • 0

#8
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D26AE2EA-3F14-42DF-AC75-14380C4ACFD0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D26AE2EA-3F14-42DF-AC75-14380C4ACFD0}\ deleted successfully.
C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTime.dll moved successfully.
C:\WINDOWS\ixiqoyejamiyum.dll moved successfully.
C:\WINDOWS\emebebag.dll moved successfully.
C:\WINDOWS\oxupuzegixoret.dll moved successfully.
C:\WINDOWS\unejasuq.dll moved successfully.
C:\WINDOWS\exogebute.dll moved successfully.
C:\WINDOWS\ufujorecewekife.dll moved successfully.
C:\WINDOWS\aweqemej.dll moved successfully.
C:\WINDOWS\ivufisequpalir.dll moved successfully.
C:\WINDOWS\amesuzupijaf.dll moved successfully.
C:\WINDOWS\elogizoyowohow.dll moved successfully.
C:\WINDOWS\ihemuligizoyowoh.dll moved successfully.
C:\WINDOWS\acoriwitatuxo.dll moved successfully.
C:\WINDOWS\urofiwuzoza.dll moved successfully.
C:\WINDOWS\unolifasufoli.dll moved successfully.
C:\WINDOWS\oyerowig.dll moved successfully.
C:\WINDOWS\uxapilidarex.dll moved successfully.
C:\WINDOWS\evexazivaz.dll moved successfully.
C:\WINDOWS\onodoleq.dll moved successfully.
C:\WINDOWS\adevalanah.dll moved successfully.
C:\WINDOWS\oguqewid.dll moved successfully.
C:\WINDOWS\ucecefuhe.dll moved successfully.
C:\WINDOWS\ipohoriqowaqifi.dll moved successfully.
C:\WINDOWS\onaluwenu.dll moved successfully.
C:\WINDOWS\amotazet.dll moved successfully.
C:\WINDOWS\oyeyesubasebiwey.dll moved successfully.
C:\WINDOWS\uwonalul.dll moved successfully.
C:\WINDOWS\igetezezuqujarow.dll moved successfully.
C:\WINDOWS\ezowumifo.dll moved successfully.
C:\WINDOWS\igitafapititefe.dll moved successfully.
C:\WINDOWS\iqosuwul.dll moved successfully.
C:\WINDOWS\epabefovahu.dll moved successfully.
C:\WINDOWS\iporesoxiwuv.dll moved successfully.
C:\WINDOWS\umefulohoqusiw.dll moved successfully.
C:\WINDOWS\eqolevetecof.dll moved successfully.
C:\WINDOWS\ojuwusehih.dll moved successfully.
C:\WINDOWS\ofaqafot.dll moved successfully.
C:\WINDOWS\azekurub.dll moved successfully.
C:\WINDOWS\axopexom.dll moved successfully.
C:\WINDOWS\eqasifiziwesi.dll moved successfully.
C:\WINDOWS\oyoqisefac.dll moved successfully.
C:\WINDOWS\epecazuw.dll moved successfully.
C:\WINDOWS\ugawixanimi.dll moved successfully.
C:\WINDOWS\oxugereciyozo.dll moved successfully.
C:\WINDOWS\epikidon.dll moved successfully.
C:\WINDOWS\agevepas.dll moved successfully.
C:\WINDOWS\usuxidigibavuk.dll moved successfully.
C:\WINDOWS\useradew.dll moved successfully.
C:\WINDOWS\ipacarez.dll moved successfully.
C:\WINDOWS\afohixusoyaqoxi.dll moved successfully.
C:\WINDOWS\equduxox.dll moved successfully.
C:\WINDOWS\ihikikik.dll moved successfully.
C:\WINDOWS\asagavopiwamikux.dll moved successfully.
C:\WINDOWS\olikuvayadepir.dll moved successfully.
C:\WINDOWS\uguhadajakucuraq.dll moved successfully.
C:\WINDOWS\itenipucov.dll moved successfully.
C:\WINDOWS\awevixipabu.dll moved successfully.
C:\WINDOWS\areyoxiyalogu.dll moved successfully.
C:\WINDOWS\ufabakezako.dll moved successfully.
C:\WINDOWS\uyagaxeyu.dll moved successfully.
C:\WINDOWS\uxiruvozer.dll moved successfully.
C:\WINDOWS\otezodulipor.dll moved successfully.
C:\WINDOWS\ihufepov.dll moved successfully.
C:\WINDOWS\ibewopikebeg.dll moved successfully.
C:\WINDOWS\axakoxevo.dll moved successfully.
C:\WINDOWS\oyivakad.dll moved successfully.
C:\WINDOWS\urosikuno.dll moved successfully.
C:\WINDOWS\igiruxec.dll moved successfully.
C:\WINDOWS\evujodohujeh.dll moved successfully.
C:\WINDOWS\ejequvetidacir.dll moved successfully.
C:\WINDOWS\itupopeg.dll moved successfully.
C:\WINDOWS\acejudoyatupek.dll moved successfully.
C:\WINDOWS\ogezakoboxagijo.dll moved successfully.
C:\WINDOWS\ozeceris.dll moved successfully.
C:\WINDOWS\iyupoxaziguquxu.dll moved successfully.
C:\WINDOWS\ipujokilomini.dll moved successfully.
C:\WINDOWS\udebidovug.dll moved successfully.
C:\WINDOWS\uwanevud.dll moved successfully.
C:\WINDOWS\ajumudivos.dll moved successfully.
C:\WINDOWS\asuyivoqubub.dll moved successfully.
C:\WINDOWS\osuwareheguri.dll moved successfully.
C:\WINDOWS\ehizixuqoto.dll moved successfully.
C:\WINDOWS\iqifikaha.dll moved successfully.
C:\WINDOWS\atiwikisoxe.dll moved successfully.
C:\WINDOWS\ufuxavowiyelukig.dll moved successfully.
C:\WINDOWS\eqalidemawixor.dll moved successfully.
C:\WINDOWS\oruvadazaderirif.dll moved successfully.
C:\WINDOWS\ovafipul.dll moved successfully.
C:\WINDOWS\eqanojow.dll moved successfully.
C:\WINDOWS\etaruxile.dll moved successfully.
C:\WINDOWS\ukupikep.dll moved successfully.
C:\WINDOWS\axuxaxed.dll moved successfully.
C:\WINDOWS\akoyelukig.dll moved successfully.
C:\WINDOWS\ecolarej.dll moved successfully.
C:\WINDOWS\axirifucipisozoq.dll moved successfully.
C:\WINDOWS\asezewujonafaz.dll moved successfully.
C:\WINDOWS\asiqizoqosi.dll moved successfully.
C:\WINDOWS\umopevog.dll moved successfully.
C:\WINDOWS\uzijilesoqa.dll moved successfully.
C:\WINDOWS\ojedezenocopo.dll moved successfully.
C:\WINDOWS\iqicuwusehihev.dll moved successfully.
C:\WINDOWS\uluhefozujec.dll moved successfully.
C:\WINDOWS\azanerulat.dll moved successfully.
C:\WINDOWS\ozorawaxozuv.dll moved successfully.
C:\WINDOWS\iheguzel.dll moved successfully.
C:\WINDOWS\otumilap.dll moved successfully.
C:\WINDOWS\okuyazada.dll moved successfully.
C:\WINDOWS\ibojazij.dll moved successfully.
C:\WINDOWS\uzizafit.dll moved successfully.
C:\WINDOWS\utefarip.dll moved successfully.
C:\WINDOWS\oliwaruy.dll moved successfully.
C:\WINDOWS\obegufag.dll moved successfully.
C:\WINDOWS\aridalumihu.dll moved successfully.
C:\WINDOWS\akovolovolovo.dll moved successfully.
C:\WINDOWS\itefaveleriweso.dll moved successfully.
C:\WINDOWS\elasuliz.dll moved successfully.
C:\WINDOWS\arerifad.dll moved successfully.
C:\WINDOWS\ibovuroviloxegir.dll moved successfully.
C:\WINDOWS\otuxomodoruvoz.dll moved successfully.
C:\WINDOWS\ekidawevevuk.dll moved successfully.
C:\WINDOWS\axajiliqu.dll moved successfully.
C:\WINDOWS\osutuzuh.dll moved successfully.
C:\WINDOWS\ugucosaq.dll moved successfully.
C:\WINDOWS\anoxisigiha.dll moved successfully.
C:\WINDOWS\itenoweturet.dll moved successfully.
C:\WINDOWS\icemoxobuz.dll moved successfully.
C:\WINDOWS\ebehofusocac.dll moved successfully.
C:\WINDOWS\ejajirazoh.dll moved successfully.
C:\WINDOWS\ogesozomufavele.dll moved successfully.
C:\WINDOWS\ozigevop.dll moved successfully.
C:\WINDOWS\etamoledunumulo.dll moved successfully.
C:\WINDOWS\ihayezevuqana.dll moved successfully.
C:\WINDOWS\ohodifexemexiz.dll moved successfully.
C:\WINDOWS\anuvifoh.dll moved successfully.
C:\WINDOWS\adofewoq.dll moved successfully.
C:\WINDOWS\uzesofihutafuzac.dll moved successfully.
C:\WINDOWS\imajazetijoki.dll moved successfully.
C:\WINDOWS\ehodilaweti.dll moved successfully.
C:\WINDOWS\exirezate.dll moved successfully.
C:\WINDOWS\atimazizufe.dll moved successfully.
C:\WINDOWS\isajefif.dll moved successfully.
C:\WINDOWS\iheteriwed.dll moved successfully.
C:\WINDOWS\omucimafeyut.dll moved successfully.
C:\WINDOWS\ehuhibew.dll moved successfully.
C:\WINDOWS\ecijumafuxuja.dll moved successfully.
C:\WINDOWS\aqokimup.dll moved successfully.
C:\WINDOWS\ebepuwido.dll moved successfully.
C:\WINDOWS\arotigokidonot.dll moved successfully.
C:\WINDOWS\ibesuyaxukow.dll moved successfully.
C:\WINDOWS\afonizokizi.dll moved successfully.
C:\WINDOWS\edakuvom.dll moved successfully.
C:\WINDOWS\uripediwihe.dll moved successfully.
C:\WINDOWS\ixehawagurin.dll moved successfully.
C:\WINDOWS\inotowuwuqecuz.dll moved successfully.
C:\WINDOWS\adacafofoceq.dll moved successfully.
C:\WINDOWS\ezapuwowoh.dll moved successfully.
C:\WINDOWS\imisulej.dll moved successfully.
C:\WINDOWS\ohibozer.dll moved successfully.
C:\WINDOWS\ogiraxijumafuxu.dll moved successfully.
C:\WINDOWS\okopoxubacepexo.dll moved successfully.
C:\WINDOWS\ajifepuxekuvay.dll moved successfully.
C:\WINDOWS\ecuqiqurihik.dll moved successfully.
C:\WINDOWS\owakuhoxaj.dll moved successfully.
C:\WINDOWS\ewuxuquxojapon.dll moved successfully.
C:\WINDOWS\uhuxosokarad.dll moved successfully.
C:\WINDOWS\acojihano.dll moved successfully.
C:\WINDOWS\ikazuyufomor.dll moved successfully.
C:\WINDOWS\udixagawoy.dll moved successfully.
C:\WINDOWS\ukoseyomebuf.dll moved successfully.
C:\WINDOWS\ahanoyiv.dll moved successfully.
C:\WINDOWS\igovuwoxutapimo.dll moved successfully.
C:\WINDOWS\atexamecusura.dll moved successfully.
C:\WINDOWS\esowitatuxofumu.dll moved successfully.
C:\WINDOWS\ubezubohidozo.dll moved successfully.
C:\WINDOWS\owoqogun.dll moved successfully.
C:\WINDOWS\egiyesicogotobuh.dll moved successfully.
C:\WINDOWS\ifoxiyet.dll moved successfully.
C:\WINDOWS\okalugaw.dll moved successfully.
C:\WINDOWS\ukotamaga.dll moved successfully.
C:\WINDOWS\ezibomuredi.dll moved successfully.
C:\WINDOWS\ojonawifu.dll moved successfully.
C:\WINDOWS\apuqotiw.dll moved successfully.
C:\WINDOWS\azagogajekumibol.dll moved successfully.
C:\WINDOWS\eyamosarevegub.dll moved successfully.
C:\WINDOWS\uhoyonoxuxab.dll moved successfully.
C:\WINDOWS\ebojegohewateb.dll moved successfully.
C:\WINDOWS\ejiqodadujo.dll moved successfully.
C:\WINDOWS\enizudanawoza.dll moved successfully.
C:\WINDOWS\akamevocogi.dll moved successfully.
C:\WINDOWS\otoyejuhediqadun.dll moved successfully.
C:\WINDOWS\ipepiriqurejad.dll moved successfully.
C:\WINDOWS\ihelukigatekudat.dll moved successfully.
C:\WINDOWS\ulekixuy.dll moved successfully.
C:\WINDOWS\alusidub.dll moved successfully.
C:\WINDOWS\ihejuduli.dll moved successfully.
C:\WINDOWS\uvoqaviv.dll moved successfully.
C:\WINDOWS\alocadis.dll moved successfully.
C:\WINDOWS\ebamajapimogud.dll moved successfully.
C:\WINDOWS\itayoradiyub.dll moved successfully.
C:\WINDOWS\arihaxovab.dll moved successfully.
C:\WINDOWS\ebatoxicedoj.dll moved successfully.
C:\WINDOWS\oguxudipotafa.dll moved successfully.
C:\WINDOWS\ulelepetiyogovi.dll moved successfully.
C:\WINDOWS\ubawudehibewa.dll moved successfully.
C:\WINDOWS\ovemadoyadomipu.dll moved successfully.
C:\WINDOWS\ekikukub.dll moved successfully.
C:\WINDOWS\axevaxit.dll moved successfully.
C:\WINDOWS\ajiloxeg.dll moved successfully.
C:\WINDOWS\ukerurul.dll moved successfully.
C:\WINDOWS\ehuyaparohijepu.dll moved successfully.
C:\WINDOWS\acuxevuqa.dll moved successfully.
C:\WINDOWS\imilodipoki.dll moved successfully.
C:\WINDOWS\iyocupodo.dll moved successfully.
C:\WINDOWS\usogajekumibol.dll moved successfully.
C:\WINDOWS\ulokexaquvetidac.dll moved successfully.
C:\WINDOWS\ozohukuhoxajed.dll moved successfully.
C:\WINDOWS\otinujuqodih.dll moved successfully.
C:\WINDOWS\eqomipob.dll moved successfully.
C:\WINDOWS\ukasodamape.dll moved successfully.
C:\WINDOWS\uzabivebaxiti.dll moved successfully.
C:\WINDOWS\agativol.dll moved successfully.
C:\WINDOWS\uvirexowexul.dll moved successfully.
C:\WINDOWS\itugirifad.dll moved successfully.
C:\WINDOWS\odisarevegub.dll moved successfully.
C:\WINDOWS\ebubixudum.dll moved successfully.
C:\WINDOWS\uxokodur.dll moved successfully.
C:\WINDOWS\otivipeji.dll moved successfully.
C:\WINDOWS\okisevih.dll moved successfully.
C:\WINDOWS\ibirediqa.dll moved successfully.
C:\WINDOWS\ibonokec.dll moved successfully.
C:\WINDOWS\iworukem.dll moved successfully.
C:\WINDOWS\emopixoh.dll moved successfully.
C:\WINDOWS\ecijekumiboludos.dll moved successfully.
C:\WINDOWS\ukotudiwo.dll moved successfully.
C:\WINDOWS\izucepexominopa.dll moved successfully.
C:\WINDOWS\itupadew.dll moved successfully.
C:\WINDOWS\eludadodexadape.dll moved successfully.
C:\WINDOWS\uxebukukaseg.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\John\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\John\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: John
->Temp folder emptied: 86781791 bytes
->Temporary Internet Files folder emptied: 353240113 bytes
->Flash cache emptied: 17915 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225527 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34352 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 645140 bytes

Total Files Cleaned = 422.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07252012_202903

Files\Folders moved on Reboot...
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\GABZ4Q4Y\index[5].htm moved successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\F8KOX8NH\320368-well-hidden-malware[1].htm moved successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

PendingFileRenameOperations files...
File C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\GABZ4Q4Y\index[5].htm not found!
File C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\F8KOX8NH\320368-well-hidden-malware[1].htm not found!
File C:\Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat not found!

Registry entries deleted on Reboot...
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please try a quickscan with OTL with Services and Drivers normal and select all users.

If it still locks up then restart it and select all users and put services and drivers at none and click Run Scan.
  • 0

#10
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
Here ya go my friend, had to run with no drivers, no services....still locking up on improv...

OTL logfile created on: 7/26/2012 6:02:46 PM - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 59.64% Memory free
1.95 Gb Paging File | 1.39 Gb Available in Paging File | 71.42% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 160.62 Gb Free Space | 86.21% Space Free | Partition Type: NTFS

Computer Name: STANLEY-B78766E | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 08:52:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2012/07/04 22:53:00 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2012/07/04 22:49:03 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2012/07/04 22:49:00 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2011/11/30 03:28:49 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/12 12:08:14 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTimeUpdater.exe
PRC - [2011/05/03 17:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
PRC - [2009/08/05 11:59:26 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 11:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
PRC - [2009/08/05 11:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 11:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/04 22:51:34 | 000,030,888 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2012/06/21 06:11:11 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/21 06:08:46 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/21 06:08:23 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/10 03:14:01 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:13:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/10 03:13:34 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/10 03:11:30 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 03:07:57 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 03:07:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/12 12:08:14 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\John\Application Data\QuickTime\IE\QuickTimeUpdater.exe
MOD - [2009/08/05 11:59:08 | 000,199,264 | ---- | M] () -- C:\Program Files\Charter Security Suite\Spam Control\fsas.dll
MOD - [2009/08/05 11:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSPC\fspcfsm.eng
MOD - [2009/08/05 11:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dll
MOD - [2009/08/05 11:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fsumi.dll
MOD - [2009/08/05 11:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\strres.eng
MOD - [2009/08/05 11:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\gres.dll
MOD - [2009/08/05 11:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\flyerres.eng
MOD - [2009/08/05 11:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\fsavures.eng
MOD - [2009/08/05 11:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\about.dll
MOD - [2009/08/05 11:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\aboutres.dll
MOD - [2009/08/05 11:56:08 | 000,036,864 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\fsavhres.eng
MOD - [2009/05/26 09:48:31 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3343.28356__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2009/05/26 09:48:31 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3343.28356__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2009/05/26 09:48:31 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3343.28359__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2009/05/26 09:48:31 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3343.28356__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2009/05/26 09:48:30 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/05/26 09:48:30 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3343.28315__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009/05/26 09:48:30 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3343.28200__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:30 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/05/26 09:48:30 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3343.28309__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:30 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/05/26 09:48:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3343.28213__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:29 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3343.28338__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/05/26 09:48:29 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3343.28339__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:29 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3343.28213__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:29 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3343.28281__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:29 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:28 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3343.28289__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/05/26 09:48:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:27 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3343.28265__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:27 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3343.28301__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/05/26 09:48:26 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3343.28310__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:26 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3343.28215__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:26 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:26 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:26 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:26 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3343.28236__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:25 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/05/26 09:48:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:25 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3343.28279__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/05/26 09:48:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/05/26 09:48:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/05/26 09:48:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/05/26 09:48:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/05/26 09:48:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/05/26 09:48:24 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/05/26 09:48:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/05/26 09:48:24 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/05/26 09:48:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/05/26 09:48:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/05/26 09:48:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/05/26 09:48:24 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/05/26 09:48:23 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/05/26 09:48:23 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/05/26 09:48:23 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/05/26 09:48:23 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/05/26 09:48:23 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/05/26 09:48:23 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/05/26 09:48:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/05/26 09:48:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/05/26 09:48:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/05/26 09:48:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/05/26 09:48:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/05/26 09:48:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/05/26 09:48:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/05/26 09:48:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/05/26 09:48:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/05/26 09:48:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/05/26 09:48:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/05/26 09:48:21 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3343.28368__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009/05/26 09:48:21 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3343.28330__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/05/26 09:48:21 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3343.28328__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/05/26 09:48:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3343.28347__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/05/26 09:48:21 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/05/26 09:48:21 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/05/26 09:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/05/26 09:48:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/05/26 09:48:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/05/26 09:48:21 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/05/26 09:48:21 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/05/26 09:48:21 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3343.28197__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/05/26 09:48:20 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3343.28321__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/05/26 09:48:20 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/05/26 09:48:20 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3343.28198__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/05/26 09:48:20 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3343.28199__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/05/26 09:48:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/05/26 09:48:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/05/26 09:48:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/05/26 09:48:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/05/26 09:48:19 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3343.28207__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/05/26 09:48:19 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3343.28199__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/05/26 09:48:19 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3343.28198__90ba9c70f846762e\APM.Server.dll
MOD - [2009/05/26 09:48:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/05/26 09:48:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/05/26 09:48:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3343.28329__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/05/26 09:48:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/05/26 09:48:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3343.28197__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 08:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...e=tb50TB50CLie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes,DefaultScope = {FD9D2D24-074E-46F5-93AB-EBA56AF0962F}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...e=tb50TB50CLie7
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..\SearchScopes\{FD9D2D24-074E-46F5-93AB-EBA56AF0962F}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-220523388-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/07/15 17:43:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Charter Security Suite\NRS\[email protected] [2012/07/04 22:55:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2012/07/25 20:29:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Computer Tutor Remote Help.lnk = C:\cotutor\AA_v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1647877149-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340811782687 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE2205F-57FA-4CD3-8DB4-99DA7343A9B4}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/22 15:11:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 20:29:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/25 11:15:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\John\Desktop\aswMBR.exe
[2012/07/24 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012/07/23 08:52:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2012/07/17 15:48:10 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/13 15:04:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John\Desktop\dds.exe
[2012/07/04 22:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\f-secure
[2012/07/04 22:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Charter Security Suite
[2012/07/04 22:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2012/07/04 22:35:31 | 000,080,000 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2012/07/04 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Charter Security Suite
[2012/07/04 22:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2012/07/04 22:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/07/04 21:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes
[2012/07/04 21:29:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/27 12:05:52 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/07/26 10:46:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 20:29:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/25 11:16:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\John\Desktop\aswMBR.exe
[2012/07/24 09:19:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/24 09:18:57 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/24 09:09:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/23 08:52:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2012/07/20 17:57:07 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/20 16:55:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/13 15:06:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John\Desktop\dds.exe
[2012/07/04 22:56:10 | 000,044,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/07/04 22:43:21 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Charter Security Suite.lnk
[2012/07/04 22:35:38 | 000,449,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/04 22:35:37 | 000,075,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/04 21:38:13 | 000,022,716 | ---- | M] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2012/06/27 12:09:29 | 000,000,494 | ---- | M] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\Computer Tutor Remote Help.lnk
[2012/06/27 12:09:29 | 000,000,494 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Computer Tutor Remote Help.lnk
[2012/06/27 12:07:27 | 000,000,433 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/07/24 18:50:28 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\Computer Tutor Remote Help.lnk
[2012/07/04 22:43:21 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Charter Security Suite.lnk
[2012/07/04 22:36:50 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/06/27 12:09:29 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Computer Tutor Remote Help.lnk
[2012/06/27 11:40:54 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Shortcut to My Documents.lnk
[2012/06/27 11:40:27 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Juanita Resume.wps
[2012/06/27 11:13:06 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Service call Quitting time.wps
[2012/06/27 11:12:52 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Quote for Cagle.wps
[2012/06/27 11:12:46 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Pam and Randy invoice.wps
[2012/06/27 11:08:22 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\John\My Documents\GCHS spay and neuter.wps
[2012/06/27 11:08:22 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\John\My Documents\GCHS Cond. repair.wps
[2012/06/27 11:07:58 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Ellwood Dr invoice.wps
[2012/06/27 11:04:57 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\John\My Documents\#1&#4 Bl Cantwell.wps
[2012/06/27 11:04:56 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\John\My Documents\#% BLCANTWELL.wps
[2012/02/16 01:22:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/07/22 21:16:19 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 21:23:17 | 000,022,716 | ---- | C] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2009/05/22 15:27:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat

< End of report >
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

  • 0

#12
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
Good mornin sir,
Combofix downloaded and ran without a hitch. I will note that it did not ask for a restart upon completion. Not sure if that's relevant or not, but here is the log and I am awaiting further instructions.

ComboFix 12-07-27.03 - John 07/27/2012 9:24.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1470.913 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\hr
c:\documents and settings\All Users\Application Data\AMMYY\hr3
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
c:\windows\fspscprereqmsiinst.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-26 00:29 . 2012-07-26 00:29 -------- d-----w- C:\_OTL
2012-07-17 19:48 . 2012-07-17 19:57 -------- d-----w- C:\FRST
2012-07-05 02:46 . 2012-07-05 02:46 -------- d-----w- c:\documents and settings\John\Application Data\f-secure
2012-07-05 02:37 . 2012-07-05 02:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2012-07-05 02:36 . 2012-07-05 02:56 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-05 02:35 . 2009-08-05 15:57 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2012-07-05 02:31 . 2012-07-05 02:58 -------- d-----w- c:\program files\Charter Security Suite
2012-07-05 02:28 . 2012-07-05 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2012-07-05 02:25 . 2012-07-05 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2012-07-05 01:30 . 2012-07-05 01:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes
2012-06-27 16:05 . 2012-07-24 13:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 13:18 . 2011-07-26 03:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-10 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2008-10-16 18:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-10 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-16 18:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-05-22 19:08 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-05-22 19:08 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-05-22 19:08 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-10-16 18:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-05-22 19:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-05-22 19:08 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-10-16 18:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 18:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-10 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 18:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-05-22 19:08 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-05-22 19:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-05-23 13:48 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2009-05-23 13:48 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:12 . 2004-08-10 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-05-22 19:03 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1249312896\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [7/4/2012 10:36 PM 44184]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [7/4/2012 10:35 PM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [7/4/2012 10:33 PM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [11/23/2011 5:06 PM 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2/14/2012 12:34 PM 126392]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [7/4/2012 10:31 PM 149672]
S2 QuickTimeUpdater;QuickTime Updater;c:\documents and settings\John\Application Data\QuickTime\IE\QuickTimeUpdater.exe [7/12/2011 12:08 PM 18432]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [7/4/2012 10:33 PM 55904]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [7/11/2009 9:03 PM 17792]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [7/4/2012 10:31 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [7/4/2012 10:31 PM 25184]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-27 09:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-1647877149-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
Completion time: 2012-07-27 09:42:49
ComboFix-quarantined-files.txt 2012-07-27 13:42
ComboFix2.txt 2012-06-25 18:50
.
Pre-Run: 172,350,300,160 bytes free
Post-Run: 172,340,592,640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9E4D0CD563CE7FC4DD7CF62C282FAEC3
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The boot.ini shows two windows partitions. Does it ask you to choose when you startup?

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect


  • 0

#14
Cotutor

Cotutor

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 494 posts
No Sir it does not.
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
How is it running, are there any issues?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP