Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

JinMirumkan S.O.L. on Windows XP [Solved]

Started by hawstom , Apr 02 2014 06:43 PM

  • This topic is locked This topic is locked

#1
hawstom
Posted 02 April 2014 - 06:43 PM

hawstom

    New Member

  • Member
  • Pip
  • 9 posts

I really appreciate your help, and I will be happy to stick with you to closure.

 

  • Creates several randomly named directories in [user]\Application Data with executables in them
  • Creates several randomly named files in windows\System32
  • a wiacy.exe with multiple process instances seems to be the possible payload, taking processor time hoggishly.
  • Apparently came from an email my mom opened

I've tried MBAM, MBAR, AdwCleaner, JRT, RKILL.com, TDSSKILLER.  I think it's time for some custom guidance.

 

Tom

 

=== Original OTL log (1 of 2) ===

 

OTL logfile created on: 3/29/2014 1:40:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Program Files (x86)
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.11 Mb Total Physical Memory | 450.97 Mb Available Physical Memory | 44.08% Memory free
2.41 Gb Paging File | 1.87 Gb Available in Paging File | 77.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 12.55 Gb Free Space | 22.46% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 3.19 Gb Free Space | 42.74% Space Free | Partition Type: FAT32
 
Computer Name: AIS11ZGY41 | User Name: kakdh | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 12:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Program Files (x86)\OTL.exe
PRC - [2014/03/25 17:13:58 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe
PRC - [2013/12/28 01:39:31 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\zimurusa.exe
PRC - [2013/09/20 16:30:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2013/09/19 15:33:27 | 000,304,660 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\asbiqyofm.exe
PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/04/18 16:03:58 | 000,302,250 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\armuxah.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/11 17:06:30 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/03/11 17:06:30 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/01/24 01:00:02 | 000,260,160 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATILAE.EXE
PRC - [2012/10/25 04:45:09 | 000,302,157 | ---- | M] (JinMirumkan S.O.L.) -- C:\Documents and Settings\kakdh\Application Data\Yhpyse\veofel.exe
PRC - [2012/10/25 04:45:09 | 000,302,157 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\qiepcyv.exe
PRC - [2012/09/19 00:38:32 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\ohibihv.exe
PRC - [2012/07/31 11:16:30 | 001,057,920 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012/05/17 00:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2012/04/25 09:38:57 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\otaty.exe
PRC - [2010/11/17 14:49:25 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\bobiwynege.exe
PRC - [2010/08/22 18:13:25 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\udobso.exe
PRC - [2010/08/22 18:13:25 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) -- C:\Documents and Settings\kakdh\Application Data\Opihqo\abbabiu.exe
PRC - [2010/03/28 12:11:47 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\girixayrug.exe
PRC - [2010/01/09 06:24:57 | 000,302,250 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\ocgigihe.exe
PRC - [2010/01/09 06:24:57 | 000,302,250 | ---- | M] (JinMirumkan S.O.L.) -- C:\Documents and Settings\kakdh\Application Data\Egelux\danokoa.exe
PRC - [2009/10/09 09:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/11/08 17:00:02 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\avvyacol.exe
PRC - [2008/10/29 18:11:14 | 000,801,544 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/10/29 18:11:06 | 000,300,296 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/06 13:15:16 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\bietug.exe
PRC - [2008/01/16 02:57:01 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) -- C:\Documents and Settings\kakdh\Application Data\Asguhuec\waihle.exe
PRC - [2008/01/16 02:57:01 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\obisi.exe
PRC - [2007/08/13 04:28:01 | 000,290,517 | ---- | M] (nijwwifh nete yzqkgq zopjnaebv qisurhoarg qmrsz) -- C:\Documents and Settings\kakdh\Application Data\Nyofenq\ylcyiw.exe
PRC - [2007/08/13 04:28:01 | 000,290,517 | ---- | M] (nijwwifh nete yzqkgq zopjnaebv qisurhoarg qmrsz) -- C:\WINDOWS\system32\xoahilho.exe
PRC - [2006/08/21 05:13:52 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) -- C:\WINDOWS\system32\vyuvqoqihy.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/05/22 12:42:36 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\Handspring\HOTSYNC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/26 15:35:39 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/03/26 12:29:04 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/03/26 12:28:51 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2014/03/25 17:13:58 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe
MOD - [2013/03/11 17:06:30 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/03/11 17:06:30 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
MOD - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2006/11/01 20:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\kakdh\LOCALS~1\Temp\019529~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0195291294167578mcinstcleanup)
SRV - [2014/03/12 11:36:48 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/20 08:40:02 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/28 01:39:31 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\zimurusa.exe -- (SecurityCenterServer2057864769)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/20 16:30:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2013/09/19 15:33:27 | 000,304,660 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\asbiqyofm.exe -- (SecurityCenterServer2939595160)
SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/04/18 16:03:58 | 000,302,250 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\armuxah.exe -- (SecurityCenterServer4215045626)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/11 17:06:30 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/10/25 04:45:09 | 000,302,157 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\qiepcyv.exe -- (SecurityCenterServer2469540606)
SRV - [2012/09/19 00:38:32 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\ohibihv.exe -- (SecurityCenterServer3159990460)
SRV - [2012/05/17 00:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2012/04/25 09:38:57 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\otaty.exe -- (SecurityCenterServer2646265564)
SRV - [2010/11/17 14:49:25 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\bobiwynege.exe -- (SecurityCenterServer1779182087)
SRV - [2010/08/22 18:13:25 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\udobso.exe -- (SecurityCenterServer1137301153)
SRV - [2010/03/28 12:11:47 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\girixayrug.exe -- (SecurityCenterServer1212904390)
SRV - [2010/01/09 06:24:57 | 000,302,250 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\ocgigihe.exe -- (SecurityCenterServer1882285819)
SRV - [2009/10/09 09:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/03/07 14:38:59 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/08 17:00:02 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\avvyacol.exe -- (SecurityCenterServer3068895032)
SRV - [2008/04/06 13:15:16 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\bietug.exe -- (SecurityCenterServer2654536800)
SRV - [2008/01/16 02:57:01 | 000,302,182 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\obisi.exe -- (SecurityCenterServer940684720)
SRV - [2007/08/13 04:28:01 | 000,290,517 | ---- | M] (nijwwifh nete yzqkgq zopjnaebv qisurhoarg qmrsz) [Auto | Running] -- C:\WINDOWS\system32\xoahilho.exe -- (SecurityCenterServer3395936529)
SRV - [2006/08/21 05:13:52 | 000,302,280 | ---- | M] (JinMirumkan S.O.L.) [Auto | Running] -- C:\WINDOWS\system32\vyuvqoqihy.exe -- (SecurityCenterServer3582828085)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/11 17:06:30 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011/05/16 19:01:00 | 000,162,544 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/05/16 19:01:00 | 000,122,224 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/05/16 19:01:00 | 000,111,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/05/16 19:01:00 | 000,044,720 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2009/10/09 08:50:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/12/16 23:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/16 23:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/16 23:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 23:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/10/12 23:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2003/09/26 09:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {57281A5A-CF74-4F0F-A854-E29F449E03A9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{57281A5A-CF74-4F0F-A854-E29F449E03A9}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...rud=25-03-2013"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mail.google.com/mail/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\kakdh\Local Settings\Application Data\RobloxVersions\version-27973050fb3b494f\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\kakdh\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/20 08:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/20 08:39:48 | 000,000,000 | ---D | M]
 
[2009/05/01 11:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kakdh\Application Data\Mozilla\Extensions
[2014/03/22 07:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default\extensions
[2013/11/19 14:00:10 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2014/02/20 08:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/20 08:40:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/09 06:13:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/15 13:00:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
O1 HOSTS File: ([2009/10/15 05:41:54 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Agevbaywinlyk] "C:\Documents and Settings\kakdh\Application Data\Okalrak\uffilau.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Fyiqpiyvza] C:\Documents and Settings\kakdh\Application Data\Ebuvhy\tezoliw.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Geceleyqvaruu] C:\Documents and Settings\kakdh\Application Data\Nyofenq\ylcyiw.exe (nijwwifh nete yzqkgq zopjnaebv qisurhoarg qmrsz)
O4 - HKLM..\Run: [Hihyegvuylunaq] C:\Documents and Settings\kakdh\Application Data\Ofbyazg\urizhom.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Huurur] "C:\Documents and Settings\kakdh\Application Data\Kuwoal\etehyw.exe" File not found
O4 - HKLM..\Run: [Ihyfkotowuwaal] C:\Documents and Settings\kakdh\Application Data\Qywoxyol\egdeqa.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Ikuztidomuadybw] C:\Documents and Settings\kakdh\Application Data\Ahedhe\mynousi.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Nueknyegvuypytl] C:\Documents and Settings\kakdh\Application Data\Paqedaof\arhookp.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Ofyhihi] C:\Documents and Settings\kakdh\Application Data\Agublicu\amsyfa.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Olywovxiisub] C:\Documents and Settings\kakdh\Application Data\Egelux\danokoa.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Ozxooqbuw] C:\Documents and Settings\kakdh\Application Data\Yhpyse\veofel.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Siuxhoagbeegly] C:\Documents and Settings\kakdh\Application Data\Naefgy\yryhz.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Upkeu] C:\Documents and Settings\kakdh\Application Data\Haufacr\pagaol.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [Weviyvdepo] C:\Documents and Settings\kakdh\Application Data\Asguhuec\waihle.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Ybypbe] C:\Documents and Settings\kakdh\Application Data\Opihqo\abbabiu.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Yhgon] C:\Documents and Settings\kakdh\Application Data\Ziakuhe\oqihc.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Ytfyzipera] C:\Documents and Settings\kakdh\Application Data\Vahyhe\ovsuf.exe (JinMirumkan S.O.L.)
O4 - HKLM..\Run: [Ytviypy] "C:\Documents and Settings\kakdh\Application Data\Sevael\zodoet.exe" File not found
O4 - HKCU..\Run: [Agevbaywinlyk] "C:\Documents and Settings\kakdh\Application Data\Okalrak\uffilau.exe" File not found
O4 - HKCU..\Run: [dmnkptqb] C:\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe ()
O4 - HKCU..\Run: [eegkfjcl] C:\Documents and Settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe ()
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\kakdh\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Fyiqpiyvza] C:\Documents and Settings\kakdh\Application Data\Ebuvhy\tezoliw.exe (JinMirumkan S.O.L.)
O4 - HKCU..\Run: [Geceleyqvaruu] C:\Documents and Settings\kakdh\Application Data\Nyofenq\ylcyiw.exe (nijwwifh nete yzqkgq zopjnaebv qisurhoarg qmrsz)
O4 - HKCU..\Run: [lkjbtbxt] C:\Documents and Settings\kakdh\Local Settings\Application Data\kwpbikxr.exe ()
O4 - HKCU..\Run: [odqhwkgq] C:\Documents and Settings\kakdh\Local Settings\Application Data\qqdesrpq.exe ()
O4 - HKCU..\Run: [Olywovxiisub] C:\Documents and Settings\kakdh\Application Data\Egelux\danokoa.exe (JinMirumkan S.O.L.)
O4 - HKCU..\Run: [Ozxooqbuw] C:\Documents and Settings\kakdh\Application Data\Yhpyse\veofel.exe (JinMirumkan S.O.L.)
O4 - HKCU..\Run: [qocwkucb] C:\Documents and Settings\kakdh\Local Settings\Application Data\ecokaboc.exe ()
O4 - HKCU..\Run: [Siuxhoagbeegly] C:\Documents and Settings\kakdh\Application Data\Naefgy\yryhz.exe (JinMirumkan S.O.L.)
O4 - HKCU..\Run: [ueqvpnuh] C:\Documents and Settings\kakdh\Local Settings\Application Data\muvlcrsr.exe ()
O4 - HKCU..\Run: [Weviyvdepo] C:\Documents and Settings\kakdh\Application Data\Asguhuec\waihle.exe (JinMirumkan S.O.L.)
O4 - HKCU..\Run: [Ybypbe] C:\Documents and Settings\kakdh\Application Data\Opihqo\abbabiu.exe (JinMirumkan S.O.L.)
O4 - HKCU..\Run: [Ytviypy] "C:\Documents and Settings\kakdh\Application Data\Sevael\zodoet.exe" File not found
O4 - Startup: C:\Documents and Settings\kakdh\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Program Files\Handspring\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: asu.edu ([*.sharepoint] * in Local intranet)
O15 - HKLM\..Trusted Domains: asu.edu ([sharepoint] * in Local intranet)
O15 - HKCU\..Trusted Domains: advancedmd.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: advancedmd.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270776591171 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1353174351265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = asurite.ad.asu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C09B598-69C5-447C-AF2F-EB961FB9D01B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36870819-2122-4B94-9A56-FF75243FCC28}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\ckpNotify: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\kakdh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kakdh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/31 16:36:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/16 19:19:36 | 000,000,000 | ---D | M] - F:\AutoCAD -- [ FAT32 ]
O32 - AutoRun File - [2000/02/01 13:39:20 | 000,035,980 | ---- | M] () - F:\Autobiog.rtf -- [ FAT32 ]
O33 - MountPoints2\{045e6739-ad16-11de-acb9-000f1f162171}\Shell\AutoRun\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{045e6739-ad16-11de-acb9-000f1f162171}\Shell\open\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{2f0f0bf6-ed36-11db-aad0-000f1f162171}\Shell\AutoRun\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{2f0f0bf6-ed36-11db-aad0-000f1f162171}\Shell\open\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{4760a5af-4bb4-11de-ac01-000f1f162171}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{4760a5af-4bb4-11de-ac01-000f1f162171}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{4760a5af-4bb4-11de-ac01-000f1f162171}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{b9dbfc6e-4ccf-11e1-9468-000f1f162171}\Shell - "" = AutoRun
O33 - MountPoints2\{b9dbfc6e-4ccf-11e1-9468-000f1f162171}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9dbfc6e-4ccf-11e1-9468-000f1f162171}\Shell\AutoRun\command - "" = E:\videoconvert.exe
O33 - MountPoints2\{ee47f150-dc79-11df-afd8-000f1f162171}\Shell\AutoRun\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{ee47f150-dc79-11df-afd8-000f1f162171}\Shell\open\command - "" = BUBAVII///znaqwerty.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/29 11:50:32 | 000,290,517 | ---- | C] (nijwwifh nete yzqkgq zopjnaebv qisurhoarg qmrsz) -- C:\WINDOWS\System32\xoahilho.exe
[2014/03/29 11:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Nyofenq
[2014/03/29 03:40:14 | 000,302,182 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\otaty.exe
[2014/03/29 03:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Qywoxyol
[2014/03/28 23:41:02 | 000,302,182 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\girixayrug.exe
[2014/03/28 23:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Agublicu
[2014/03/28 19:41:05 | 000,302,182 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\avvyacol.exe
[2014/03/28 19:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Ziakuhe
[2014/03/28 15:44:35 | 000,302,182 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\zimurusa.exe
[2014/03/28 15:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Haufacr
[2014/03/28 11:47:00 | 000,302,182 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\obisi.exe
[2014/03/28 11:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Asguhuec
[2014/03/28 07:49:18 | 000,302,250 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\armuxah.exe
[2014/03/28 07:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Vahyhe
[2014/03/28 03:45:08 | 000,302,250 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\ocgigihe.exe
[2014/03/28 03:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Egelux
[2014/03/28 01:33:03 | 000,302,280 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\ohibihv.exe
[2014/03/28 01:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Ofbyazg
[2014/03/27 19:41:53 | 000,302,280 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\bobiwynege.exe
[2014/03/27 19:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Ahedhe
[2014/03/27 15:47:08 | 000,302,280 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\bietug.exe
[2014/03/27 15:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Paqedaof
[2014/03/27 11:38:50 | 000,302,280 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\udobso.exe
[2014/03/27 11:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Opihqo
[2014/03/27 07:43:49 | 000,302,280 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\vyuvqoqihy.exe
[2014/03/27 07:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Naefgy
[2014/03/27 03:50:45 | 000,304,660 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\asbiqyofm.exe
[2014/03/27 03:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Ebuvhy
[2014/03/26 23:39:11 | 000,302,157 | ---- | C] (JinMirumkan S.O.L.) -- C:\WINDOWS\System32\qiepcyv.exe
[2014/03/26 23:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Yhpyse
[2014/03/26 19:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Kuwoal
[2014/03/26 19:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2014/03/26 19:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Start Menu\Programs\WinDirStat
[2014/03/26 19:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\WhatsRunning
[2014/03/26 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2014/03/26 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2014/03/26 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2014/03/26 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2014/03/26 16:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Okalrak
[2014/03/26 12:04:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/26 11:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Sevael
[2014/03/17 17:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Local Settings\Application Data\IsolatedStorage
[2014/03/17 17:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Local Settings\Application Data\Intuit
[2014/03/17 17:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Intuit
[2014/03/17 17:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2013
[2014/03/17 17:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2014/03/17 17:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2014/03/07 16:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/29 13:37:18 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe
[2014/03/29 13:36:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/29 13:34:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/29 13:34:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/29 13:33:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/29 13:33:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2014/03/29 13:33:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2014/03/29 13:08:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/29 13:01:08 | 000,000,917 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-410 Series Update {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
[2014/03/29 13:01:08 | 000,000,731 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-410 Series Invitation {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
[2014/03/29 13:01:07 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 940684720.job
[2014/03/29 13:01:07 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 4215045626.job
[2014/03/29 13:01:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3582828085.job
[2014/03/29 13:00:59 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3395936529.job
[2014/03/29 13:00:58 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3159990460.job
[2014/03/29 13:00:42 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3068895032.job
[2014/03/29 13:00:40 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 2939595160.job
[2014/03/29 13:00:38 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 2654536800.job
[2014/03/29 13:00:37 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 2646265564.job
[2014/03/29 13:00:34 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 2057864769.job
[2014/03/29 13:00:34 | 000,000,870 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 2469540606.job
[2014/03/29 13:00:26 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 1882285819.job
[2014/03/29 13:00:24 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 1779182087.job
[2014/03/29 13:00:23 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 1212904390.job
[2014/03/29 13:00:15 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 1137301153.job
[2014/03/29 12:28:06 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510UA.job
[2014/03/29 11:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/03/28 21:28:18 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510Core.job
[2014/03/28 20:58:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/03/28 14:48:45 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\qqdesrpq.exe
[2014/03/27 14:27:01 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\muvlcrsr.exe
[2014/03/26 19:40:24 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\kakdh\Desktop\WinDirStat.lnk
[2014/03/26 16:18:08 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\kwpbikxr.exe
[2014/03/26 15:27:05 | 000,342,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/26 12:25:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/25 18:31:08 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\kakdh\jobq.dat
[2014/03/25 17:13:58 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe
[2014/03/25 17:12:47 | 000,012,326 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
[2014/03/25 17:11:46 | 000,068,465 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj
[2014/03/25 17:10:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\kakdh\Application Data\SharedSettings.ccs
[2014/03/25 17:05:06 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ecokaboc.exe
[2014/03/25 14:54:23 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2014/03/21 16:31:08 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\kakdh\My Documents\T-Shirt.sig
[2014/03/19 08:50:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/03/17 20:12:14 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/17 17:17:15 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/03/17 17:09:45 | 000,873,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/17 17:09:45 | 000,238,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/17 14:52:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2014/03/12 11:36:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/12 11:36:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/29 13:37:18 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe
[2014/03/29 11:50:31 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 3395936529.job
[2014/03/29 03:40:01 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 2646265564.job
[2014/03/28 23:40:51 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 1212904390.job
[2014/03/28 19:41:01 | 000,000,872 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 3068895032.job
[2014/03/28 15:44:26 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 2057864769.job
[2014/03/28 14:48:45 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\qqdesrpq.exe
[2014/03/28 11:46:58 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 940684720.job
[2014/03/28 07:49:14 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 4215045626.job
[2014/03/28 03:45:06 | 000,000,872 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 1882285819.job
[2014/03/28 01:32:59 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 3159990460.job
[2014/03/27 19:41:52 | 000,000,872 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 1779182087.job
[2014/03/27 15:47:06 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 2654536800.job
[2014/03/27 14:27:00 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\muvlcrsr.exe
[2014/03/27 11:38:49 | 000,000,872 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 1137301153.job
[2014/03/27 07:43:48 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 3582828085.job
[2014/03/27 03:50:41 | 000,000,872 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 2939595160.job
[2014/03/26 23:39:08 | 000,000,870 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 2469540606.job
[2014/03/26 19:40:24 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\kakdh\Desktop\WinDirStat.lnk
[2014/03/26 16:18:08 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\kwpbikxr.exe
[2014/03/25 17:13:58 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe
[2014/03/25 17:12:47 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
[2014/03/25 17:11:46 | 000,068,465 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj
[2014/03/25 17:10:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kakdh\Application Data\SharedSettings.ccs
[2014/03/25 17:06:34 | 002,388,348 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1864253520-1647712531-16515117-1510-0.dat
[2014/03/25 17:06:22 | 000,365,578 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/03/25 17:05:06 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ecokaboc.exe
[2014/03/20 15:16:42 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\kakdh\My Documents\T-Shirt.sig
[2014/03/17 17:27:11 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/17 17:17:15 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/01/01 00:24:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/14 08:40:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/11/08 14:27:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\XP-410.ini
[2013/09/26 18:07:20 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\xscan32.dat
[2013/05/19 17:18:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\KA.INI
[2010/12/20 20:25:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kakdh\jagex_runescape_preferences2.dat
[2010/12/20 20:23:25 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\kakdh\jagex_runescape_preferences.dat
[2008/03/16 06:28:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/04 10:43:18 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/30 07:30:30 | 000,038,508 | ---- | C] () -- C:\Documents and Settings\kakdh\Application Data\Microsoft Excel.ADR
[2007/11/10 18:53:14 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\kakdh\jobq.dat
[2006/02/08 09:54:59 | 000,002,146 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006/01/31 17:21:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

=== More recent OTL log (2 of 2) ===

OTL logfile created on: 4/2/2014 6:50:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.21 Mb Total Physical Memory | 694.65 Mb Available Physical Memory | 67.89% Memory free
2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 12.50 Gb Free Space | 22.36% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 3.19 Gb Free Space | 42.74% Space Free | Partition Type: FAT32
 
Computer Name: AIS11ZGY41 | User Name: kakdh | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 12:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix\OTL.exe
PRC - [2013/09/26 00:15:27 | 000,281,769 | ---- | M] (qjnci zuqwkhe sril ntgjeuvyqt) -- C:\Documents and Settings\kakdh\Application Data\Soomasat\wiacy.exe
PRC - [2013/09/20 16:30:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/05/27 12:43:36 | 000,282,282 | ---- | M] (diistfzs tmtnk ugsrh ktdxdka) -- C:\Documents and Settings\kakdh\Application Data\Ydtuawu\fedyaw.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/25 12:29:18 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix\rkill.com
PRC - [2013/01/24 01:00:02 | 000,260,160 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATILAE.EXE
PRC - [2012/07/31 11:16:30 | 001,057,920 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012/05/17 00:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2012/05/10 17:27:38 | 000,287,808 | ---- | M] (yoxvgpkqpl lhokho) -- C:\Documents and Settings\kakdh\Application Data\Egpubau\ylgyadg.exe
PRC - [2011/08/12 20:41:33 | 000,284,713 | ---- | M] (zlma) -- C:\Documents and Settings\kakdh\Application Data\Lioqukov\ywacyxr.exe
PRC - [2009/10/09 09:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 17:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/05/22 12:42:36 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\Handspring\HOTSYNC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/26 15:35:39 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/03/26 12:29:04 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/03/26 12:28:51 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\kakdh\LOCALS~1\Temp\019529~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0195291294167578mcinstcleanup)
SRV - [2014/03/12 11:36:48 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/20 08:40:02 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/20 16:30:00 | 000,577,088 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/05/17 00:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2009/11/06 08:48:43 | 000,282,303 | ---- | M] (kyuht) [Auto | Stopped] -- C:\WINDOWS\system32\asduuxwyom.exe -- (SecurityCenterServer3525658166)
SRV - [2009/10/09 09:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/03/07 14:38:59 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/11 17:06:30 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011/05/16 19:01:00 | 000,162,544 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/05/16 19:01:00 | 000,122,224 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/05/16 19:01:00 | 000,111,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/05/16 19:01:00 | 000,044,720 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2009/10/09 08:50:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/12/16 23:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/16 23:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/16 23:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 23:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/10/12 23:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2003/09/26 09:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {57281A5A-CF74-4F0F-A854-E29F449E03A9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{57281A5A-CF74-4F0F-A854-E29F449E03A9}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mail.google.com/mail/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\kakdh\Local Settings\Application Data\RobloxVersions\version-27973050fb3b494f\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\kakdh\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/20 08:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/20 08:39:48 | 000,000,000 | ---D | M]
 
[2009/05/01 11:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kakdh\Application Data\Mozilla\Extensions
[2014/03/22 07:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default\extensions
[2013/11/19 14:00:10 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2014/02/20 08:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/20 08:40:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/09 06:13:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/15 13:00:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
O1 HOSTS File: ([2009/10/15 05:41:54 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Agevbaywinlyk] "C:\Documents and Settings\kakdh\Application Data\Okalrak\uffilau.exe" File not found
O4 - HKLM..\Run: [Apgeewe] C:\Documents and Settings\kakdh\Application Data\Hypoufby\qizyav.exe (yoxvgpkqpl lhokho)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [Azyrweigqyzuilg] C:\Documents and Settings\kakdh\Application Data\Iqottaf\bexyra.exe (zlma)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Ezenabzoviyrewd] C:\Documents and Settings\kakdh\Application Data\Unlifaev\xaokwe.exe (diistfzs tmtnk ugsrh ktdxdka)
O4 - HKLM..\Run: [Fyiqpiyvza] "C:\Documents and Settings\kakdh\Application Data\Ebuvhy\tezoliw.exe" File not found
O4 - HKLM..\Run: [Hihyegvuylunaq] "C:\Documents and Settings\kakdh\Application Data\Ofbyazg\urizhom.exe" File not found
O4 - HKLM..\Run: [Huurur] "C:\Documents and Settings\kakdh\Application Data\Kuwoal\etehyw.exe" File not found
O4 - HKLM..\Run: [Ihyfkotowuwaal] "C:\Documents and Settings\kakdh\Application Data\Qywoxyol\egdeqa.exe" File not found
O4 - HKLM..\Run: [Ikuztidomuadybw] "C:\Documents and Settings\kakdh\Application Data\Ahedhe\mynousi.exe" File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Myozysfuylywpu] C:\Documents and Settings\kakdh\Application Data\Zaokvuib\xehek.exe (diistfzs tmtnk ugsrh ktdxdka)
O4 - HKLM..\Run: [Nueknyegvuypytl] "C:\Documents and Settings\kakdh\Application Data\Paqedaof\arhookp.exe" File not found
O4 - HKLM..\Run: [Ofyhihi] "C:\Documents and Settings\kakdh\Application Data\Agublicu\amsyfa.exe" File not found
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Oxasryruar] C:\Documents and Settings\kakdh\Application Data\Ercuir\zogih.exe (kyuht)
O4 - HKLM..\Run: [Souhiqryqikeor] C:\Documents and Settings\kakdh\Application Data\Ydtuawu\fedyaw.exe (diistfzs tmtnk ugsrh ktdxdka)
O4 - HKLM..\Run: [Upkeu] "C:\Documents and Settings\kakdh\Application Data\Haufacr\pagaol.exe" File not found
O4 - HKLM..\Run: [Vuhoze] C:\Documents and Settings\kakdh\Application Data\Ytgyqal\ewxeah.exe (zlma)
O4 - HKLM..\Run: [Weeltitaed] C:\Documents and Settings\kakdh\Application Data\Lioqukov\ywacyxr.exe (zlma)
O4 - HKLM..\Run: [Wyomeweze] C:\Documents and Settings\kakdh\Application Data\Egpubau\ylgyadg.exe (yoxvgpkqpl lhokho)
O4 - HKLM..\Run: [Ybypbe] "C:\Documents and Settings\kakdh\Application Data\Opihqo\abbabiu.exe" File not found
O4 - HKLM..\Run: [Yhgon] "C:\Documents and Settings\kakdh\Application Data\Ziakuhe\oqihc.exe" File not found
O4 - HKLM..\Run: [Ytfyzipera] "C:\Documents and Settings\kakdh\Application Data\Vahyhe\ovsuf.exe" File not found
O4 - HKLM..\Run: [Ytviypy] "C:\Documents and Settings\kakdh\Application Data\Sevael\zodoet.exe" File not found
O4 - HKLM..\Run: [Yzywxoyvimbuni] C:\Documents and Settings\kakdh\Application Data\Soomasat\wiacy.exe (qjnci zuqwkhe sril ntgjeuvyqt)
O4 - HKCU..\Run: [Agevbaywinlyk] "C:\Documents and Settings\kakdh\Application Data\Okalrak\uffilau.exe" File not found
O4 - HKCU..\Run: [Apgeewe] C:\Documents and Settings\kakdh\Application Data\Hypoufby\qizyav.exe (yoxvgpkqpl lhokho)
O4 - HKCU..\Run: [Azyrweigqyzuilg] C:\Documents and Settings\kakdh\Application Data\Iqottaf\bexyra.exe (zlma)
O4 - HKCU..\Run: [dmnkptqb] C:\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe ()
O4 - HKCU..\Run: [eegkfjcl] C:\Documents and Settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe ()
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Ezenabzoviyrewd] C:\Documents and Settings\kakdh\Application Data\Unlifaev\xaokwe.exe (diistfzs tmtnk ugsrh ktdxdka)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\kakdh\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Fyiqpiyvza] "C:\Documents and Settings\kakdh\Application Data\Ebuvhy\tezoliw.exe" File not found
O4 - HKCU..\Run: [grvluutr] C:\Documents and Settings\kakdh\Local Settings\Application Data\gfnmjasv.exe ()
O4 - HKCU..\Run: [krhfxrjj] C:\Documents and Settings\kakdh\Local Settings\Application Data\mppkbvon.exe ()
O4 - HKCU..\Run: [lkjbtbxt] C:\Documents and Settings\kakdh\Local Settings\Application Data\kwpbikxr.exe ()
O4 - HKCU..\Run: [odqhwkgq] C:\Documents and Settings\kakdh\Local Settings\Application Data\qqdesrpq.exe ()
O4 - HKCU..\Run: [qocwkucb] C:\Documents and Settings\kakdh\Local Settings\Application Data\ecokaboc.exe ()
O4 - HKCU..\Run: [Souhiqryqikeor] C:\Documents and Settings\kakdh\Application Data\Ydtuawu\fedyaw.exe (diistfzs tmtnk ugsrh ktdxdka)
O4 - HKCU..\Run: [tvcqvjws] C:\Documents and Settings\kakdh\Local Settings\Application Data\nmcjfnuf.exe ()
O4 - HKCU..\Run: [ucklrrnp] C:\Documents and Settings\kakdh\Local Settings\Application Data\iremshnq.exe ()
O4 - HKCU..\Run: [ueqvpnuh] C:\Documents and Settings\kakdh\Local Settings\Application Data\muvlcrsr.exe ()
O4 - HKCU..\Run: [umfantfu] C:\Documents and Settings\kakdh\Local Settings\Application Data\vkknekdd.exe ()
O4 - HKCU..\Run: [Vuhoze] C:\Documents and Settings\kakdh\Application Data\Ytgyqal\ewxeah.exe (zlma)
O4 - HKCU..\Run: [Weeltitaed] C:\Documents and Settings\kakdh\Application Data\Lioqukov\ywacyxr.exe (zlma)
O4 - HKCU..\Run: [Wyomeweze] C:\Documents and Settings\kakdh\Application Data\Egpubau\ylgyadg.exe (yoxvgpkqpl lhokho)
O4 - HKCU..\Run: [Ybypbe] "C:\Documents and Settings\kakdh\Application Data\Opihqo\abbabiu.exe" File not found
O4 - HKCU..\Run: [Ytviypy] "C:\Documents and Settings\kakdh\Application Data\Sevael\zodoet.exe" File not found
O4 - HKCU..\Run: [Yzywxoyvimbuni] C:\Documents and Settings\kakdh\Application Data\Soomasat\wiacy.exe (qjnci zuqwkhe sril ntgjeuvyqt)
O4 - Startup: C:\Documents and Settings\kakdh\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Program Files\Handspring\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: asu.edu ([*.sharepoint] * in Local intranet)
O15 - HKLM\..Trusted Domains: asu.edu ([sharepoint] * in Local intranet)
O15 - HKCU\..Trusted Domains: advancedmd.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: advancedmd.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270776591171 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1353174351265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = asurite.ad.asu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C09B598-69C5-447C-AF2F-EB961FB9D01B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36870819-2122-4B94-9A56-FF75243FCC28}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\ckpNotify: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\kakdh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kakdh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/31 16:36:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/16 19:19:36 | 000,000,000 | ---D | M] - F:\AutoCAD -- [ FAT32 ]
O32 - AutoRun File - [2000/02/01 13:39:20 | 000,035,980 | ---- | M] () - F:\Autobiog.rtf -- [ FAT32 ]
O33 - MountPoints2\{045e6739-ad16-11de-acb9-000f1f162171}\Shell\AutoRun\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{045e6739-ad16-11de-acb9-000f1f162171}\Shell\open\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{2f0f0bf6-ed36-11db-aad0-000f1f162171}\Shell\AutoRun\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{2f0f0bf6-ed36-11db-aad0-000f1f162171}\Shell\open\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{4760a5af-4bb4-11de-ac01-000f1f162171}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{4760a5af-4bb4-11de-ac01-000f1f162171}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{4760a5af-4bb4-11de-ac01-000f1f162171}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{b9dbfc6e-4ccf-11e1-9468-000f1f162171}\Shell - "" = AutoRun
O33 - MountPoints2\{b9dbfc6e-4ccf-11e1-9468-000f1f162171}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9dbfc6e-4ccf-11e1-9468-000f1f162171}\Shell\AutoRun\command - "" = E:\videoconvert.exe
O33 - MountPoints2\{ee47f150-dc79-11df-afd8-000f1f162171}\Shell\AutoRun\command - "" = BUBAVII///znaqwerty.exe
O33 - MountPoints2\{ee47f150-dc79-11df-afd8-000f1f162171}\Shell\open\command - "" = BUBAVII///znaqwerty.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/02 17:52:41 | 000,282,303 | ---- | C] (kyuht) -- C:\WINDOWS\System32\asduuxwyom.exe
[2014/04/02 17:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Ercuir
[2014/04/02 03:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Soomasat
[2014/04/01 23:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Zaokvuib
[2014/04/01 19:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Unlifaev
[2014/04/01 15:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Ydtuawu
[2014/04/01 13:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Wadoabx
[2014/04/01 07:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Vesole
[2014/04/01 05:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Lioqukov
[2014/03/31 19:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Ytgyqal
[2014/03/31 15:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Iqottaf
[2014/03/31 11:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Hypoufby
[2014/03/31 07:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Egpubau
[2014/03/30 11:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Leuskoe
[2014/03/30 03:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Agylku
[2014/03/29 23:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Ceiweh
[2014/03/29 19:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Pawaamf
[2014/03/29 18:42:03 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/29 17:49:02 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/03/29 16:45:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/29 15:47:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/03/29 15:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Kusaeb
[2014/03/29 14:55:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/29 14:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Yhpyse
[2014/03/29 14:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Nyofenq
[2014/03/29 14:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Naefgy
[2014/03/29 14:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Egelux
[2014/03/29 14:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Asguhuec
[2014/03/26 19:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2014/03/26 19:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Start Menu\Programs\WinDirStat
[2014/03/26 19:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\WhatsRunning
[2014/03/26 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2014/03/26 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2014/03/26 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2014/03/26 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2014/03/26 12:04:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/17 17:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Local Settings\Application Data\IsolatedStorage
[2014/03/17 17:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Local Settings\Application Data\Intuit
[2014/03/17 17:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kakdh\Application Data\Intuit
[2014/03/17 17:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2013
[2014/03/17 17:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2014/03/17 17:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2014/03/07 16:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/02 19:06:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/02 19:02:41 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3525658166.job
[2014/04/02 19:02:29 | 000,000,731 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-410 Series Invitation {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
[2014/04/02 19:02:25 | 000,000,917 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-410 Series Update {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
[2014/04/02 18:36:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/02 18:28:31 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510UA.job
[2014/04/02 17:54:27 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\gfnmjasv.exe
[2014/04/02 17:52:35 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\iremshnq.exe
[2014/04/02 17:42:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/02 17:42:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/02 17:41:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/02 03:06:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/02 00:22:36 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/04/01 21:28:03 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510Core.job
[2014/04/01 14:39:24 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\nmcjfnuf.exe
[2014/04/01 13:10:59 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/01 13:01:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2014/04/01 13:01:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2014/03/31 13:52:42 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\mppkbvon.exe
[2014/03/30 13:46:09 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\vkknekdd.exe
[2014/03/29 13:37:18 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe
[2014/03/29 11:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/03/28 14:48:45 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\qqdesrpq.exe
[2014/03/27 14:27:01 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\muvlcrsr.exe
[2014/03/26 19:40:24 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\kakdh\Desktop\WinDirStat.lnk
[2014/03/26 16:18:08 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\kwpbikxr.exe
[2014/03/26 15:27:05 | 000,342,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/26 12:25:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/25 18:31:08 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\kakdh\jobq.dat
[2014/03/25 17:13:58 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe
[2014/03/25 17:12:47 | 000,012,326 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
[2014/03/25 17:11:46 | 000,068,465 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj
[2014/03/25 17:10:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\kakdh\Application Data\SharedSettings.ccs
[2014/03/25 17:05:06 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ecokaboc.exe
[2014/03/25 14:54:23 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2014/03/21 16:31:08 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\kakdh\My Documents\T-Shirt.sig
[2014/03/19 08:50:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/03/17 20:12:14 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/17 17:17:15 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/03/17 17:09:45 | 000,873,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/17 17:09:45 | 000,238,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/17 14:52:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/02 17:54:27 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\gfnmjasv.exe
[2014/04/02 17:52:40 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Security Center Update - 3525658166.job
[2014/04/02 17:52:35 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\iremshnq.exe
[2014/04/01 14:39:24 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\nmcjfnuf.exe
[2014/03/31 13:52:42 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\mppkbvon.exe
[2014/03/30 13:46:09 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\vkknekdd.exe
[2014/03/29 13:37:18 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe
[2014/03/28 14:48:45 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\qqdesrpq.exe
[2014/03/27 14:27:00 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\muvlcrsr.exe
[2014/03/26 19:40:24 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\kakdh\Desktop\WinDirStat.lnk
[2014/03/26 16:18:08 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\kwpbikxr.exe
[2014/03/25 17:13:58 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe
[2014/03/25 17:12:47 | 000,012,326 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
[2014/03/25 17:11:46 | 000,068,465 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj
[2014/03/25 17:10:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kakdh\Application Data\SharedSettings.ccs
[2014/03/25 17:06:34 | 002,388,348 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1864253520-1647712531-16515117-1510-0.dat
[2014/03/25 17:06:22 | 000,365,578 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/03/25 17:05:06 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\ecokaboc.exe
[2014/03/20 15:16:42 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\kakdh\My Documents\T-Shirt.sig
[2014/03/17 17:27:11 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/17 17:17:15 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/01/01 00:24:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/14 08:40:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/11/08 14:27:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\XP-410.ini
[2013/09/26 18:07:20 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\xscan32.dat
[2013/05/19 17:18:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\KA.INI
[2010/12/20 20:25:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kakdh\jagex_runescape_preferences2.dat
[2010/12/20 20:23:25 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\kakdh\jagex_runescape_preferences.dat
[2008/03/16 06:28:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/04 10:43:18 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\kakdh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/30 07:30:30 | 000,038,508 | ---- | C] () -- C:\Documents and Settings\kakdh\Application Data\Microsoft Excel.ADR
[2007/11/10 18:53:14 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\kakdh\jobq.dat
[2006/02/08 09:54:59 | 000,002,146 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006/01/31 17:21:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/12/25 10:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/03 17:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bOfCd01522
[2007/08/31 11:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2007/08/31 10:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/10/15 10:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2013/03/11 17:05:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/11/08 14:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/02/03 10:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hummingbird
[2010/12/25 10:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2009/03/09 10:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/06/26 08:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/06/26 08:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/09/01 15:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/28 05:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2009/03/11 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/11/24 21:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/28 05:24:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2009/04/12 12:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2014/03/30 17:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Agylku
[2014/03/30 07:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Asguhuec
[2013/07/18 13:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Canon
[2014/03/30 17:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Ceiweh
[2011/04/06 20:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Cisco
[2012/01/06 11:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Dropbox
[2014/03/30 07:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Egelux
[2014/03/31 07:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Egpubau
[2006/02/08 11:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Embarcadero
[2013/11/12 11:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Epson
[2014/04/02 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Ercuir
[2013/03/11 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Garmin
[2014/03/31 11:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Hypoufby
[2014/03/31 15:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Iqottaf
[2014/03/30 07:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Kusaeb
[2009/01/27 18:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Leadertech
[2014/03/31 09:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Leuskoe
[2014/04/01 05:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Lioqukov
[2014/03/30 07:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Naefgy
[2007/09/01 15:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\NewSoft
[2014/03/30 05:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Nyofenq
[2012/09/18 11:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\OverDrive
[2014/03/30 17:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Pawaamf
[2007/09/01 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\ScanSoft
[2014/04/02 03:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Soomasat
[2011/04/21 10:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\SSH
[2012/09/28 08:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Transparent
[2013/05/19 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Unity
[2014/04/01 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Unlifaev
[2014/04/02 06:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Vesole
[2014/04/02 19:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Vicywa
[2014/04/02 06:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Wadoabx
[2014/04/01 15:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Ydtuawu
[2014/03/30 07:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Yhpyse
[2014/03/31 19:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Ytgyqal
[2014/04/01 23:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kakdh\Application Data\Zaokvuib
 
========== Purity Check ==========
 
 

< End of report >
 


Edited by hawstom, 02 April 2014 - 07:57 PM.

  • 0

Advertisements

#2
Valinorum
Posted 02 April 2014 - 10:02 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Post the logs from Adwcleaner, JRT and MBAM. Also OTL creates an Extras.txt file in the same directory of the OTL.exe. Post the log as well.


  • 0

#3
hawstom
Posted 03 April 2014 - 10:25 AM

hawstom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you! A new development is that after running for a while with Firefox open, the malware (wiacy.exe and company) finally delivered a payload of three full-screen browser-like windows with text like "Hot Search" that I failed to catch a screen-shot of before I closed with Alt+F4.  Strangely enough, once those payloads were delivered, wiacy.exe and company stopped appearing in Task Manager and all was quiet there for a while until a new random process qypqas.exe began to proliferate.  I know this because I am forced to vigilantly end these processes to keep the computer from bogging down.

 

OTL did not create an extras.txt.  I am pasting below the other logs requested as well as the MBAR system.log

 

I am separating each log as follows:

 

< End of report >

< Begin abc.xyz >

 

Without further ado:

 

< Begin AdwCleaner[S2].txt >

 

# AdwCleaner v2.115 - Logfile created 03/25/2013 at 13:08:55
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : kakdh - AIS11ZGY41
# Boot Mode : Normal
# Running from : C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\kakdh\Local Settings\Application Data\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\kqyozh3r.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default\prefs.js

Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_i[...]
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{2AFFB961-98B2-16E9-8576-9A41AE66D4D7}");
Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9333");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "25");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "2");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "25");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "7");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "3");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1364241346915");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "25-03-2013");
Deleted : user_pref("aol_toolbar.search.instd", "20130325111149570");
Deleted : user_pref("aol_toolbar.search.oid", "25-03-2013");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "1");
Deleted : user_pref("aol_toolbar.surf.lastDate", "25");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "2");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "1");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "1");
Deleted : user_pref("aol_toolbar.surf.week", "1");
Deleted : user_pref("aol_toolbar.surf.year", "1");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "3");
Deleted : user_pref("aol_toolbar.weather.degf", "37");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/7.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Wintry Mix");
Deleted : user_pref("aol_toolbar.weather.update", "1364241346985");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adk[...]

*************************

AdwCleaner[S1].txt - [12002 octets] - [25/03/2013 12:38:54]
AdwCleaner[S2].txt - [4953 octets] - [25/03/2013 13:08:55]

########## EOF - C:\AdwCleaner[S2].txt - [5013 octets] ##########
 

 

< End of report >

< Begin jrt.txt>

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by kakdh on Thu 04/03/2014 at  7:56:06.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\kakdh\Application Data\mozilla\firefox\profiles\sniywqtc.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/03/2014 at  8:10:08.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

< End of report >

< Begin mbam-log-2014-04-03 (08-41-35).txt >

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.26.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
kakdh :: AIS11ZGY41 [administrator]

4/3/2014 8:41:35 AM
mbam-log-2014-04-03 (08-41-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315132
Time elapsed: 54 minute(s), 23 second(s)

Memory Processes Detected: 2
C:\WINDOWS\system32\lyviefwyq.exe (Heuristics.Shuriken) -> 1764 -> Delete on reboot.
C:\Documents and Settings\kakdh\Application Data\Soomasat\wiacy.exe (Heuristics.Shuriken) -> 5840 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1841861570 (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3525658166 (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yzywxoyvimbuni (Heuristics.Shuriken) -> Data: "C:\Documents and Settings\kakdh\Application Data\Soomasat\wiacy.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yzywxoyvimbuni (Heuristics.Shuriken) -> Data: "C:\Documents and Settings\kakdh\Application Data\Soomasat\wiacy.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Oxasryruar (Heuristics.Shuriken) -> Data: "C:\Documents and Settings\kakdh\Application Data\Ercuir\zogih.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Xybuwyz (Heuristics.Shuriken) -> Data: "C:\Documents and Settings\kakdh\Application Data\Vicywa\qibeuz.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\WINDOWS\system32\lyviefwyq.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\Documents and Settings\kakdh\Application Data\Soomasat\wiacy.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\Documents and Settings\kakdh\Application Data\Ercuir\zogih.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Documents and Settings\kakdh\Application Data\Vicywa\qibeuz.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asduuxwyom.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_01f72baf.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_5327531f.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_c7e3f8ae.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_f05afeee.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1841861570.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3525658166.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

(end)
 

< End of report >

< Begin MBAR system.log >

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 1072910336, free: 749936640

Downloaded database version: v2014.03.29.08
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 1072910336, free: 550502400

=======================================
Initializing...
------------ Kernel report ------------
     03/29/2014 19:02:00
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\stac97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\BCMSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff87134308
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xffffffff87160c10
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8730aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff873b6d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8730aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87366b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8730aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff873b6d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff87134308, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87128750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87134308, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87160c10, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\WINDOWS\system32\idipmonu.exe --> [Heuristics.Shuriken]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2006236093 --> [Heuristics.Shuriken]
Infected: C:\WINDOWS\system32\idipmonu.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Egelux\danokoa.exe --> [Trojan.Zbot.FBD]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Olywovxiisub --> [Trojan.Zbot.FBD]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Olywovxiisub --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Application Data\Egelux\danokoa.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Application Data\Kusaeb\ytecw.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yhuxol --> [Heuristics.Shuriken]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yhuxol --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Kusaeb\ytecw.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Kusaeb\ytecw.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Kusaeb\ytecw.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Kusaeb\ytecw.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Yhpyse\veofel.exe --> [Trojan.Zbot.FBD]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ozxooqbuw --> [Trojan.Zbot.FBD]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ozxooqbuw --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Application Data\Yhpyse\veofel.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Application Data\Naefgy\yryhz.exe --> [Trojan.Zbot.FBD]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Siuxhoagbeegly --> [Trojan.Zbot.FBD]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Siuxhoagbeegly --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Application Data\Naefgy\yryhz.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Application Data\Asguhuec\waihle.exe --> [Trojan.Zbot.FBD]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Weviyvdepo --> [Trojan.Zbot.FBD]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Weviyvdepo --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Application Data\Asguhuec\waihle.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Application Data\Nyofenq\ylcyiw.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Geceleyqvaruu --> [Heuristics.Shuriken]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Geceleyqvaruu --> [Heuristics.Shuriken]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc148.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc149.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc150.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc151.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc152.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc154.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc155.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc156.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc157.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc158.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc159.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc161.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc162.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc153.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc131\egdeqa.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc132\amsyfa.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc133\oqihc.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc135\waihle.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc136\ovsuf.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc137\danokoa.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc138\urizhom.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc139\mynousi.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc140\arhookp.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc141\abbabiu.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc142\yryhz.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc146\tezoliw.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc147\veofel.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc163\yryhz.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc164\arhookp.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc165\abbabiu.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc166\yryhz.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc167\veofel.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc168\waihle.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc170\danokoa.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc172\veofel.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc173\veofel.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc175\waihle.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc176\danokoa.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc177\yryhz.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc178\veofel.exe --> [Trojan.Zbot.FBD]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc134\pagaol.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_007d4a2b.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_0d36d2a4.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_1c8c7ae0.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_1f623e38.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_20d118b0.exe --> [Spyware.Zbot.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_21d1640f.exe --> [Trojan.Inject.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_2264ff10.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_23d6285e.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_3aa0bf43.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_3c4d17b0.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_3d3fadf4.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_48e85fa1.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_4a3c6098.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_4e04ce32.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_54014769.exe --> [Trojan.Inject.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_5c4fdd42.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_603581af.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_663ad40b.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_6f32b3a4.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_794e8b77.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_96054620.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_9a9d3ff9.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_a0396366.exe --> [Spyware.Zbot.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_a8154450.exe --> [Spyware.Zbot.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_af733003.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_c5cafdb7.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_cc60daaf.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_db3ceb83.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_e062af59.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_e6deeb61.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_ecaf1fc9.exe --> [Spyware.Zbot.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_f4f60be3.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_f5d77889.exe --> [Trojan.Zbot.FBD]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_638579fc.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_081f1089.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_f33159a4.exe --> [Spyware.Zbot.ED]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1137301153.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1210720672.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1212904390.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1601732548.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1779182087.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1882285819.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 2006236093.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 2057864769.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 2469540606.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 2646265564.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 2654536800.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 2939595160.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3068895032.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3159990460.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3395936529.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3582828085.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 4215045626.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 940684720.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1137301153 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1210720672 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\orzyowhae.exe --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1212904390 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1601732548 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\mibivaalc.exe --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1779182087 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1882285819 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2057864769 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2469540606 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2646265564 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2654536800 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2939595160 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3068895032 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3159990460 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3395936529 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3582828085 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer4215045626 --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer940684720 --> [Trojan.Agent.SCS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 1072910336, free: 587128832

Initializing...
======================
------------ Kernel report ------------
     03/30/2014 07:19:02
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\stac97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\BCMSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\splitter.sys
\SystemRoot\system32\drivers\aec.sys
\SystemRoot\system32\drivers\swmidi.sys
\SystemRoot\system32\drivers\DMusic.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\drivers\drmkaud.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff871a1030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff87111da8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87347ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff87352b00
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87347ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8734d930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87347ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87352b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff871a1030, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87220750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff871a1030, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87111da8, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\WINDOWS\system32\ytcekesay.exe --> [Heuristics.Shuriken]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer903782203 --> [Heuristics.Shuriken]
Infected: C:\WINDOWS\system32\ytcekesay.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Pawaamf\guruf.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Emademgezehoo --> [Heuristics.Shuriken]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Emademgezehoo --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Pawaamf\guruf.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Ceiweh\ancyu.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Zididuteazqau --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Agylku\humyt.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Baihuzhaovfo --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_2f72e5ca.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_e8e8c5c6.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Application Data\eisfsscu.exe --> [Spyware.Zbot.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_589e4515.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_f64fd5a3.exe --> [Heuristics.Shuriken]
Infected: C:\WINDOWS\Tasks\Security Center Update - 2023705959.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 903782203.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2023705959 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\ziuhuglio.exe --> [Trojan.Agent.SCS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 1072910336, free: 572854272

Initializing...
======================
------------ Kernel report ------------
     03/31/2014 06:06:17
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\stac97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\BCMSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\splitter.sys
\SystemRoot\system32\drivers\aec.sys
\SystemRoot\system32\drivers\swmidi.sys
\SystemRoot\system32\drivers\DMusic.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\drivers\drmkaud.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff86d75ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff87137ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8736eab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff873b3d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8736eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8736fb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8736eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff873b3d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86d75ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d68020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86d75ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87137ea0, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Documents and Settings\kakdh\Application Data\Leuskoe\deybax.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Uqadidepebqauwp --> [Heuristics.Shuriken]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Uqadidepebqauwp --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Leuskoe\deybax.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Application Data\vvwwckgm.exe --> [Spyware.Zbot.ED]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3214236338.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3214236338 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\deozuc.exe --> [Trojan.Agent.SCS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.191000 GHz
Memory total: 1072910336, free: 451309568

Initializing...
======================
------------ Kernel report ------------
     03/31/2014 09:13:24
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\stac97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\BCMSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\splitter.sys
\SystemRoot\system32\drivers\aec.sys
\SystemRoot\system32\drivers\swmidi.sys
\SystemRoot\system32\drivers\DMusic.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\drivers\drmkaud.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff872304f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff87190678
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8730bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8730eb00
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8730bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87374930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8730bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8730eb00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff872304f0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86dbab50, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff872304f0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87190678, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\WINDOWS\Tasks\Security Center Update - 806279531.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer806279531 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\ixapydaze.exe --> [Trojan.Agent.SCS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.191000 GHz
Memory total: 1072910336, free: 628334592

=======================================
Initializing...
------------ Kernel report ------------
     03/31/2014 15:33:46
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\stac97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\BCMSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff870e54f8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff870ec8e0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87347ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff87352d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87347ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87348b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87347ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87352d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff870e54f8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff871266b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff870e54f8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870ec8e0, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\WINDOWS\Tasks\Security Center Update - 2216742549.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 935923858.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2216742549 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\atfeduxei.exe --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer935923858 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\upawrygi.exe --> [Trojan.Agent.SCS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 1072910336, free: 334397440

Downloaded database version: v2014.03.30.01
Downloaded database version: v2014.03.30.02
Downloaded database version: v2014.03.30.03
Downloaded database version: v2014.03.30.04
Downloaded database version: v2014.03.30.05
Downloaded database version: v2014.03.30.06
Downloaded database version: v2014.03.30.07
Downloaded database version: v2014.03.31.01
Downloaded database version: v2014.03.31.02
Downloaded database version: v2014.03.31.03
Downloaded database version: v2014.03.31.04
Downloaded database version: v2014.03.31.05
Downloaded database version: v2014.03.31.06
Downloaded database version: v2014.03.31.07
Downloaded database version: v2014.03.31.08
Downloaded database version: v2014.03.31.09
Downloaded database version: v2014.03.31.10
Downloaded database version: v2014.04.01.01
Downloaded database version: v2014.04.01.02
Initializing...
=======================================
------------ Kernel report ------------
     04/01/2014 06:00:14
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\stac97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\BCMSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff872471a8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff870daea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87347ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff87352b00
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87347ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8734d930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87347ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87352b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff872471a8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff873521c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff872471a8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870daea0, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc160.exe --> [Trojan.Zbot.NKN]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc130\ylcyiw.exe --> [Trojan.Zbot.NKN]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc169\ylcyiw.exe --> [Trojan.Zbot.NKN]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc171\ylcyiw.exe --> [Trojan.Zbot.NKN]
Infected: C:\RECYCLER\S-1-5-21-1864253520-1647712531-16515117-1510\Dc174\ylcyiw.exe --> [Trojan.Zbot.NKN]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_3308ef05.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_504019fd.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_51befe98.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_705dbf42.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_b3f59574.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_b545f277.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_e7994400.exe --> [Heuristics.Shuriken]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1455749859.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3329455195.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1455749859 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\asmyfu.exe --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\asmyfu.exe --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3329455195 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\duetn.exe --> [Trojan.Agent.SCS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 1072910336, free: 517550080

=======================================
Initializing...
------------ Kernel report ------------
     04/01/2014 13:13:28
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\stac97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\BCMSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\splitter.sys
\SystemRoot\system32\drivers\aec.sys
\SystemRoot\system32\drivers\swmidi.sys
\SystemRoot\system32\drivers\DMusic.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\drivers\drmkaud.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff870742b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff870202c8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87347ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff87352d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87347ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87348b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87347ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87352d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff870742b8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ff2020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff870742b8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870202c8, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Documents and Settings\kakdh\Application Data\Vesole\arumqay.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ulupaqlucycywy --> [Heuristics.Shuriken]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ulupaqlucycywy --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Vesole\arumqay.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Vesole\arumqay.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Vesole\arumqay.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Vesole\arumqay.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Vesole\arumqay.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Vesole\arumqay.exe --> [Heuristics.Shuriken]
Infected: C:\WINDOWS\system32\obsesa.exe --> [Heuristics.Shuriken]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3244234886 --> [Heuristics.Shuriken]
Infected: C:\WINDOWS\system32\obsesa.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Application Data\Wadoabx\esnoi.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Syyxagaqgipaavn --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_439b56d2.exe --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_b9981ee6.exe --> [Trojan.Agent.ED]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_6c64f282.exe --> [Trojan.Agent.ED]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1934884375.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3244234886.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1934884375 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\mezacyfeky.exe --> [Trojan.Agent.SCS]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 1072910336, free: 182743040

=======================================
Initializing...
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff870742b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff870202c8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87347ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff87352d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff870742b8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ff2020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff870742b8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870202c8, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Documents and Settings\kakdh\Application Data\Wadoabx\esnoi.exe --> [Heuristics.Shuriken]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Syyxagaqgipaavn --> [Heuristics.Shuriken]
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_e5be692c.exe --> [Trojan.Agent.ED]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1973782120.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1973782120 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\qyatow.exe --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\qyatow.exe --> [Trojan.Agent.SCS]
Scan finished
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_17

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 1072910336, free: 600031232

=======================================
Initializing...
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff870742b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xffffffff870202c8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87347ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff87352d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 117194112
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff870742b8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ff2020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff870742b8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870202c8, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Documents and Settings\kakdh\Local Settings\Temp\UpdateFlashPlayer_d5520f66.exe --> [Trojan.Agent.ED]
Infected: C:\WINDOWS\Tasks\Security Center Update - 1271887205.job --> [Trojan.Agent.RvGen]
Infected: C:\WINDOWS\Tasks\Security Center Update - 3301299386.job --> [Trojan.Agent.RvGen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1271887205 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\vuaps.exe --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\vuaps.exe --> [Trojan.Agent.SCS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3301299386 --> [Trojan.Agent.SCS]
Infected: C:\WINDOWS\system32\royzqupeu.exe --> [Trojan.Agent.SCS]
Scan finished
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================


< End of report >


  • 0

#4
Valinorum
Posted 05 April 2014 - 09:01 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi hawstom, :)

One or more of the identified infections is a rootkit.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the rootkit has been identified and can be killed, because of how it exploits your system, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this rootkit, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

In addition, we have detected a version of Windows XP in your system. Please note that Microsoft will terminate their support of XP by this time. It is recommended that you upgrade yourself(whether you choose to perform a fresh installation of OS or continue a fix) to Windows Vista or above else making yourself vulnerable against malware attacks since no Microsoft support or patch for XP will be released.

 

If you wish to continue please proceed with the fix --

 
  • Step #1
    • Download Combofix to your Desktop from any of the following location
      Link #1
      Link #2
    • Disable your Anivirus and Anti-spyware programs. If you face problem, refer to this thread here.
    • Right click and choose Run as Administrator. Make sure all other windows are closed;
    • If your PC has no recovary console installed, Combofix will download and install it so make sure you are connected to the internet;
    • After the scan a log will be produced. Copy and paste the content of the log in your next reply.
      • There are about fifty steps of the scan so it may take some time for the scan to finish. Please wait for it. Do not mouse-click Combofix window or it may stale.
 
  • Required Log(s):
    • Combofix Log
Regards,
Valinorum
  • 0

#5
hawstom
Posted 05 April 2014 - 03:02 PM

hawstom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Let's try to clean it, and my parents can decide what to do.

 

< Begin ComboFix log >

 

ComboFix 14-04-05.01 - kakdh 04/05/2014  14:03:51.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.527 [GMT -7:00]
Running from: c:\documents and settings\kakdh\Desktop\Tom's Malware Fix\ComboFix.exe
FW: Kerio Personal Firewall *Disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\kakdh\Application Data\Egpubau\ylgyadg.exe
c:\documents and settings\kakdh\Application Data\Hypoufby\qizyav.exe
c:\documents and settings\kakdh\Application Data\Iqottaf\bexyra.exe
c:\documents and settings\kakdh\Application Data\Lioqukov\ywacyxr.exe
c:\documents and settings\kakdh\Application Data\Unlifaev\xaokwe.exe
c:\documents and settings\kakdh\Application Data\Xaixrace\qyipqas.exe
c:\documents and settings\kakdh\Application Data\Ydtuawu\fedyaw.exe
c:\documents and settings\kakdh\Application Data\Ytgyqal\ewxeah.exe
c:\documents and settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe
c:\documents and settings\kakdh\Local Settings\Application Data\ecokaboc.exe
c:\documents and settings\kakdh\Local Settings\Application Data\gfnmjasv.exe
c:\documents and settings\kakdh\Local Settings\Application Data\iremshnq.exe
c:\documents and settings\kakdh\Local Settings\Application Data\kwpbikxr.exe
c:\documents and settings\kakdh\Local Settings\Application Data\mppkbvon.exe
c:\documents and settings\kakdh\Local Settings\Application Data\muvlcrsr.exe
c:\documents and settings\kakdh\Local Settings\Application Data\nmcjfnuf.exe
c:\documents and settings\kakdh\Local Settings\Application Data\ntjgkghu.exe
c:\documents and settings\kakdh\Local Settings\Application Data\qqdesrpq.exe
c:\documents and settings\kakdh\Local Settings\Application Data\vkknekdd.exe
c:\documents and settings\kakdh\Start Menu\Programs\System Tool
c:\documents and settings\kakdh\WINDOWS
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SECURITYCENTERSERVER173792361
-------\Legacy_VPNAGENT
-------\Service_SecurityCenterServer173792361
-------\Service_vpnagent
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-05 to 2014-04-05  )))))))))))))))))))))))))))))))
.
.
2014-04-03 17:08 . 2006-03-18 19:01    284711    ----a-w-    c:\windows\system32\elluucse.exe
2014-04-03 17:08 . 2014-04-05 21:33    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Xaixrace
2014-04-03 02:44 . 2014-04-05 20:28    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Vicywa
2014-04-03 00:52 . 2014-04-03 17:02    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Ercuir
2014-04-02 10:40 . 2014-04-05 20:28    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Soomasat
2014-04-02 06:43 . 2014-04-02 06:43    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Zaokvuib
2014-04-02 02:46 . 2014-04-05 21:24    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Unlifaev
2014-04-01 22:49 . 2014-04-05 21:24    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Ydtuawu
2014-04-01 20:22 . 2014-04-02 13:15    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Wadoabx
2014-04-01 14:44 . 2014-04-02 13:15    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Vesole
2014-04-01 12:55 . 2014-04-05 21:24    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Lioqukov
2014-04-01 02:47 . 2014-04-05 21:24    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Ytgyqal
2014-03-31 22:47 . 2014-04-05 21:24    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Iqottaf
2014-03-31 18:41 . 2014-04-05 21:24    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Hypoufby
2014-03-31 14:51 . 2014-04-05 21:24    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Egpubau
2014-03-30 18:49 . 2014-03-31 16:03    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Leuskoe
2014-03-30 10:57 . 2014-03-31 00:13    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Agylku
2014-03-30 06:49 . 2014-03-31 00:09    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Ceiweh
2014-03-30 02:49 . 2014-03-31 00:13    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Pawaamf
2014-03-30 01:42 . 2014-04-01 20:10    52312    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-03-29 23:45 . 2014-03-29 23:45    --------    d-----w-    c:\windows\ERUNT
2014-03-29 22:47 . 2014-03-29 22:47    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-03-29 22:43 . 2014-03-30 14:04    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Kusaeb
2014-03-29 21:55 . 2014-03-29 22:30    --------    d-----w-    C:\AdwCleaner
2014-03-29 21:53 . 2014-03-30 14:04    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Yhpyse
2014-03-29 21:53 . 2014-03-30 14:04    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Naefgy
2014-03-29 21:53 . 2014-03-30 14:04    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Egelux
2014-03-29 21:53 . 2014-03-30 14:04    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Asguhuec
2014-03-29 21:53 . 2014-03-30 12:20    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Nyofenq
2014-03-27 02:40 . 2014-03-27 02:40    --------    d-----w-    c:\program files\WinDirStat
2014-03-27 02:33 . 2014-03-27 02:52    --------    d-----w-    c:\program files\WhatsRunning
2014-03-27 02:24 . 2014-03-27 02:24    --------    d-----w-    c:\program files\TeaTimer (Spybot - Search & Destroy)
2014-03-27 02:24 . 2014-03-27 02:24    --------    d-----w-    c:\program files\SDHelper (Spybot - Search & Destroy)
2014-03-27 02:24 . 2014-03-27 02:24    --------    d-----w-    c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2014-03-27 02:24 . 2014-03-27 02:24    --------    d-----w-    c:\program files\File Scanner Library (Spybot - Search & Destroy)
2014-03-18 00:27 . 2014-03-18 00:27    --------    d-----w-    c:\documents and settings\kakdh\Local Settings\Application Data\IsolatedStorage
2014-03-18 00:27 . 2014-03-18 00:27    --------    d-----w-    c:\documents and settings\kakdh\Local Settings\Application Data\Intuit
2014-03-18 00:21 . 2014-03-18 00:21    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Intuit
2014-03-18 00:15 . 2014-03-18 00:16    --------    d-----w-    c:\program files\Common Files\Intuit
2014-03-18 00:12 . 2014-03-18 00:12    --------    d-----w-    c:\program files\TurboTax
2014-03-07 23:19 . 2014-03-18 00:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intuit
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:36 . 2012-04-09 17:43    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:36 . 2011-07-01 19:33    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:46 . 2004-08-04 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2004-08-04 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2004-08-04 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2004-08-04 12:00    385024    ------w-    c:\windows\system32\html.iec
2014-02-07 02:01 . 2004-08-04 12:00    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-04 12:00    562688    ----a-w-    c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE" [2013-01-24 260160]
"Myozysfuylywpu"="c:\documents and settings\kakdh\Application Data\Zaokvuib\xehek.exe" [2010-07-21 282282]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-09 149280]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-07-31 1057920]
"Myozysfuylywpu"="c:\documents and settings\kakdh\Application Data\Zaokvuib\xehek.exe" [2010-07-21 282282]
.
c:\documents and settings\kakdh\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\program files\Handspring\HOTSYNC.EXE [2007-9-3 299008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"0195291294167578mcinstcleanup"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juno\\bin\\juno.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Documents and Settings\\kakdh\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/11/2013 5:06 PM 33112]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/5/2011 1:35 PM 162544]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/5/2011 1:34 PM 44720]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [9/20/2013 4:30 PM 577088]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [11/8/2013 1:56 PM 126128]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [6/28/2013 5:48 PM 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/25/2013 12:58 PM 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/3/2010 4:59 PM 22856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [5/16/2011 7:01 PM 111280]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [5/16/2011 7:01 PM 122224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/3/2010 5:00 PM 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [1/4/2011 3:35 PM 44432]
S4 0195291294167578mcinstcleanup;McAfee Application Installer Cleanup (0195291294167578);c:\docume~1\kakdh\LOCALS~1\Temp\019529~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\kakdh\LOCALS~1\Temp\019529~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:36]
.
2014-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2014-04-03 c:\windows\Tasks\EPSON XP-410 Series Invitation {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
- c:\windows\System32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE [2013-11-08 01:20]
.
2014-04-03 c:\windows\Tasks\EPSON XP-410 Series Update {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
- c:\windows\System32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE [2013-11-08 01:20]
.
2014-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510Core.job
- c:\documents and settings\kakdh\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-10-03 04:23]
.
2014-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510UA.job
- c:\documents and settings\kakdh\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-10-03 04:23]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:44]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lds.org/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: advancedmd.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-qocwkucb - c:\documents and settings\kakdh\Local Settings\Application Data\ecokaboc.exe
HKCU-Run-dmnkptqb - c:\documents and settings\kakdh\Local Settings\Application Data\ntjgkghu.exe
HKCU-Run-lkjbtbxt - c:\documents and settings\kakdh\Local Settings\Application Data\kwpbikxr.exe
HKCU-Run-Agevbaywinlyk - c:\documents and settings\kakdh\Application Data\Okalrak\uffilau.exe
HKCU-Run-Ytviypy - c:\documents and settings\kakdh\Application Data\Sevael\zodoet.exe
HKCU-Run-ueqvpnuh - c:\documents and settings\kakdh\Local Settings\Application Data\muvlcrsr.exe
HKCU-Run-odqhwkgq - c:\documents and settings\kakdh\Local Settings\Application Data\qqdesrpq.exe
HKCU-Run-Fyiqpiyvza - c:\documents and settings\kakdh\Application Data\Ebuvhy\tezoliw.exe
HKCU-Run-Ybypbe - c:\documents and settings\kakdh\Application Data\Opihqo\abbabiu.exe
HKCU-Run-eegkfjcl - c:\documents and settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe
HKCU-Run-umfantfu - c:\documents and settings\kakdh\Local Settings\Application Data\vkknekdd.exe
HKCU-Run-Wyomeweze - c:\documents and settings\kakdh\Application Data\Egpubau\ylgyadg.exe
HKCU-Run-krhfxrjj - c:\documents and settings\kakdh\Local Settings\Application Data\mppkbvon.exe
HKCU-Run-Apgeewe - c:\documents and settings\kakdh\Application Data\Hypoufby\qizyav.exe
HKCU-Run-Azyrweigqyzuilg - c:\documents and settings\kakdh\Application Data\Iqottaf\bexyra.exe
HKCU-Run-Vuhoze - c:\documents and settings\kakdh\Application Data\Ytgyqal\ewxeah.exe
HKCU-Run-tvcqvjws - c:\documents and settings\kakdh\Local Settings\Application Data\nmcjfnuf.exe
HKCU-Run-Ezenabzoviyrewd - c:\documents and settings\kakdh\Application Data\Unlifaev\xaokwe.exe
HKCU-Run-Weeltitaed - c:\documents and settings\kakdh\Application Data\Lioqukov\ywacyxr.exe
HKCU-Run-Souhiqryqikeor - c:\documents and settings\kakdh\Application Data\Ydtuawu\fedyaw.exe
HKCU-Run-ucklrrnp - c:\documents and settings\kakdh\Local Settings\Application Data\iremshnq.exe
HKCU-Run-grvluutr - c:\documents and settings\kakdh\Local Settings\Application Data\gfnmjasv.exe
HKCU-Run-Roytyxnoulweyn - c:\documents and settings\kakdh\Application Data\Xaixrace\qyipqas.exe
HKLM-Run-Fyiqpiyvza - c:\documents and settings\kakdh\Application Data\Ebuvhy\tezoliw.exe
HKLM-Run-Ytviypy - c:\documents and settings\kakdh\Application Data\Sevael\zodoet.exe
HKLM-Run-Agevbaywinlyk - c:\documents and settings\kakdh\Application Data\Okalrak\uffilau.exe
HKLM-Run-Huurur - c:\documents and settings\kakdh\Application Data\Kuwoal\etehyw.exe
HKLM-Run-Ybypbe - c:\documents and settings\kakdh\Application Data\Opihqo\abbabiu.exe
HKLM-Run-Nueknyegvuypytl - c:\documents and settings\kakdh\Application Data\Paqedaof\arhookp.exe
HKLM-Run-Ikuztidomuadybw - c:\documents and settings\kakdh\Application Data\Ahedhe\mynousi.exe
HKLM-Run-Hihyegvuylunaq - c:\documents and settings\kakdh\Application Data\Ofbyazg\urizhom.exe
HKLM-Run-Ytfyzipera - c:\documents and settings\kakdh\Application Data\Vahyhe\ovsuf.exe
HKLM-Run-Upkeu - c:\documents and settings\kakdh\Application Data\Haufacr\pagaol.exe
HKLM-Run-Yhgon - c:\documents and settings\kakdh\Application Data\Ziakuhe\oqihc.exe
HKLM-Run-Ofyhihi - c:\documents and settings\kakdh\Application Data\Agublicu\amsyfa.exe
HKLM-Run-Ihyfkotowuwaal - c:\documents and settings\kakdh\Application Data\Qywoxyol\egdeqa.exe
HKLM-Run-Wyomeweze - c:\documents and settings\kakdh\Application Data\Egpubau\ylgyadg.exe
HKLM-Run-Apgeewe - c:\documents and settings\kakdh\Application Data\Hypoufby\qizyav.exe
HKLM-Run-Azyrweigqyzuilg - c:\documents and settings\kakdh\Application Data\Iqottaf\bexyra.exe
HKLM-Run-Vuhoze - c:\documents and settings\kakdh\Application Data\Ytgyqal\ewxeah.exe
HKLM-Run-Weeltitaed - c:\documents and settings\kakdh\Application Data\Lioqukov\ywacyxr.exe
HKLM-Run-Souhiqryqikeor - c:\documents and settings\kakdh\Application Data\Ydtuawu\fedyaw.exe
HKLM-Run-Ezenabzoviyrewd - c:\documents and settings\kakdh\Application Data\Unlifaev\xaokwe.exe
HKLM-Run-Roytyxnoulweyn - c:\documents and settings\kakdh\Application Data\Xaixrace\qyipqas.exe
Notify-ckpNotify - (no file)
AddRemove-GetSavin - c:\documents and settings\kakdh\Local Settings\Application Data\getsavin\uninst.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-05 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...   
.
scanning hidden autostart entries ...  
.
scanning hidden files ...   
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1864253520-1647712531-16515117-1510\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E9C0884-F7EF-4A95-944D-CBC334B334E6}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\kakdh\\Local Settings\\Application Data\\RobloxVersions\\version-fa4cea1530284e83\\"
.
[HKEY_USERS\S-1-5-21-1864253520-1647712531-16515117-1510\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EAEF12A-BA57-469B-8014-3F528C470B64}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\kakdh\\Local Settings\\Application Data\\RobloxVersions\\version-eecd9135a67340ab\\"
.
[HKEY_USERS\S-1-5-21-1864253520-1647712531-16515117-1510\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF2B3A18-D953-4EFB-9900-F81D227898F6}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\kakdh\\Local Settings\\Application Data\\RobloxVersions\\version-ef80cfd9c83546fe\\"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1352)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6188)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Hummingbird\Connectivity\10.00\Hummingbird Neighborhood\heshell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\BCMSMMSG.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2014-04-05  14:55:41 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-05 21:55
.
Pre-Run: 13,521,379,328 bytes free
Post-Run: 15,598,989,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0DF883F545AB9A3D462C91148E877E2C
8F558EB6672622401DA993E1E865C861

 

< End of report >


  • 0

#6
Valinorum
Posted 07 April 2014 - 02:45 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi hawstom, :)

Copy ComboFix.exe from Tom's Malware Fix folder to your Desktop.
  • Step #2 Fix With ComboFix
    I assume you still have ComboFix on your system. If not, please download Combofix from one of the following locations:Please open Notepad (Through Start Menu -> Accessories -> Notepad) and copy/paste this code into the notepad, exactly as it is:
    Killall::

Folder::
c:\documents and settings\kakdh\Application Data\Xaixrace
c:\documents and settings\kakdh\Application Data\Vicywa
c:\documents and settings\kakdh\Application Data\Ercuir
c:\documents and settings\kakdh\Application Data\Soomasat
c:\documents and settings\kakdh\Application Data\Zaokvuib
c:\documents and settings\kakdh\Application Data\Unlifaev
c:\documents and settings\kakdh\Application Data\Ydtuawu
c:\documents and settings\kakdh\Application Data\Wadoabx
c:\documents and settings\kakdh\Application Data\Vesole
c:\documents and settings\kakdh\Application Data\Lioqukov
c:\documents and settings\kakdh\Application Data\Ytgyqal
c:\documents and settings\kakdh\Application Data\Iqottaf
c:\documents and settings\kakdh\Application Data\Hypoufby
c:\documents and settings\kakdh\Application Data\Egpubau
c:\documents and settings\kakdh\Application Data\Leuskoe
c:\documents and settings\kakdh\Application Data\Agylku
c:\documents and settings\kakdh\Application Data\Ceiweh
c:\documents and settings\kakdh\Application Data\Pawaamf
c:\documents and settings\kakdh\Application Data\Yhpyse
c:\documents and settings\kakdh\Application Data\Naefgy
c:\documents and settings\kakdh\Application Data\Egelux
c:\documents and settings\kakdh\Application Data\Asguhuec
c:\documents and settings\kakdh\Application Data\Nyofenq

File::
c:\documents and settings\kakdh\Application Data\Zaokvuib\xehek.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Myozysfuylywpu"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Myozysfuylywpu"=-

DDS:: 
Trusted Zone: advancedmd.com

Reboot::
    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your Desktop.

    Make sure your Anti-Virus is disabled while we do this. Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, please read this.

    CFScriptB-4.gif

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

    When the scan finishes, it will execute the script and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it. Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered. After a few minutes, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 
  • Step #2 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
    • Double-click on the program to run;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Step #3 Scan with Farbar Service Scanner
    • Please download Farbar Service Scanner by Farbar to your Desktop from the link below.
      Download Link
    • Double-click on the program to run;
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
 
  • Required Log(s):
    • ComboFix Log;
    • Farbar Recovery Scan Tool Log(s) --
      • FRST.txt;
      • Addition.txt
    • Farbar Service Scanner Log
Regards,
Valinorum
  • 0

#7
hawstom
Posted 07 April 2014 - 12:18 PM

hawstom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you very much, Valinorum.  The problem appears to be solved.  Good job.  I have restarted the computer, and all still looks clean.

 

< Begin ComboFix log >

ComboFix 14-04-05.01 - kakdh 04/07/2014   9:46.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.436 [GMT -7:00]
Running from: c:\documents and settings\kakdh\Desktop\Tom's Malware Fix\ComboFix.exe
Command switches used :: c:\documents and settings\kakdh\Desktop\Tom's Malware Fix\CFScript.txt
FW: Kerio Personal Firewall *Disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
.
FILE ::
"c:\documents and settings\kakdh\Application Data\Zaokvuib\xehek.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\kakdh\Application Data\Zaokvuib
c:\documents and settings\kakdh\Application Data\Zaokvuib\xehek.exe
c:\windows\EventSystem.log
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\msvcrt2.dll
c:\windows\system32\rnaph.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-07 to 2014-04-07  )))))))))))))))))))))))))))))))
.
.
2014-04-03 17:08 . 2006-03-18 19:01    284711    ----a-w-    c:\windows\system32\elluucse.exe
2014-03-30 01:42 . 2014-04-01 20:10    52312    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-03-29 23:45 . 2014-03-29 23:45    --------    d-----w-    c:\windows\ERUNT
2014-03-29 22:47 . 2014-03-29 22:47    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-03-29 21:55 . 2014-03-29 22:30    --------    d-----w-    C:\AdwCleaner
2014-03-27 02:40 . 2014-03-27 02:40    --------    d-----w-    c:\program files\WinDirStat
2014-03-27 02:33 . 2014-03-27 02:52    --------    d-----w-    c:\program files\WhatsRunning
2014-03-27 02:24 . 2014-03-27 02:24    --------    d-----w-    c:\program files\TeaTimer (Spybot - Search & Destroy)
2014-03-27 02:24 . 2014-03-27 02:24    --------    d-----w-    c:\program files\SDHelper (Spybot - Search & Destroy)
2014-03-27 02:24 . 2014-03-27 02:24    --------    d-----w-    c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2014-03-27 02:24 . 2014-03-27 02:24    --------    d-----w-    c:\program files\File Scanner Library (Spybot - Search & Destroy)
2014-03-27 01:54 . 2014-02-26 01:59    13312    -c----w-    c:\windows\system32\dllcache\xp_eos.exe
2014-03-27 01:54 . 2014-02-26 01:59    13312    ------w-    c:\windows\system32\xp_eos.exe
2014-03-18 00:27 . 2014-03-18 00:27    --------    d-----w-    c:\documents and settings\kakdh\Local Settings\Application Data\IsolatedStorage
2014-03-18 00:27 . 2014-03-18 00:27    --------    d-----w-    c:\documents and settings\kakdh\Local Settings\Application Data\Intuit
2014-03-18 00:21 . 2014-03-18 00:21    --------    d-----w-    c:\documents and settings\kakdh\Application Data\Intuit
2014-03-18 00:15 . 2014-03-18 00:16    --------    d-----w-    c:\program files\Common Files\Intuit
2014-03-18 00:12 . 2014-03-18 00:12    --------    d-----w-    c:\program files\TurboTax
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:36 . 2012-04-09 17:43    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:36 . 2011-07-01 19:33    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:46 . 2004-08-04 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2004-08-04 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2004-08-04 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2004-08-04 12:00    385024    ------w-    c:\windows\system32\html.iec
2014-02-07 02:01 . 2004-08-04 12:00    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-04 12:00    562688    ----a-w-    c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE" [2013-01-24 260160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-09 149280]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-07-31 1057920]
.
c:\documents and settings\kakdh\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\program files\Handspring\HOTSYNC.EXE [2007-9-3 299008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"0195291294167578mcinstcleanup"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juno\\bin\\juno.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Documents and Settings\\kakdh\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/11/2013 5:06 PM 33112]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/5/2011 1:35 PM 162544]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/5/2011 1:34 PM 44720]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [9/20/2013 4:30 PM 577088]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [11/8/2013 1:56 PM 126128]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [6/28/2013 5:48 PM 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/25/2013 12:58 PM 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/3/2010 4:59 PM 22856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [5/16/2011 7:01 PM 111280]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [5/16/2011 7:01 PM 122224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/3/2010 5:00 PM 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [1/4/2011 3:35 PM 44432]
S4 0195291294167578mcinstcleanup;McAfee Application Installer Cleanup (0195291294167578);c:\docume~1\kakdh\LOCALS~1\Temp\019529~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\kakdh\LOCALS~1\Temp\019529~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:36]
.
2014-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2014-04-07 c:\windows\Tasks\EPSON XP-410 Series Invitation {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
- c:\windows\System32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE [2013-11-08 01:20]
.
2014-04-07 c:\windows\Tasks\EPSON XP-410 Series Update {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
- c:\windows\System32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE [2013-11-08 01:20]
.
2014-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510Core.job
- c:\documents and settings\kakdh\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-10-03 04:23]
.
2014-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510UA.job
- c:\documents and settings\kakdh\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-10-03 04:23]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:44]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:44]
.
2014-04-07 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-04-06 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lds.org/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-07 11:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1864253520-1647712531-16515117-1510\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E9C0884-F7EF-4A95-944D-CBC334B334E6}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\kakdh\\Local Settings\\Application Data\\RobloxVersions\\version-fa4cea1530284e83\\"
.
[HKEY_USERS\S-1-5-21-1864253520-1647712531-16515117-1510\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EAEF12A-BA57-469B-8014-3F528C470B64}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\kakdh\\Local Settings\\Application Data\\RobloxVersions\\version-eecd9135a67340ab\\"
.
[HKEY_USERS\S-1-5-21-1864253520-1647712531-16515117-1510\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF2B3A18-D953-4EFB-9900-F81D227898F6}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\kakdh\\Local Settings\\Application Data\\RobloxVersions\\version-ef80cfd9c83546fe\\"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1356)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(7144)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Hummingbird\Connectivity\10.00\Hummingbird Neighborhood\heshell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\BCMSMMSG.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2014-04-07  11:49:27 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-07 18:49
ComboFix2.txt  2014-04-05 21:55
.
Pre-Run: 16,008,957,952 bytes free
Post-Run: 16,441,384,960 bytes free
.
- - End Of File - - 87B266B3AF8FBE03FC116559FD8C56AE
8F558EB6672622401DA993E1E865C861

< End of report >

 

< Begin FRST log >

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by kakdh (administrator) on AIS11ZGY41 on 07-04-2014 12:01:46
Running from C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Palm, Inc.) C:\Program Files\Handspring\HOTSYNC.EXE
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-05] (ATI Technologies, Inc.)
HKLM\...\Run: [BCMSMMSG] - C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [OpwareSE2] - C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [149280 2010-04-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\QuickCam\Quickcam.exe [2656528 2008-12-20] ()
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1864253520-1647712531-16515117-1510\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-01-06] (Google Inc.)
HKU\S-1-5-21-1864253520-1647712531-16515117-1510\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\Documents and Settings\kakdh\Start Menu\Programs\Startup\HotSync Manager.LNK
ShortcutTarget: HotSync Manager.LNK -> C:\Program Files\Handspring\HOTSYNC.EXE (Palm, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270776591171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default
FF DefaultSearchEngine: AOL Search
FF Homepage: hxxp://mail.google.com/mail/
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\kakdh\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Garmin Communicator - C:\Documents and Settings\kakdh\Application Data\Mozilla\Firefox\Profiles\sniywqtc.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-09-20] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-09] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
S4 0195291294167578mcinstcleanup; C:\DOCUME~1\kakdh\LOCALS~1\Temp\019529~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-03-11] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2008-12-16] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [15326 2002-05-22] (Palm, Inc.)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\kakdh\LOCALS~1\Temp\mbr.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7
C:\WINDOWS\System32\DRIVERS\arp1394.sys B5B8A80875C1DEDEDA8B02765642C32F
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 03621F7F968FF63713943405DEB777F9
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\drivers\avgtpx86.sys DB61A6ECACD9D84405D2F3E411B25409
C:\WINDOWS\System32\DRIVERS\bcmwl5.sys B89BCF0A25AEB3B47030AC83287F894A
C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys E727776A56A51B7E6B7C87C02EA8B405
C:\WINDOWS\System32\DRIVERS\BCMSM.sys 41347688046D49CDE0F6D138A534F73D
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\DRIVERS\CmBatt.sys 0F6C187D38D98F8DF904589A5F94D411
C:\WINDOWS\System32\DRIVERS\compbatt.sys 6E4C9F21F0FAE8940661144F41B13203
C:\WINDOWS\System32\DRIVERS\dc3d.sys 91C1736E77CFF029302728B431D0EEDB
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\system32\Drivers\Fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys 1EDC0DF2DA14E04504DD3BAC21AA32CD
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\system32\Drivers\Flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys F2F431D1573EE632975C524418655B84
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\System32\Drivers\LVPr2Mon.sys F96CFB47903854F228BAAF3E2D41A0A3
C:\WINDOWS\System32\DRIVERS\lvrs.sys E22FD7852E74F04CCEB6B8A684A51F3E
C:\WINDOWS\System32\drivers\LVUSBSta.sys 5F987FC1AAD215EC2C60CF07719B1CCE
C:\WINDOWS\System32\DRIVERS\lvuvc.sys E89DF2B88EE659954DE79827DDF46DC9
C:\WINDOWS\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\System32\DRIVERS\nic1394.sys E9E47CFB2D461FA0FC75B7A74C6383EA
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\ohci1394.sys CA33832DF41AFB202EE7AEB05145922F
C:\WINDOWS\System32\drivers\PalmUSBD.sys F49E3B9FB2DD84FCA2F6310A147C43FE
C:\WINDOWS\system32\Drivers\Parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\System32\DRIVERS\pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\point32.sys 60A044879C4FA76314494F5FDDC43B93
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\system32\Drivers\Serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\drivers\stac97.sys 5813D453EF8CE49D607C255CF128ACEB
C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\DRIVERS\VBoxDrv.sys 9085D8F20DDBCFE8C9077B52D84FF222
C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys 8E4508C7B571F686129E7C4B89CB673D
C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys D570F05D62F9EDAD752107DDAF8E46D5
C:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys A120EFAE1DD363A018641934F535409C
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\vpnva.sys E1F2333A88EC4A5C8EA6BE357323B72D
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78
C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 12:01 - 2014-04-07 12:01 - 00000000 ____D () C:\FRST
2014-04-07 11:49 - 2014-04-07 11:49 - 00015256 _____ () C:\ComboFix.txt
2014-04-05 15:13 - 2014-04-07 11:40 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-05 15:13 - 2014-04-05 23:45 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-05 15:01 - 2014-04-05 15:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-04-05 15:00 - 2014-04-05 15:01 - 00005424 _____ () C:\WINDOWS\KB2934207.log
2014-04-05 14:30 - 2014-04-05 14:30 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-04-05 14:30 - 2014-04-05 14:30 - 00008192 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-04-05 14:30 - 2014-04-05 14:30 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-04-05 14:30 - 2014-04-05 14:30 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-04-05 14:30 - 2014-04-05 14:30 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-04-05 13:46 - 2014-04-05 13:46 - 00000000 _RSHD () C:\cmdcons
2014-04-05 13:46 - 2011-01-04 12:03 - 00000211 _____ () C:\Boot.bak
2014-04-05 13:46 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-05 13:36 - 2011-06-25 23:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-04-05 13:36 - 2010-11-07 10:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-04-05 13:36 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-04-05 13:36 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-04-05 13:36 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-04-05 13:36 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-04-05 13:36 - 2000-08-30 17:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-04-05 13:36 - 2000-08-30 17:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-04-05 13:36 - 2000-08-30 17:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-04-05 13:34 - 2014-04-07 11:49 - 00000000 ____D () C:\Qoobox
2014-04-05 13:33 - 2014-04-05 14:28 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-03 10:08 - 2006-03-18 12:01 - 00284711 _____ (luwv ybsbmck rpbrrqye lqjmtefc) C:\WINDOWS\system32\elluucse.exe
2014-03-29 18:42 - 2014-04-01 13:10 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-29 16:45 - 2014-03-29 16:45 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-29 15:47 - 2014-03-29 15:47 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-29 14:55 - 2014-03-29 15:30 - 00000000 ____D () C:\AdwCleaner
2014-03-26 19:40 - 2014-03-26 19:40 - 00000706 _____ () C:\Documents and Settings\kakdh\Desktop\WinDirStat.lnk
2014-03-26 19:40 - 2014-03-26 19:40 - 00000000 ____D () C:\Program Files\WinDirStat
2014-03-26 19:40 - 2014-03-26 19:40 - 00000000 ____D () C:\Documents and Settings\kakdh\Start Menu\Programs\WinDirStat
2014-03-26 19:33 - 2014-03-26 19:52 - 00000000 ____D () C:\Program Files\WhatsRunning
2014-03-26 19:24 - 2014-03-26 19:24 - 00000000 ____D () C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2014-03-26 19:24 - 2014-03-26 19:24 - 00000000 ____D () C:\Program Files\SDHelper (Spybot - Search & Destroy)
2014-03-26 19:24 - 2014-03-26 19:24 - 00000000 ____D () C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2014-03-26 19:24 - 2014-03-26 19:24 - 00000000 ____D () C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2014-03-26 18:54 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-26 18:54 - 2014-02-25 18:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-26 12:38 - 2014-03-26 12:38 - 00013261 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-26 12:25 - 2014-03-26 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-26 12:16 - 2014-03-26 12:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-25 17:12 - 2014-03-25 17:12 - 00012326 _____ () C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
2014-03-25 17:11 - 2014-03-25 17:11 - 00068465 _____ () C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj
2014-03-25 17:10 - 2014-03-25 17:10 - 00000000 _____ () C:\Documents and Settings\kakdh\Application Data\SharedSettings.ccs
2014-03-25 17:06 - 2014-03-25 17:06 - 02388348 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1864253520-1647712531-16515117-1510-0.dat
2014-03-25 17:06 - 2014-03-25 17:06 - 00365578 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-20 15:16 - 2014-03-21 16:31 - 00032768 _____ () C:\Documents and Settings\kakdh\My Documents\T-Shirt.sig
2014-03-17 17:27 - 2014-03-17 20:12 - 00000286 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2014-03-17 17:27 - 2014-03-17 17:27 - 00000000 ____D () C:\Documents and Settings\kakdh\Local Settings\Application Data\IsolatedStorage
2014-03-17 17:27 - 2014-03-17 17:27 - 00000000 ____D () C:\Documents and Settings\kakdh\Local Settings\Application Data\Intuit
2014-03-17 17:21 - 2014-03-17 17:21 - 00000000 ____D () C:\Documents and Settings\kakdh\Application Data\Intuit
2014-03-17 17:17 - 2014-03-17 17:17 - 00001880 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
2014-03-17 17:17 - 2014-03-17 17:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2013
2014-03-17 17:15 - 2014-03-17 17:16 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-03-17 17:12 - 2014-03-17 17:12 - 00000000 ____D () C:\Program Files\TurboTax
2014-03-12 18:16 - 2014-03-26 12:25 - 00011687 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 18:15 - 2014-03-26 12:16 - 00013150 _____ () C:\WINDOWS\KB2930275.log

==================== One Month Modified Files and Folders =======

2014-04-07 12:01 - 2014-04-07 12:01 - 00000000 ____D () C:\FRST
2014-04-07 12:01 - 2013-11-08 14:01 - 00000917 _____ () C:\WINDOWS\Tasks\EPSON XP-410 Series Update {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
2014-04-07 12:01 - 2013-11-08 14:01 - 00000731 _____ () C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job
2014-04-07 12:01 - 2013-03-25 12:30 - 00000000 ____D () C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix
2014-04-07 11:49 - 2014-04-07 11:49 - 00015256 _____ () C:\ComboFix.txt
2014-04-07 11:49 - 2014-04-05 13:34 - 00000000 ____D () C:\Qoobox
2014-04-07 11:49 - 2006-01-31 16:39 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-07 11:41 - 2004-08-04 05:00 - 00000277 _____ () C:\WINDOWS\system.ini
2014-04-07 11:40 - 2014-04-05 15:13 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-07 11:40 - 2010-01-30 06:44 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 11:40 - 2004-08-04 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-07 11:36 - 2012-04-09 10:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-07 11:06 - 2010-01-30 06:44 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 11:01 - 2006-01-31 16:40 - 00032426 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-07 10:11 - 2006-01-31 16:35 - 01950793 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-07 10:08 - 2006-01-31 16:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-07 10:08 - 2006-01-31 05:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-07 10:08 - 2006-01-31 05:28 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-07 09:28 - 2013-10-02 21:23 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510UA.job
2014-04-07 09:15 - 2006-02-01 08:07 - 00000000 __SHD () C:\WINDOWS\CSC
2014-04-05 23:48 - 2006-02-08 11:35 - 00000278 ___SH () C:\Documents and Settings\kakdh\ntuser.ini
2014-04-05 23:45 - 2014-04-05 15:13 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-05 15:01 - 2014-04-05 15:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-04-05 15:01 - 2014-04-05 15:00 - 00005424 _____ () C:\WINDOWS\KB2934207.log
2014-04-05 15:01 - 2006-01-31 05:26 - 02769092 _____ () C:\WINDOWS\FaxSetup.log
2014-04-05 15:01 - 2006-01-31 05:26 - 01324777 _____ () C:\WINDOWS\ocgen.log
2014-04-05 15:01 - 2006-01-31 05:26 - 01267412 _____ () C:\WINDOWS\tsoc.log
2014-04-05 15:01 - 2006-01-31 05:26 - 01019561 _____ () C:\WINDOWS\iis6.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00853520 _____ () C:\WINDOWS\msmqinst.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00809814 _____ () C:\WINDOWS\comsetup.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00489037 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00485482 _____ () C:\WINDOWS\netfxocm.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00190983 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00140114 _____ () C:\WINDOWS\tabletoc.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00138529 _____ () C:\WINDOWS\msgsocm.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00132716 _____ () C:\WINDOWS\ocmsn.log
2014-04-05 15:01 - 2006-01-31 05:26 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-05 14:32 - 2006-01-31 05:25 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-04-05 14:32 - 2006-01-31 05:23 - 39583744 _____ () C:\WINDOWS\system32\config\software.bak
2014-04-05 14:32 - 2006-01-31 05:23 - 10485760 _____ () C:\WINDOWS\system32\config\system.bak
2014-04-05 14:32 - 2006-01-31 05:23 - 01310720 _____ () C:\WINDOWS\system32\config\default.bak
2014-04-05 14:31 - 2009-10-15 10:27 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-04-05 14:30 - 2014-04-05 14:30 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-04-05 14:30 - 2014-04-05 14:30 - 00008192 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-04-05 14:30 - 2014-04-05 14:30 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-04-05 14:30 - 2014-04-05 14:30 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-04-05 14:30 - 2014-04-05 14:30 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-04-05 14:28 - 2014-04-05 13:33 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-05 14:24 - 2006-02-08 11:35 - 00000000 ____D () C:\Documents and Settings\kakdh
2014-04-05 13:47 - 2011-07-11 16:50 - 00000000 ____D () C:\Documents and Settings\kakdh\Local Settings\Application Data\RobloxVersions
2014-04-05 13:46 - 2014-04-05 13:46 - 00000000 _RSHD () C:\cmdcons
2014-04-05 13:46 - 2006-01-31 05:24 - 00000327 __RSH () C:\boot.ini
2014-04-05 13:28 - 2010-04-08 11:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB932823-v3$
2014-04-03 07:54 - 2011-08-05 13:37 - 00000000 ____D () C:\Documents and Settings\kakdh\.VirtualBox
2014-04-02 19:26 - 2014-01-01 00:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-02 06:14 - 2011-12-02 10:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2014-04-01 21:28 - 2013-10-02 21:23 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510Core.job
2014-04-01 13:10 - 2014-03-29 18:42 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-01 13:01 - 2009-01-27 18:59 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs
2014-04-01 13:01 - 2009-01-27 18:58 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad
2014-03-29 16:45 - 2014-03-29 16:45 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-29 15:47 - 2014-03-29 15:47 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-29 15:30 - 2014-03-29 14:55 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:33 - 2006-01-31 05:17 - 00000000 _____ () C:\WINDOWS\MEMORY.DMP
2014-03-27 05:29 - 2013-09-15 10:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-03-26 19:52 - 2014-03-26 19:33 - 00000000 ____D () C:\Program Files\WhatsRunning
2014-03-26 19:40 - 2014-03-26 19:40 - 00000706 _____ () C:\Documents and Settings\kakdh\Desktop\WinDirStat.lnk
2014-03-26 19:40 - 2014-03-26 19:40 - 00000000 ____D () C:\Program Files\WinDirStat
2014-03-26 19:40 - 2014-03-26 19:40 - 00000000 ____D () C:\Documents and Settings\kakdh\Start Menu\Programs\WinDirStat
2014-03-26 19:26 - 2010-12-03 17:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-26 19:26 - 2010-12-03 16:59 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-26 19:24 - 2014-03-26 19:24 - 00000000 ____D () C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2014-03-26 19:24 - 2014-03-26 19:24 - 00000000 ____D () C:\Program Files\SDHelper (Spybot - Search & Destroy)
2014-03-26 19:24 - 2014-03-26 19:24 - 00000000 ____D () C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2014-03-26 19:24 - 2014-03-26 19:24 - 00000000 ____D () C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2014-03-26 15:38 - 2006-01-31 17:20 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-26 15:27 - 2006-01-31 05:25 - 00342624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-26 12:38 - 2014-03-26 12:38 - 00013261 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-26 12:38 - 2006-01-31 17:22 - 00382721 _____ () C:\WINDOWS\updspapi.log
2014-03-26 12:38 - 2006-01-31 05:26 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-26 12:25 - 2014-03-26 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-26 12:25 - 2014-03-12 18:16 - 00011687 _____ () C:\WINDOWS\KB2929961.log
2014-03-26 12:16 - 2014-03-26 12:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-26 12:16 - 2014-03-12 18:15 - 00013150 _____ () C:\WINDOWS\KB2930275.log
2014-03-26 11:49 - 2013-08-13 21:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-26 11:49 - 2006-01-31 17:27 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-25 18:31 - 2007-11-10 18:53 - 00000746 _____ () C:\Documents and Settings\kakdh\jobq.dat
2014-03-25 17:12 - 2014-03-25 17:12 - 00012326 _____ () C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
2014-03-25 17:11 - 2014-03-25 17:11 - 00068465 _____ () C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj
2014-03-25 17:10 - 2014-03-25 17:10 - 00000000 _____ () C:\Documents and Settings\kakdh\Application Data\SharedSettings.ccs
2014-03-25 17:08 - 2013-09-07 12:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-25 17:06 - 2014-03-25 17:06 - 02388348 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1864253520-1647712531-16515117-1510-0.dat
2014-03-25 17:06 - 2014-03-25 17:06 - 00365578 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-25 12:35 - 2014-02-20 08:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-21 16:31 - 2014-03-20 15:16 - 00032768 _____ () C:\Documents and Settings\kakdh\My Documents\T-Shirt.sig
2014-03-21 16:30 - 2007-08-31 11:57 - 00000000 ____D () C:\Documents and Settings\kakdh\My Documents\My Print Shop  Projects
2014-03-19 08:50 - 2012-02-06 16:57 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-17 23:40 - 2007-08-11 17:44 - 00000000 ____D () C:\Documents and Settings\kakdh\My Documents\TurboTax
2014-03-17 20:12 - 2014-03-17 17:27 - 00000286 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2014-03-17 19:47 - 2013-09-07 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-17 17:27 - 2014-03-17 17:27 - 00000000 ____D () C:\Documents and Settings\kakdh\Local Settings\Application Data\IsolatedStorage
2014-03-17 17:27 - 2014-03-17 17:27 - 00000000 ____D () C:\Documents and Settings\kakdh\Local Settings\Application Data\Intuit
2014-03-17 17:27 - 2007-11-18 08:05 - 00098848 _____ () C:\Documents and Settings\kakdh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-17 17:21 - 2014-03-17 17:21 - 00000000 ____D () C:\Documents and Settings\kakdh\Application Data\Intuit
2014-03-17 17:17 - 2014-03-17 17:17 - 00001880 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
2014-03-17 17:17 - 2014-03-17 17:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2013
2014-03-17 17:16 - 2014-03-17 17:15 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-03-17 17:16 - 2014-03-07 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Intuit
2014-03-17 17:12 - 2014-03-17 17:12 - 00000000 ____D () C:\Program Files\TurboTax
2014-03-17 17:09 - 2006-01-31 05:26 - 00006252 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-17 17:04 - 2006-02-02 07:14 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-12 11:36 - 2012-04-09 10:43 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 11:36 - 2011-07-01 12:33 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Documents and Settings\kakdh\jagex_runescape_preferences.dat
C:\Documents and Settings\kakdh\jagex_runescape_preferences2.dat
C:\Documents and Settings\kakdh\jobq.dat


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================< End of report >

 

< Begin FRST Addition.txt log >

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by kakdh at 2014-04-07 12:02:35
Running from C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix
Boot Mode: Normal
==========================================================


==================== Security Center ========================

FW: Kerio Personal Firewall (Disabled) {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aqua Data Studio 4.5 (HKLM\...\{BA1A15DD-4663-4B0C-A64E-17604E0FC52D}) (Version: 4.50.0000 - AquaFold)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-025875C-Dell - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 5.03.02 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 5.03.02 - Broadcom) Hidden
Broderbund Media Manager (HKLM\...\{26346FB6-4F69-453D-95CE-B6BA3A5382F8}) (Version:  - Broderbund)
Byki (Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Express (HKLM\...\Byki Express) (Version:  - Transparent Language, Inc.)
Byki Express for Current User (HKCU\...\Byki Express for Current User) (Version: 4.1 - Transparent Language, Inc.)
Canon MP Drivers 6.0 (HKLM\...\{3FF3DD04-F386-46B0-97FC-B86238B65487}) (Version:  - )
Canon MP Navigator 1.0 (HKLM\...\{109AB81D-9732-40B3-9C1F-113A86CE6F93}) (Version:  - )
Canon ScanGear Starter (HKLM\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Cisco AnyConnect VPN Client (HKLM\...\{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}) (Version: 2.4.0202 - Cisco Systems, Inc.)
ClickArt Celebrations and Holidays (HKLM\...\ClickArt Celebrations and Holidays 1.0) (Version:  - )
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FamilySearch Indexing (HKCU\...\FamilySearch Indexing) (Version:  - Intellectual Reserve, Inc.)
FamilySearch Indexing (www.familysearchindexing.org) (HKCU\...\FamilySearch Indexing (www.familysearchindexing.org)) (Version:  - Intellectual Reserve, Inc.)
FamilySearch Indexing 3.7.11 (HKLM\...\0591-8077-9297-0833) (Version: 3.7.11 - FamilySearch)
French - MTC (HKLM\...\{BD072270-4EA0-452F-84D8-2D70C31A930E}) (Version: 1.0.3.40 - Brigham Young University MTC)
French Tall 4.0 (HKLM\...\French Tall 4.0) (Version:  - TALL)
Game Maker 8.0 (HKLM\...\Game Maker 8.0) (Version:  - )
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google Video Player (HKLM\...\GoogleVideoPlayer) (Version:  - )
GoToMeeting 4.5.0.457 (HKCU\...\GoToMeeting) (Version:  - )
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
Hummingbird Exceed 10 (HKLM\...\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}) (Version: 10.0.0.15 - Hummingbird Ltd.)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Juno (HKLM\...\{92F36672-245D-11D5-AC74-00105A0CF83E}) (Version:  - Juno Online Services, Inc.)
Kerio Personal Firewall (HKLM\...\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}) (Version: 4.01.00821 - Kerio Technologies)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.54.11 - Logitech, Inc.)
Logitech QuickCam (HKLM\...\{937B232D-9776-471E-92BD-D424E514EF14}) (Version: 11.90.1263 - Logitech Inc.)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.90) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Standard 2003 (HKLM\...\{903A0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
MobileMe Control Panel (HKLM\...\{44A91B04-3D0C-47F9-B644-7F682869AFF3}) (Version: 2.4.1.7 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
OmniPage SE (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Oracle VM VirtualBox 4.0.8 (HKLM\...\{D0A42145-3A8A-45C1-BF07-7855A6E91020}) (Version: 4.0.8 - Oracle Corporation)
OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Palm Desktop and Synchronization Software (HKLM\...\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}) (Version:  - )
Presto! PageManager 6.03 (HKLM\...\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}) (Version:  - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Updater (HKLM\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION) <==== ATTENTION
Spanish - TALL (HKLM\...\{91A5B484-2580-4D9B-BFAC-06C8C0E2F2F5}) (Version: 1.0.3.40 - Brigham Young University MTC)
Spanish Tall 4.0 (HKLM\...\Spanish Tall 4.0) (Version:  - TALL)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy 1.4 (HKLM\...\Spybot - Search & Destroy_is1) (Version: 1.4 - Safer Networking Limited)
SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
The Print Shop (HKLM\...\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}) (Version:  - Broderbund LLC)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 waziper (Version: 013.000.1251 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (Version: 013.000.1874 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0477 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0164 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Uninstall FamilySearch Indexing (HKCU\...\Uninstall FamilySearch Indexing) (Version:  - Intellectual Reserve, Inc.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Connect (Version:  - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )

==================== Restore Points  =========================

25-02-2014 17:59:04 System Checkpoint
26-02-2014 18:58:59 System Checkpoint
27-02-2014 19:58:59 System Checkpoint
28-02-2014 20:31:06 System Checkpoint
01-03-2014 21:18:52 System Checkpoint
02-03-2014 21:58:57 System Checkpoint
03-03-2014 15:37:21 Software Distribution Service 3.0
04-03-2014 15:46:57 System Checkpoint
05-03-2014 04:38:18 Software Distribution Service 3.0
06-03-2014 04:42:41 System Checkpoint
07-03-2014 05:21:16 System Checkpoint
08-03-2014 05:31:36 System Checkpoint
09-03-2014 06:31:35 System Checkpoint
10-03-2014 16:24:28 System Checkpoint
11-03-2014 17:05:19 System Checkpoint
12-03-2014 18:05:19 System Checkpoint
13-03-2014 19:05:05 System Checkpoint
14-03-2014 20:05:09 System Checkpoint
15-03-2014 21:05:05 System Checkpoint
17-03-2014 01:03:52 System Checkpoint
18-03-2014 00:15:22 Installed TurboTax 2013 wrapper
18-03-2014 02:45:29 Software Distribution Service 3.0
18-03-2014 03:20:53 Installed TurboTax 2013 waziper
19-03-2014 04:14:36 System Checkpoint
20-03-2014 04:21:40 System Checkpoint
21-03-2014 05:13:31 System Checkpoint
22-03-2014 05:14:32 System Checkpoint
23-03-2014 06:14:31 System Checkpoint
24-03-2014 07:14:35 System Checkpoint
25-03-2014 08:15:38 System Checkpoint
26-03-2014 18:41:26 Software Distribution Service 3.0
27-03-2014 19:26:28 System Checkpoint
30-03-2014 12:12:56 Malwarebytes Anti-Rootkit Restore Point
31-03-2014 00:08:42 Malwarebytes Anti-Rootkit Restore Point
31-03-2014 15:45:26 Malwarebytes Anti-Rootkit Restore Point
31-03-2014 22:04:23 Malwarebytes Anti-Rootkit Restore Point
01-04-2014 05:22:24 Malwarebytes Anti-Rootkit Restore Point
01-04-2014 17:52:50 Malwarebytes Anti-Rootkit Restore Point
02-04-2014 03:08:34 Malwarebytes Anti-Rootkit Restore Point
05-04-2014 20:37:03 ComboFix created restore point
05-04-2014 21:59:44 Software Distribution Service 3.0
07-04-2014 16:32:12 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 05:00 - 2014-04-07 11:40 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Update {2A9EB505-CA98-4B9A-B77F-F777335D9DF2}.job => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510Core.job => C:\Documents and Settings\kakdh\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1864253520-1647712531-16515117-1510UA.job => C:\Documents and Settings\kakdh\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2006-02-01 11:24 - 2006-11-01 20:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2006-02-01 11:24 - 2006-11-01 20:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2008-12-20 07:50 - 2008-12-20 07:50 - 02656528 _____ () C:\Program Files\Logitech\QuickCam\Quickcam.exe
2008-12-20 07:46 - 2008-12-20 07:46 - 00558864 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 11:40:24 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/07/2014 10:08:30 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (04/07/2014 10:08:30 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/07/2014 09:38:23 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/07/2014 09:15:28 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (04/07/2014 09:15:27 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/05/2014 11:45:46 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/05/2014 11:45:28 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (04/05/2014 11:45:28 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/05/2014 03:28:14 PM) (Source: Google Update) (User: ASURITE)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80


System errors:
=============
Error: (04/07/2014 11:53:33 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (04/07/2014 10:53:32 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 60 minutes.
NtpClient has no source of accurate time.

Error: (04/07/2014 10:23:32 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (04/07/2014 10:08:32 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (04/07/2014 10:08:32 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (04/07/2014 10:08:30 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain ASURITE due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (04/07/2014 10:00:31 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (04/07/2014 09:59:47 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/07/2014 09:46:41 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/07/2014 09:46:40 AM) (Source: Service Control Manager) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/07/2014 11:40:24 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (04/07/2014 10:08:30 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (04/07/2014 10:08:30 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (04/07/2014 09:38:23 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (04/07/2014 09:15:28 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (04/07/2014 09:15:27 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (04/05/2014 11:45:46 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (04/05/2014 11:45:28 PM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (04/05/2014 11:45:28 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (04/05/2014 03:28:14 PM) (Source: Google Update)(User: ASURITE)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 1023.21 MB
Available physical RAM: 534.11 MB
Total Pagefile: 2463.63 MB
Available Pagefile: 2144.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.88 GB) (Free:15.29 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (TOM 8GB) (Removable) (Total:7.47 GB) (Free:3.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: 18000000)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================< End of report >

 

< Begin FRST Shortcut.txt log >

Users shortcut scan result (x86) Version: 13-03-2014  01
Ran by kakdh at 2014-04-07 12:04:00
Running from C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\adminais\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\adminais\Desktop\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Documents and Settings\adminais\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\adminais\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer\Web Publishing Wizard.lnk -> C:\Program Files\Web Publish\WPWIZ.EXE (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\SendTo\Web Publishing Wizard.lnk -> C:\Program Files\Web Publish\WPWIZ.EXE (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Cisco AnyConnect VPN Client.lnk -> C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Juno.lnk -> C:\Program Files\Juno\bin\juno.exe (Juno Online Services, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk -> C:\WINDOWS\system32\wupdmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk -> C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk -> C:\Program Files\Audacity\audacity.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk -> C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk -> C:\Program Files\Windows Media Connect 2\WMCCFG.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk -> C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\moviemk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2013\TurboTax 2013.lnk -> C:\WINDOWS\Installer\{2A4EEB5C-3BA6-4299-A87F-783861B567D9}\TurboTax.exe (Intuit)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Transparent Language, Inc\Byki 4\Byki 4 Express.lnk -> C:\Program Files\Transparent\Byki 4\Express\BYKI4Express.exe (Transparent Language)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Transparent Language, Inc\Byki 4\Byki 4 Help.lnk -> C:\Program Files\Transparent\Byki 4\Express\langs\English\BYKI4.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Transparent Language, Inc\Byki 4\Byki 4 Manual.lnk -> C:\Program Files\Transparent\Byki 4\Express\langs\English\BYKI4Manual.rtf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop\Free Software Trial.lnk -> C:\Program Files\Broderbund\The Print Shop\Unlock\autorun.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop\Install Broderbund PDF Creator.lnk -> C:\Program Files\Broderbund\The Print Shop\PDFCreator\PDFInstaller.exe (Broderbund Properties LLC)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop\Register Your Software.lnk -> C:\Program Files\Broderbund\The Print Shop\Ereg\EReg32.exe (Broderbund LLC)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop\The Print Shop 15.lnk -> C:\Program Files\Broderbund\The Print Shop\ps.exe (Broderbund Properties LLC)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop\Extras\Install Media Manager.lnk -> C:\Program Files\Broderbund\The Print Shop\MediaManager\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop\Documents\Broderbund License Agreement.lnk -> C:\Program Files\Broderbund\The Print Shop\License.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\The Print Shop\Documents\Read Me.lnk -> C:\Program Files\Broderbund\The Print Shop\Readme.htm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Sybase\Dsedit Utility.lnk -> C:\sybase1251\OCS-12_5\bin\dsedit.exe (Sybase, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Sybase\Ocscfg Utility.lnk -> C:\sybase1251\OCS-12_5\bin\ocscfg.exe (Sybase, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SSH Secure Shell\License Agreement.lnk -> C:\Program Files\SSH Communications Security\SSH Secure Shell\license.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SSH Secure Shell\Secure Shell Client.lnk -> C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe (SSH Communications Security Corp)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\unins000.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Contraptions\Check for product updates.lnk -> C:\Program Files\Sierra On-Line\SIGSPat.exe (Havas Interactive)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Contraptions\Contraptions Help.lnk -> D:\Files\Contraptions.hlp (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Contraptions\Contraptions ReadMe.lnk -> C:\Sierra\Contraptions\readme.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Contraptions\Contraptions.lnk -> C:\Sierra\Contraptions\Contraptions.exe (Dynamix, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 2.0\OmniPage SE.lnk -> C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\_17B2407FE16E_4666_99A0_2FFCA0A8D3BA.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\WINDOWS\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\WINDOWS\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\WINDOWS\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 6\Import Old Data.lnk -> C:\Program Files\NewSoft\Presto! PageManager 6\Convert.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 6\Presto! PageManager 6.03 Help.lnk -> C:\Program Files\NewSoft\Presto! PageManager 6\Prestopm.hlp ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 6\Presto! PageManager 6.03 User's Manual.lnk -> C:\Program Files\NewSoft\Presto! PageManager 6\Prestopm.pdf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 6\Presto! PageManager 6.03.lnk -> C:\Program Files\NewSoft\Presto! PageManager 6\prestopm.exe (NewSoft Technology Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 6\Readme.lnk -> C:\Program Files\NewSoft\Presto! PageManager 6\readme.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console\OverDrive Media Console.lnk -> C:\WINDOWS\Installer\{D07205E7-F6D3-4333-AFCC-782A07685B72}\_5af141bb.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk -> C:\Program Files\Oracle\VirtualBox\License_en_US.rtf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox\User manual (English).lnk -> C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox\VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003 (2).lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Project 2003.lnk -> C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Visio 2003.lnk -> C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\Logitech QuickCam\Logitech QuickCam.lnk -> C:\WINDOWS\Installer\{937B232D-9776-471E-92BD-D424E514EF14}\QuickCamStartMenuS_65895B9BA1A04BCBAB7BF5673B44A0E4.exe (Acresso Software Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Kerio\Personal Firewall 4\Configuration Conversion Tool.lnk -> C:\Program Files\Kerio\Personal Firewall 4\cfgconv.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Kerio\Personal Firewall 4\Help (Czech).lnk -> C:\Program Files\Kerio\Personal Firewall 4\kpf4-cz.chm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Kerio\Personal Firewall 4\Help (English).lnk -> C:\Program Files\Kerio\Personal Firewall 4\kpf4-en.chm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Kerio\Personal Firewall 4\Help (German).lnk -> C:\Program Files\Kerio\Personal Firewall 4\kpf4-de.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Kerio\Personal Firewall 4\Remote Administration.lnk -> C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Juno\Juno Backup Wizard.lnk -> C:\Program Files\Juno\bin\JunoSave.exe (Juno Online Services, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Juno\Juno Help.lnk -> C:\Program Files\Juno\lib\JUNO.HLP ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Juno\Juno System Information.lnk -> C:\Program Files\Juno\bin\junoinfo.exe (Juno Online Services, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Juno\Juno.lnk -> C:\Program Files\Juno\bin\juno.exe (Juno Online Services, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\HostExplorer\3270.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\HostExplorer\5250 Data Transfer Wizard.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\HostExplorer\5250.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\HostExplorer\VT.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Exceed Connection Manager.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Exceed.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Xconfig.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Xsession.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Xstart.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Xweb Wizard.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Exceed Tools\HWM.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Exceed Tools\Transport Monitor.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Exceed Tools\Xconfig Console.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Exceed Tools\Xsession Console.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Administrative Tools\HostExplorer Management Console.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Administrative Tools\Hummingbird Update.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Administrative Tools\Language Chooser.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Accessories\Directory Services Explorer.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Accessories\Directory Services Properties.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Accessories\Hummingbird Basic.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Accessories\Quick Script Editor.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Google Video\Google Video Player.lnk -> C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Google Video\Uninstall Google Video Player.lnk -> C:\Program Files\Google\Google Video Player\Uninstall.exe (Google)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Freecell.lnk -> C:\WINDOWS\system32\freecell.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Hearts.lnk -> C:\WINDOWS\system32\mshearts.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk -> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk -> C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk -> C:\WINDOWS\system32\winmine.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Pinball.lnk -> C:\Program Files\Windows NT\Pinball\pinball.exe (Cinematronics)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire.lnk -> C:\WINDOWS\system32\sol.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\WINDOWS\system32\spider.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\FamilySearch\FamilySearch Indexing Uninstaller.lnk -> C:\Program Files\FamilySearch Indexing\indexing.familysearch.org\uninstall.exe (FamilySearch)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\FamilySearch\FamilySearch Indexing.lnk -> C:\Program Files\FamilySearch Indexing\indexing.familysearch.org\indexing.exe (FamilySearch)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Software\Event Manager.lnk -> C:\Program Files\EPSON Software\Event Manager\EProjManager.exe (SEIKO EPSON CORPORATION)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\Epson XP-410 User's Guide\Epson XP-410 User's Guide Uninstaller.lnk -> C:\Program Files\EPSON\guide\xp-410_el\unins000.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan Settings.lnk -> C:\WINDOWS\twain_32\escndv\escfg.exe (SEIKO EPSON CORP.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk -> C:\WINDOWS\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless\Dell Wireless WLAN Card Readme.lnk -> C:\Program Files\Dell\Dell Wireless WLAN Card\Readme.rtf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Cisco\Cisco AnyConnect VPN Client\Cisco AnyConnect VPN Client.lnk -> C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Celebrations and Holidays\Compupic Browser.lnk -> D:\CPIC\AGDS16.EXE (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Celebrations and Holidays\Electronic Registration.lnk -> D:\SETUPDIR\EREG\EREG32.EXE (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Celebrations and Holidays\Read Me.lnk -> D:\README.TXT (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Celebrations and Holidays\Setup.lnk -> D:\SETUPDIR\CA_SETUP.EXE (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint Readme.lnk -> C:\Program Files\Canon\Easy-PhotoPrint\Readme.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint.lnk -> C:\Program Files\Canon\Easy-PhotoPrint\BJEZPRN.EXE (CANON INC.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA MP780,750 Manual\MP780,750 Photo Application Guide.lnk -> C:\WINDOWS\MP780,750\English\Windows\Photo\Top.htm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA MP780,750 Manual\MP780,750 Software Guide.lnk -> C:\WINDOWS\MP780,750\English\Windows\Soft\TOP.htm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA MP780,750 Manual\MP780,750 User's Guide.lnk -> C:\WINDOWS\MP780,750\English\Windows\Driver\TOP.htm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA MP780,750 Manual\Uninstall.lnk -> C:\WINDOWS\MP780,750\uninstall.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon\ScanGear Starter\ScanGear Starter.lnk -> C:\WINDOWS\twain_32\CNQSG\SGST.exe (CANON INC.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon\MP Navigator 1.0\MP Navigator 1.0.lnk -> C:\Program Files\Canon\MP Navigator 1.0\mpn.exe (CANON INC.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon\MP Navigator 1.0\MP Navigator Readme.lnk -> C:\Program Files\Canon\MP Navigator 1.0\readme.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon\MP Drivers 6.0\MP Readme.lnk -> C:\CanonMP\MP750780\Readme.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Aqua Data Studio\Aqua Data Studio 4.5.lnk -> C:\Program Files\Aqua Data Studio 4.5\datastudio.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\Com\comexp.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\system32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk -> C:\WINDOWS\system32\calc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\WINDOWS\system32\ntbackup.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk -> C:\WINDOWS\system32\dfrg.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk -> C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\system32\Restore\rstrui.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk -> C:\WINDOWS\system32\sndrec32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk -> C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk -> C:\Program Files\Windows NT\hypertrm.exe (Hilgraeve, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk -> C:\WINDOWS\system32\accwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk -> C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Documents and Settings\All Users\Desktop\Byki 4 Express.lnk -> C:\Program Files\Transparent\Byki 4\Express\BYKI4Express.exe (Transparent Language)
Shortcut: C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk -> C:\Program Files\Canon\Easy-PhotoPrint\BJEZPRN.EXE (CANON INC.)
Shortcut: C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk -> C:\WINDOWS\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\Documents and Settings\All Users\Desktop\FamilySearch Indexing.lnk -> C:\Program Files\FamilySearch Indexing\indexing.familysearch.org\indexing.exe (FamilySearch)
Shortcut: C:\Documents and Settings\All Users\Desktop\Juno.lnk -> C:\Program Files\Juno\bin\juno.exe (Juno Online Services, Inc.)
Shortcut: C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Documents and Settings\All Users\Desktop\MP Navigator 1.0.lnk -> C:\Program Files\Canon\MP Navigator 1.0\mpn.exe (CANON INC.)
Shortcut: C:\Documents and Settings\All Users\Desktop\MP780,750 Photo Application Guide.lnk -> C:\WINDOWS\MP780,750\English\Windows\Photo\Top.htm ()
Shortcut: C:\Documents and Settings\All Users\Desktop\MP780,750 Software Guide.lnk -> C:\WINDOWS\MP780,750\English\Windows\Soft\TOP.htm ()
Shortcut: C:\Documents and Settings\All Users\Desktop\MP780,750 User's Guide.lnk -> C:\WINDOWS\MP780,750\English\Windows\Driver\TOP.htm ()
Shortcut: C:\Documents and Settings\All Users\Desktop\OmniPage SE User's Guide.lnk -> C:\Program Files\Canon\MP Drivers\OmniPage\OmniPage.pdf ()
Shortcut: C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation)
Shortcut: C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk -> C:\WINDOWS\Installer\{D07205E7-F6D3-4333-AFCC-782A07685B72}\_26e91eb.exe ()
Shortcut: C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)
Shortcut: C:\Documents and Settings\All Users\Desktop\Skype.lnk -> C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ()
Shortcut: C:\Documents and Settings\All Users\Desktop\The Print Shop 15.lnk -> C:\Program Files\Broderbund\The Print Shop\ps.exe (Broderbund Properties LLC)
Shortcut: C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk -> C:\WINDOWS\Installer\{2A4EEB5C-3BA6-4299-A87F-783861B567D9}\TurboTax.exe (Intuit)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Codec Detective.lnk -> C:\Program Files\XP Codec Pack\sherlock\sherlock2.exe ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Media Player Classic.lnk -> C:\Program Files\XP Codec Pack\mpc\mplayerc.exe (Gabest)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Readme.lnk -> C:\Program Files\XP Codec Pack\Readme.txt ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Uninstall.lnk -> C:\Program Files\XP Codec Pack\Uninstall.exe ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Licenses\APE.lnk -> C:\Program Files\XP Codec Pack\licenses\ape.txt ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Licenses\GNU.lnk -> C:\Program Files\XP Codec Pack\licenses\GNU.txt ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Licenses\MPC.lnk -> C:\Program Files\XP Codec Pack\licenses\rmpcdf.txt ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Configs\AC3 Filter.lnk -> C:\Program Files\XP Codec Pack\filters\ac3config.exe ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Configs\Real 9-10.lnk -> C:\Program Files\XP Codec Pack\real\HFE.exe ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\WinDirStat\Help (ENG).lnk -> C:\Program Files\WinDirStat\windirstat.chm ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\WinDirStat\Uninstall WinDirStat.lnk -> C:\Program Files\WinDirStat\Uninstall.exe (WDS Team)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\WinDirStat\WinDirStat.lnk -> C:\Program Files\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Transparent Language, Inc\Byki 4\Byki 4 Express.lnk -> C:\Documents and Settings\kakdh\Application Data\Transparent\Byki 4\Express\BYKI4Express.exe (Transparent Language)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Transparent Language, Inc\Byki 4\Byki 4 Help.lnk -> C:\Documents and Settings\kakdh\Application Data\Transparent\Byki 4\Express\langs\English\Eng_BYKI4.chm ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Transparent Language, Inc\Byki 4\Byki 4 Manual.lnk -> C:\Documents and Settings\kakdh\Application Data\Transparent\Byki 4\Express\langs\English\Eng_BYKI4Manual.rtf ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\TALL\Spanish Tall 4.0\TALL 4 Tutorial.lnk -> C:\Program Files\TALL\Spanish Tall 4.0\TALL 4 Tutorial - Personal Edition.html ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\TALL\Spanish Tall 4.0\TALL 4.0 Spanish.lnk -> C:\Program Files\TALL\Spanish Tall 4.0\InstructionEngine.bat ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\TALL\French Tall 4.0\TALL 4 Tutorial.lnk -> C:\Program Files\TALL\French Tall 4.0\TALL 4 Tutorial - Personal Edition.html ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\TALL\French Tall 4.0\TALL 4.0 French.lnk -> C:\Program Files\TALL\French Tall 4.0\InstructionEngine.bat ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Startup\HotSync Manager.LNK -> C:\Program Files\Handspring\HOTSYNC.EXE (Palm, Inc.)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Internet Explorer\Web Publishing Wizard.lnk -> C:\Program Files\Web Publish\WPWIZ.EXE (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\Expense Report.lnk -> C:\Program Files\Handspring\Expreprt.exe (Palm, Inc.)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\HotSync Manager.lnk -> C:\Program Files\Handspring\HOTSYNC.EXE (Palm, Inc.)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\Install Tool.lnk -> C:\Program Files\Handspring\Instapp.exe (Palm, Inc.)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\Outlook Conduit Install.lnk -> C:\Program Files\Handspring\Outlook Conduits\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\Palm Desktop.lnk -> C:\Program Files\Handspring\palm.exe (Palm, Inc.)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\Support at Handspring, Inc..lnk -> C:\Program Files\Handspring\Utilities\Handspring Customer Support.url ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\USB Utility.lnk -> C:\Program Files\Handspring\Utilities\HandspringUSBRegClean.exe ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\User Guide.lnk -> C:\Program Files\Handspring\User Guide.pdf ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Game Maker 8\Changes.lnk -> C:\Program Files\Game_Maker8\gm_changes.html ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Game Maker 8\Game Maker Help.lnk -> C:\Program Files\Game_Maker8\Game_Maker.chm ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Game Maker 8\Game Maker.lnk -> C:\Program Files\Game_Maker8\Game_Maker.exe (YoYo Games Ltd)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Game Maker 8\License.lnk -> C:\Program Files\Game_Maker8\gm_license.html ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Game Maker 8\Readme.lnk -> C:\Program Files\Game_Maker8\gm_readme.html ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Game Maker 8\UnInstall.lnk -> C:\Program Files\Game_Maker8\Uninstal.exe ()
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Windows Explorer (2).lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\SendTo\Web Publishing Wizard.lnk -> C:\Program Files\Web Publish\WPWIZ.EXE (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\kakdh\My Documents\My Pictures\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\kakdh\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\kakdh\My Documents\kdoc\Family History\Kato Histories - Work in Progress\Shortcut to Journal - 2013.doc.lnk -> C:\Documents and Settings\kakdh\My Documents\kdoc\Family History\Kato Histories - Work in Progress\Journal - 2013.doc ()
Shortcut: C:\Documents and Settings\kakdh\My Documents\kdoc\Church\Shortcut to Genesiz - Jenèz.doc.lnk -> C:\Documents and Settings\kakdh\My Documents\kdoc\Church\Genesiz - Jenèz.doc (No File)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Audacity (2).lnk -> C:\Program Files\Audacity\audacity.exe ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Byki 4 Express.lnk -> C:\Documents and Settings\kakdh\Application Data\Transparent\Byki 4\Express\BYKI4Express.exe (Transparent Language)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Calculator.lnk -> C:\WINDOWS\system32\calc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Game Maker.lnk -> C:\Program Files\Game_Maker8\Game_Maker.exe (YoYo Games Ltd)
Shortcut: C:\Documents and Settings\kakdh\Desktop\HISTOIRES DU  LIVRE DE MORMON.lnk -> C:\Documents and Settings\kakdh\My Documents\kdoc\French\2010-12-book-of-mormon-stories-fra.pdf ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Media Player Classic.lnk -> C:\Program Files\XP Codec Pack\mpc\mplayerc.exe (Gabest)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Documents and Settings\kakdh\Desktop\My Documents.lnk -> C:\Documents and Settings\kakdh\My Documents ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Paf5.lnk -> C:\Program Files\FamilySearch\Paf5\paf5.exe (The Church of Jesus Christ of Latter-day Saints)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Palm Desktop.lnk -> C:\Program Files\Handspring\palm.exe (Palm, Inc.)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Power Tab Editor 1.7.lnk -> C:\Documents and Settings\kakdh\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe (No File)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Shortcut to HCED_2nd_prnting.pdf.lnk -> C:\Documents and Settings\kakdh\My Documents\kdoc\Kreyol\HCED_2nd_prnting.pdf ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Shortcut to Journal - 2013.doc.lnk -> C:\Documents and Settings\kakdh\My Documents\kdoc\Family History\Kato Histories - Work in Progress\Journal - 2013.doc ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Shortcut to ti_koze_kreyol.pdf.lnk -> C:\Documents and Settings\kakdh\My Documents\kdoc\Kreyol\ti_koze_kreyol.pdf ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\TALL 4 Tutorial.lnk -> C:\Program Files\TALL\Spanish Tall 4.0\TALL 4 Tutorial - Personal Edition.html ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\TALL 4.0 French.lnk -> C:\Program Files\TALL\French Tall 4.0\InstructionEngine.bat ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\TALL 4.0 Spanish.lnk -> C:\Program Files\TALL\Spanish Tall 4.0\InstructionEngine.bat ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\WinDirStat.lnk -> C:\Program Files\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\Adobe Reader 8.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (No File)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\Aqua Data Studio 4.5.lnk -> C:\Program Files\Aqua Data Studio 4.5\datastudio.exe ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\Audacity.lnk -> C:\Program Files\Audacity\audacity.exe ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\Google Video Player.lnk -> C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\GospeLink 2001.lnk -> C:\Program Files\GospeLink 2001\GL2001.exe (No File)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\OmniPage SE User's Guide.lnk -> C:\Program Files\Canon\MP Drivers\OmniPage\OmniPage.pdf ()
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\Picasa 3.lnk -> C:\Program Files\Google\Picasa3\Picasa3.exe (No File)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\Presto! PageManager 6.03.lnk -> C:\Program Files\NewSoft\Presto! PageManager 6\prestopm.exe (NewSoft Technology Corporation)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)
Shortcut: C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
Shortcut: C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer (3).lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Internet Explorer\Web Publishing Wizard.lnk -> C:\Program Files\Web Publish\WPWIZ.EXE (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\SendTo\Web Publishing Wizard.lnk -> C:\Program Files\Web Publish\WPWIZ.EXE (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\lesliec\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\lesliec\Desktop\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Documents and Settings\lesliec\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\lesliec\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)


ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Contraptions\Sierra Web Site.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  hxxp://www.sierra.com
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Contraptions\WON.net Web Site.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  hxxp://www.won.net


ShortcutWithArgument: C:\Documents and Settings\adminais\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\adminais\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\adminais\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\WINDOWS\system32\muweb.dll,LaunchMUSite
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk -> C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -n
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk -> C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -f
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> appwiz.cpl,,3
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\SSH Secure Shell\Secure File Transfer Client.lnk -> C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe (SSH Communications Security Corp) -> /f
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Contraptions\Register Contraptions.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\SIERRA~1\ereg.dll,_StandAloneEreg@16 C:\Sierra\CONTRA~1\sierra.inf
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Contraptions\Uninstall Contraptions.lnk -> C:\WINDOWS\IsUninst.exe (InstallShield Software Corporation) -> -fC:\Sierra\Contraptions\Uninst.isu
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 2.0\Scanner Wizard.lnk -> C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\_17B2407FE16E_4666_99A0_2FFCA0A8D3BA.exe () -> /w /a [OmniPage SE 2.0] /l [eng]
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /i {B67BAFBA-4C9F-48FA-9496-933E3B255044} /qf
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 6\Uninstall.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}\SETUP.EXE" -l0x9 anything
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse\Connect Mouse for Bluetooth.lnk -> C:\WINDOWS\Installer\{00F93853-D9D3-4795-A89E-84CCBA0205C9}\Help.ico () -> Mouse bluetoothwizard
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse\Microsoft Mouse.lnk -> C:\WINDOWS\Installer\{00F93853-D9D3-4795-A89E-84CCBA0205C9}\Mouse.ico () -> mouse cpl
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse\Mouse Healthy Computing Guide.lnk -> C:\WINDOWS\Installer\{00F93853-D9D3-4795-A89E-84CCBA0205C9}\HCG.ico () -> mouse hcg
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse\Mouse Help.lnk -> C:\WINDOWS\Installer\{00F93853-D9D3-4795-A89E-84CCBA0205C9}\UserGuide.ico () -> mouse help
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse\Quality Settings.lnk -> C:\WINDOWS\Installer\{00F93853-D9D3-4795-A89E-84CCBA0205C9}\IPITP.ico () -> /DISPLAY_TYPE SETTING /PRODUCT_TYPE IP
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Kerio\Personal Firewall 4\Firewall Engine.lnk -> C:\WINDOWS\system32\net.exe (Microsoft Corporation) -> start KPF4
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Hummingbird FTP.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.) -> ::{DB8DC413-C0AA-11D0-9545-080009B1C2F3}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\User Files.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.) -> %RU
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Exceed XDMCP Broadcast.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.) -> /m broadcast
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\Exceed XDMCP Query.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.) -> /m query
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\Exceed\X Client Wizard.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.) -> /w
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /x {4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E} FEEDBACK=1
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Software\EPSON Software Updater.lnk -> C:\Program Files\EPSON Software\Download Navigator\EPSDNAVI.EXE (SEIKO EPSON CORPORATION) -> /ST
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\EPSON XP-410 Series\Buy Ink.lnk -> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNLAE.EXE (SEIKO EPSON CORPORATION) -> /T "MENU" /D "EPSON XP-410 Series" /M "XP-410 Series" /A
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\EPSON XP-410 Series\EPSON Printer Software Uninstall.lnk -> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FINSLAE.EXE (SEIKO EPSON CORPORATION) -> /R /APD /P:"EPSON XP-410 Series"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\EPSON XP-410 Series\Online Support.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FGEPLAE.DLL,GE_OpenELINK "XP-410 Series"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\EPSON XP-410 Series\Software Update.lnk -> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUCLAE.EXE (SEIKO EPSON CORPORATION) -> /RUN /D "EPSON XP-410 Series"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless\Dell Wireless WLAN Card Utility.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,,Control_RunDLL C:\WINDOWS\system32\bcmwlcpl.CPL
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Celebrations and Holidays\Uninstall Celebrations.lnk -> C:\WINDOWS\uninst.exe (InstallShield Corporation, Inc.) -> -fC:\WINDOWS\DeIsL1.isu
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint Uninstall.lnk -> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe (CANON INC.) -> C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Canon\ScanGear Starter\Uninstall ScanGear Starter.lnk -> C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\Setup.exe (InstallShield Software Corporation) -> anything
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Canon\MP Navigator 1.0\MP Navigator Uninstall.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109AB81D-9732-40B3-9C1F-113A86CE6F93}\setup.exe"  /SUUninstall
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk -> C:\WINDOWS\system32\secpol.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk -> C:\WINDOWS\system32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk -> C:\WINDOWS\system32\services.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk -> C:\WINDOWS\system32\wiaacmgr.exe (Microsoft Corporation) -> -SelectDevice
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> hnetwiz.dll,HomeNetWizardRunDll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> netshell.dll,StartNCW
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Configs\DirectVobSub.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> vsfilter.dll,DirectVobSub
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Configs\FFDShow Audio Decoder.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> ffdshow.ax,configureAudio
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Configs\FFDShow VFW Configuration.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> ff_vfw.dll,,configureVFW
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\XP Codec Pack 2.5.1\Configs\FFDShow Video Decoder.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> ffdshow.ax,configure
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\TALL\Spanish Tall 4.0\Uninstall Spanish Tall 4.0.lnk -> C:\WINDOWS\Spanish Tall 4.0\uninstall.exe () -> "/U:C:\Program Files\TALL\Spanish Tall 4.0\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\TALL\French Tall 4.0\Uninstall French Tall 4.0.lnk -> C:\WINDOWS\French Tall 4.0\uninstall.exe () -> "/U:C:\Program Files\TALL\French Tall 4.0\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\Handspring\Uninstall.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" Uninstall
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\FamilySearch\FamilySearch Indexing (www.familysearchindexing.org).lnk -> C:\WINDOWS\system32\javaws.exe (Sun Microsystems, Inc.) -> "C:\Documents and Settings\kakdh\Application Data\Sun\Java\Deployment\cache\6.0\17\11f71e11-1ecdb454"
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\FamilySearch\Uninstall FamilySearch Indexing.lnk -> C:\WINDOWS\system32\javaws.exe (Sun Microsystems, Inc.) -> -localfile "C:\Documents and Settings\kakdh\Application Data\Sun\Java\Deployment\cache\6.0\8\422a07c8-4a5066a0"
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\Canon\MP Drivers 6.0\Uninstall Drivers.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FF3DD04-F386-46B0-97FC-B86238B65487}\Setup.exe" -l0x9 -Uninstall
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Documents and Settings\kakdh\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\kakdh\SendTo\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Documents and Settings\kakdh\Desktop\Unused Desktop Shortcuts\Hummingbird Connectivity 10.lnk -> C:\WINDOWS\Installer\{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}\humicon10.exe (Hummingbird Ltd.) -> C:\Documents and Settings\All Users\Start Menu\Programs\Hummingbird Connectivity 10\
ShortcutWithArgument: C:\Documents and Settings\kakdh\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\lesliec\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\lesliec\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\lesliec\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start


InternetURL: C:\Documents and Settings\adminais\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\adminais\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\adminais\Favorites\Links\Customize Links.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks
InternetURL: C:\Documents and Settings\adminais\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Documents and Settings\adminais\Favorites\Links\Windows Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=30857&clcid=0x409
InternetURL: C:\Documents and Settings\adminais\Favorites\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia
InternetURL: C:\Documents and Settings\adminais\Favorites\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows
InternetURL: C:\Documents and Settings\Administrator\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks
InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Windows Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=30857&clcid=0x409
InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia
InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\EPSON Connect.url -> hxxp://www.epson.com/connect
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\EPSON\Epson XP-410 User's Guide\Epson XP-410 User's Guide.url -> hxxp://files.support.epson.com/htmldocs/xp410_/xp410_ug/index.html
InternetURL: C:\Documents and Settings\All Users\Desktop\Broderbund.com.url -> hxxp://www.broderbund.com
InternetURL: C:\Documents and Settings\All Users\Desktop\Epson XP-410 User's Guide.url -> hxxp://files.support.epson.com/htmldocs/xp410_/xp410_ug/index.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\10 Day Weather Forecast for Mesa - weather.com.url -> hxxp://www.weather.com/weather/tenday/Mesa+AZ+USAZ0136
InternetURL: C:\Documents and Settings\kakdh\Favorites\ASU Outlook - Microsoft Outlook Web Access.url -> https://exchange.asu.edu/exchange/
InternetURL: C:\Documents and Settings\kakdh\Favorites\BEST Andrea Bocelli Song EVER! - (HQ Sound) - The Lord's Prayer (better than time to say goodbye) - YouTube.url -> hxxp://www.youtube.com/watch?v=TAFj2-u2cGQ&feature=related
InternetURL: C:\Documents and Settings\kakdh\Favorites\blackoasis.url -> hxxp://kgb-blackoasis.blogspot.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Butterfly Express.url -> hxxp://butterflyexpress.net/mm5/merchant.mvc?Screen=SFNT&Store_Code=BE
InternetURL: C:\Documents and Settings\kakdh\Favorites\Cabela's Woodland Trail Route 61 Short-Sleeve Shirt – Regular.url -> hxxp://www.cabelas.com/product/Woodland-Trail-Route-61-Short-Sleeve-Shirt-150-Regular/1157119.uts?Ntk=AllProducts&searchPath=%2Fcatalog%2Fsearch.cmd%3FN%3D0%26Ntk%3DAllProducts%26Ntt%3Dbanded%2Bshirts%26WT.z_mc_id1%3D43000000086760683%26WT.srch%3D1%26WT.tsrc%3DPPC%26WT.mc_id%3Dgoogle%7Cmec_Casual%2BShirts_General%7CUSA%26rid%3D20%26pcrid%3D14422935676&Ntt=banded+shirts&WTz_l=PPC
InternetURL: C:\Documents and Settings\kakdh\Favorites\Desert Schools  Sign In.url -> https://www.desertsc...org/signin.aspx
InternetURL: C:\Documents and Settings\kakdh\Favorites\Juno Home Page.url -> hxxp://my.juno.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Kato - Home Page.url -> hxxp://hawsedc.com/kato/HomePage
InternetURL: C:\Documents and Settings\kakdh\Favorites\LDS.org - Lessons.url -> hxxp://www.lds.org/ldsorg/v/index.jsp?vgnextoid=ff7d3f7719605010VgnVCM1000004e94610aRCRD&locale=0
InternetURL: C:\Documents and Settings\kakdh\Favorites\Microsoft Outlook Web Access.url -> https://exchange.asu.edu/exchange/
InternetURL: C:\Documents and Settings\kakdh\Favorites\SRP Irrigation scheduling for subdivision customers.url -> https://www.srpwater.com/subdiv/
InternetURL: C:\Documents and Settings\kakdh\Favorites\The Set Game Company Homepage.url -> hxxp://www.setgame.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\TurboTax Online®.url -> https://turbotax.int...loginpage=start
InternetURL: C:\Documents and Settings\kakdh\Favorites\YouTube - Time To Say Goodbye Andrea Bocelli and Sarah Brightman.flv.url -> hxxp://www.youtube.com/watch?v=QbN0g8-zbdY
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\.url -> hxxp://turf.home.mindspring.com/alt/gen/huldawho.txt
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\A gum disease, periodontitis home care alternative. Gum disease_ Periodontitis_ Avoid gum surge.url -> hxxp://www.albrite.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\abebooks.com - the world's largest source of out-of-print books!.url -> hxxp://abebooks.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\alt.sport.racquetball Newsgroup FAQ's.url -> hxxp://www.racquetballkevin.com/faq.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\An Analysis of Out-Of-Wedlock Births in the United States.url -> hxxp://www.brook.edu/comm/PolicyBriefs/pb005/pb5.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Animated ASL Dictionary.url -> hxxp://www.bconnex.net/~randys/index1.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\ASU Interactive Login.url -> https://www-sec.asu....ntsite/auth.cgi
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\ASURITE Activation &amp; Service Management.url -> https://author1.asu....jects/APSelfSub
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Barron at Qwest.url -> hxxp://www.users.qwest.net/~bbarron6587/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Bay Laurel Nursery Bareroot Catalog - Apples.url -> hxxp://www.baylaurelnursery.com/Catalog/fruit_trees/apples.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Best Practices.url -> hxxp://www.asu.edu/it/ag/unug/bestpractices/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Classical Archives © 2001 Classical Archives, LLC.url -> hxxp://www.classicalarchives.com/midi.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Colon Cleansing, Colonic Irrigation Equipment and Products.url -> hxxp://www.appliedozone.com/udetox.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Colonic irrigation equipment.  Colenema boards.               Helping People Succeed.url -> hxxp://www.hps-online.com/item4.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\dfree.rvx.net.url -> hxxp://dfree.rvx.net/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\DPDx - Parasites and Health.url -> hxxp://www.dpd.cdc.gov/dpdx/HTML/Para_Health.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Dr. Hulda Clark's Bowel Program.url -> hxxp://www.quantum-world.co.uk/clarkpages/bowel.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Earth Dream _The Cure for All Cancers_.url -> hxxp://www.earthdream.com/curecanc.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\ECmerchant 2000.url -> hxxp://www.ecware.com/ECscripts/ECware.exe/dcp?id=088&sku=SQ4%2DDH&type=A1QH1&lc=EN
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Elizabeth's Home Page.url -> hxxp://home.sprintmail.com/~hawstom/ebeth/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Flagstaff National Weather Service WWW Page.url -> hxxp://www.wrh.noaa.gov/flagstaff/oldindex.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Fool.com_ Finance and Folly -- Main Page.url -> hxxp://www.fool.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Google Groups.url -> hxxp://groups.google.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Google Search_.url -> hxxp://www.google.com/search
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Hickeys Music Center - Electronic Tuner.url -> hxxp://www.hickeys.com/pages/tuner.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Home Horticulture in Maricopa County.url -> hxxp://www.ag.arizona.edu/maricopa/garden/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Hydrofloss the _Ultimate Water Pik_.url -> hxxp://www.breathtreatmentonline.com/waterpik.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\International Piano Supply On-Line Catalog.url -> hxxp://www.pianoparts.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\International Piano Supply.url -> hxxp://www.pianosupply.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Interview With God.url -> hxxp://www.interviewwithgod.net/popup.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Living and Raw Foods_ The largest community on the internet for living and raw food information.url -> hxxp://www.living-foods.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Lycos Roadmaps.url -> hxxp://maps.lycos.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Mancala Page.url -> hxxp://yes-frameset.nrr.co.uk/mancala/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\MapQuest _ Road Trip Planner.url -> hxxp://www.mapquest.com/cgi-bin/mqrtp?link=rtp/rtp-template&event=home
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Merriam-Webster OnLine.url -> hxxp://www.m-w.com/dictionary.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Microsoft Servers - Database Availability Resources - SQL Server 7.0 - Microsoft BackOffice.url -> hxxp://www.microsoft.com/sql/techinfo/availability.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Microsoft Servers - Microsoft SQL Server Home - Microsoft Servers.url -> hxxp://www.microsoft.com/sql/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Modern Manna - Dr. Lorraine Day's Video Series.url -> hxxp://www.modernmanna.org/bookshelf/drday.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\mssqlserver.com_ The ONLY place for MS SQL Server information.url -> hxxp://www.mssqlserver.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Musician's Friend Korg OT-12M Tuner (210511) 1.800.776.5173.url -> hxxp://www.musiciansfriend.com/ex/shop/home/0?pid=210511&rsrc=00631
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Musician's Friend World's Largest Online Music Gear Company 1.800.776.5173.url -> hxxp://www.musiciansfriend.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\MySybase - Your Personalized Portal to Sybase Inc..url -> hxxp://my.sybase.com/mysybase
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\NASW Online Home Page.url -> hxxp://www.naswdc.org/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Netmarket _ Save Time. Save Money. Save Your Sanity..url -> hxxp://www.netmarket.com/SHP/scripts/Search.asp?SID=950356FCCF1011D548da75b733fc5bf0
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Netscape People Finder.url -> hxxp://home.netscape.com/netcenter/whitepages.html?cp=ntserch
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Online Games.url -> hxxp://www.alaska.net/~spdskatr/games.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Park Seed_ The Best Flowers &amp; Vegetables.url -> hxxp://www.parkseed.com/webapp/commerce/command/ExecMacro/psStoreHome.d2w/report?merchant_rn=541
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\PayPal.url -> hxxp://paypal.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\PIANO PARTS CATALOGUE- Piano Parts Catalogue.url -> hxxp://www.balaams-[bleep].com/piano/catalog.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Piano Tuning Meters.url -> hxxp://www.balaams-[bleep].com/piano/meterprt.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Plastic Lumber &amp; Fencing.url -> hxxp://www.aeo1.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Population Resource Center.url -> hxxp://www.prcdc.org/summaries/family/family.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Portland Music Company.url -> hxxp://www.portlandmusiccompany.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Product Differences &amp; Hulda Clark, Bob Beck info.url -> hxxp://www.toolsforhealing.com/products/Product_differences.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\PublishersPipeline.com - Where the World Buys Everything!.url -> hxxp://www.publisherspipeline.com/item/D91L.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Racquetball Around Arizona.url -> hxxp://www.srsports.com/tips/timefor.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Raised Garden Flower Beds made from Recycled Plastic.url -> hxxp://www.rrpm.com/raised.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Read Reviews and Compare Prices on Teledyne Water Pik Family Oral Irrigator WP-30 at Epinions.c.url -> hxxp://www.epinions.com/well-Personal-Electric_Toothbrushes-All-Teledyne_Water_Pik_Family_Oral_Irrigator_(Model_WP-30)
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\RealPlayer Home Page.url -> hxxp://www.real.com
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Robert Beck + Royal Rife, frequency generators, blood electrification devices.url -> hxxp://www.ioa.com/~dragonfly/index.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Rules of MANCALA.url -> hxxp://www.centralconnector.com/GAMES/mancala.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Sensonic Plus Plaque Control System, Water Pik, water-pik, Teledyne, electric tooth brush.url -> hxxp://www.enexus.com/dentalmart/catalog14.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Sonne's Seven Day Cleansing Program Instructions.url -> hxxp://www.sonnes.com/cleansingproginstructions.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\SQL Server 11.0.x Product Interoperability and Platform Compatibility Matrix.url -> hxxp://techinfo.sybase.com/css/techinfo.nsf/DocID/ID%3D20017
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Sybase Inc - ASE for Linux.url -> hxxp://my.sybase.com/linux/ase/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Sybase Inc - Education.url -> hxxp://www.sybase.com/education
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Sybase Inc - Product Manuals.url -> hxxp://www.sybase.com/support/manuals
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Sybase Technical Documents.url -> hxxp://techinfo.sybase.com/css/techinfo.nsf/Home
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\TerraServer Homepage.url -> hxxp://terraserver.microsoft.com/default.asp
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Tetris - Alaska Racquetball.url -> hxxp://www.alaska.net/~spdskatr/tetris.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\The Alphabet.url -> hxxp://www.where.com/scott.net/asl/abc.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\The Colema Board Home Colonic and Enema Hydrotherapy System.url -> hxxp://store.awwwsome.com/awwwsome/colhomcoland.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\The Woman Suffrage Movement_ Home page.url -> hxxp://www.nara.gov/education/teaching/woman/home.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Three Days of Training with Dr. Hulda Clark.url -> hxxp://www.road-to-health.com/threed.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Time Service Department.url -> hxxp://tycho.usno.navy.mil/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Tom Haws Home Page.url -> hxxp://home.sprintmail.com/~hawstom/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\TopoZone - The Web's Topographic Map.url -> hxxp://www.topozone.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Travelocity.com - Go Virtually Anywhere! Airline Tickets, Hotels, Cars, Vacations and Cruises..url -> hxxp://www.travelocity.com/?Service=TRAVELOCITY
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Trumpet Stuff.url -> hxxp://www.trumpetstuff.com/Home.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Tuners and Metronomes.url -> hxxp://www.portlandmusiccompany.com/metrotune.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\U.S. CONSTITUTION.url -> hxxp://www.house.gov/Constitution/Constitution.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Virginia Cooperative Extension.url -> hxxp://www.ext.vt.edu/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Walmart.com - Water Pik Family Oral Irrigator.url -> hxxp://www.walmart.com/catalog/product.gsp?cat=4710&product_id=932563&type=1&path=0:3999:4710&dept=3999
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\water pik, AllergyStore.net Superstore Electrostatic Air Conditioning Filters.url -> hxxp://www.allergystore.net/waterpik.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\weather.com - Local Weather - Mesa, AZ (85201).url -> hxxp://www.weather.com/weather/local/85201?GO=GO
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Welcome to the MEnD!!!.url -> hxxp://www.ee.byu.edu/~danielt/mend/
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\WHY HULDA CLARK IS SO DANGEROUS TO THE MEDICAL ESTABLISHMENT.url -> hxxp://www.savedrclark.org/why_hulda_clark_is_so_dangerous_.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\_Declaration of Independence_ by Thomas Jefferson.url -> hxxp://www.rjgeib.com/thoughts/jefferson/declaration-of-independence.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Personal Toolbar Folder\Instant Message.url -> file:///C|/Program Files/Netscape/Users/kato_haws/launch.aim
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Personal Toolbar Folder\Internet.url -> hxxp://guide.netscape.com/?t
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Personal Toolbar Folder\RealPlayer.url -> hxxp://www.real.com
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Personal Toolbar Folder\New&Cool\What's Cool.url -> hxxp://guide.netscape.com/guide/whats_cool.html?t
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Personal Toolbar Folder\New&Cool\What's New.url -> hxxp://guide.netscape.com/guide/whats_new.html?t
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Personal Toolbar Folder\Lookup\People.url -> hxxp://guide.netscape.com/guide/people.html?t
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Personal Toolbar Folder\Lookup\Yellow Pages.url -> hxxp://guide.netscape.com/guide/yellow_pages.html?t
InternetURL: C:\Documents and Settings\kakdh\Favorites\zz-Imported bookmarks\Media\Real.com Radio Tuner.url -> hxxp://realguide.real.com/stations/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Wiki\Main Page - Wikipedia, the free encyclopedia.url -> hxxp://en.wikipedia.org/wiki/Main_Page
InternetURL: C:\Documents and Settings\kakdh\Favorites\Wiki\Portada - Wikipedia en español.url -> hxxp://es.wikipedia.org/wiki/Portada
InternetURL: C:\Documents and Settings\kakdh\Favorites\Weeds\ACIS Weed Photos - page1.url -> hxxp://ag.arizona.edu/crop/images/database/weeds/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Weeds\All (in this database) Plants list (with English common names).url -> hxxp://www.funet.fi/pub/sci/bio/life/warp/plants-English-index-h.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Web Etiquette\Beginners and Internet Help Information by snowhawk.url -> hxxp://www.snowhawk.com/newbie.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Weather\Streamflow Conditions in Arizona.url -> hxxp://www.thetent.com/thetent/aogcr/az/azsf_index.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Tom\cPanel X.url -> hxxp://constructionnotesmanager.com:2082/frontend/jaguarpc/index.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Tom\Spirit balm radio created by tom.haws - Pandora Internet Radio.url -> hxxp://pandora.com/stations/d4e39de476ee6c610c86c2cf435e6699c29045a5cf801fa8
InternetURL: C:\Documents and Settings\kakdh\Favorites\Tech Books\Safari Tech Books Online.url -> hxxp://safari.oreilly.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Sybase\Sybase Inc - Support.url -> hxxp://www.sybase.com/support
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\BackpackingLight.com Forums -- Make Your Own Gear » has anyone tried this wood burning stove.url -> hxxp://www.backpackinglight.com/cgi-bin/backpackinglight/forums/thread_display.html?forum_thread_id=10020&startat=40
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\BackpackingLight.com Forums -- Make Your Own Gear » Homemade Downdraft Gassifier Wood Buring Stove.url -> hxxp://www.backpackinglight.com/cgi-bin/backpackinglight/xdpy/forum_thread/3297/index.html?skip_to_post=24193
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\BackpackingLight.com Forums -- Make Your Own Gear » wood stove.url -> hxxp://www.backpackinglight.com/cgi-bin/backpackinglight/forums/thread_display.html?forum_thread_id=6402
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\Garlington YACC Stove.url -> hxxp://www.garlington.biz/Ray/YACCS/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\hobo stove - Around the Campfire.url -> hxxp://hikinghq.net/forum/showthread.php?t=1817
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\how to make a rocket stove.url -> hxxp://video.google.com/videoplay?docid=797446823830833401
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\http--www.garlington.biz-Ray-WoodGasStove-FlameSequence.jpg.url -> hxxp://www.garlington.biz/Ray/WoodGasStove/FlameSequence.jpg
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\http--www.repp.org-discussiongroups-resources-stoves-midge-THE_COMPLETE_MIDGE.pdf.url -> hxxp://www.repp.org/discussiongroups/resources/stoves/midge/THE_COMPLETE_MIDGE.pdf
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\In the Wake Cooking (from Tools for Gridcrash).url -> hxxp://www.inthewake.org/b1cooking.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\J. Falk's Compact Wood Burning Stove.url -> hxxp://site283.webhost4life.com/afmservices/trailgear/compactstove/falk-compact-stove.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\Penny Wood Ultralight Backpacking Stove.url -> hxxp://www.csun.edu/~mjurey/pennywood.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\Skills and information to prepare for life after peak oil.url -> hxxp://aftershock.heirloomseedsource.com/midge.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\Wood Gas MIDGE stove improvements.url -> hxxp://wood-gas.blogspot.com/2008/05/midge-stove-improvements.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\Wood Gas.url -> hxxp://wood-gas.blogspot.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Stoves\Zen Backpacking Stoves - Homemade-DIY Stove Links.url -> hxxp://zenstoves.net/LinksGeneral-DIY.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Spanish\- Diccionario Ingles-Español WordReference.com.url -> hxxp://www.wordreference.com/es/en/translation.asp
InternetURL: C:\Documents and Settings\kakdh\Favorites\Spanish\AltaVista's Babel Fish Translation Service.url -> hxxp://babelfish.altavista.com/babelfish/tr
InternetURL: C:\Documents and Settings\kakdh\Favorites\Spanish\Diccionario Dominicano  Dominicanismos by Colonial Tour and Travel.url -> hxxp://www.colonialtours.com.do/diccionario.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Spanish\FreeTranslation.com - Your Free Translation.url -> hxxp://ets.freetranslation.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Spanish\LanguageGuide Foreign Language Vocabulary, Grammar, and Readings.url -> hxxp://www.languageguide.org/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Spanish\Real Academia Española.url -> hxxp://www.rae.es/RAE/Noticias.nsf/Home?ReadForm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Spanish\Vocabulary Training.url -> hxxp://www.vokabel.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\Are You Using the Same Strategy as the Elite Runners.url -> hxxp://www.howtobefit.com/elite-runners.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\Athlinks.com - Race Results and Social Network for Endurance Athletes..url -> hxxp://www.athlinks.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\Brooks Running – Shoe Advisor – Find the Best Running Shoes for You.url -> hxxp://www.brooksrunning.com/Help/Shoe+Advisor/?gclid=CJWumomevJgCFRFWagodpH60bA
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\Kids Running - Stretching at the Runner's World Half Marathon.url -> hxxp://www.kidsrunning.com/ask/krask0506stretchrwlb.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\Live Long Fitness What Does Chi Running Look Like.url -> hxxp://www.livelongcrossfit.com/home/2008/06/what-does-chi-r.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\North Amercian Racewalking Foundation - Track Calculator.url -> hxxp://www.philsport.com/narf/atrack.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\Running Calculatr.url -> hxxp://www.angelfire.com/oh5/jmetz/runningcalculator.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\Running Shoes.url -> hxxp://www.posetech.com/runningshoes/archives.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\The secret of Tabata this 14-minute workout may be the best you've ever had!  Men's Fitness  Find Articles at BNET.url -> hxxp://findarticles.com/p/articles/mi_m1608/is_5_20/ai_n6011850
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\Welcome to the  Arizona Running Events Company.url -> hxxp://www.arizonarunningeventsco.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\YOUR SKILL VS TECHNOLOGY WHY NEWTON SHOES DO NOT WORK FOR POSE RUNNING.url -> hxxp://www.posetech.com/training/archives/000674.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\YouTube - ChiRunning-Cooperating with the Forces of Nature.url -> hxxp://www.youtube.com/watch?v=YA0Yd4NLKlo&NR=1
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\YouTube - feetrunners championship.url -> hxxp://www.youtube.com/watch?v=1HRV5Ki7aJ8
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\YouTube - Run Mechanics.url -> hxxp://www.youtube.com/watch?v=w2APJmxz11s&feature=related
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\YouTube - Run Right with Newton Running.url -> hxxp://www.youtube.com/watch?v=1fBh2qH4QbM&NR=1
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\YouTube - Shoes.url -> hxxp://www.youtube.com/watch?v=5abVgYJn-9g&NR=1
InternetURL: C:\Documents and Settings\kakdh\Favorites\Running\YouTube - Tarahumara Pillars of the World.url -> hxxp://www.youtube.com/watch?v=C2WUalNdT30
InternetURL: C:\Documents and Settings\kakdh\Favorites\Retirment\Arizona State Retirement System  Home.url -> hxxp://www.asrs.state.az.us/web/index.do
InternetURL: C:\Documents and Settings\kakdh\Favorites\Retirment\Arizona State Retirement System  Retirement Benefit Estimator Member Information.url -> https://secure.azasr...timatorEntry.do
InternetURL: C:\Documents and Settings\kakdh\Favorites\Races\. Trote 5K Santo Domingo . . Convocatoria ..url -> hxxp://www.deportivosantodomingo.com/convocatoria.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Races\Atleta de 15 años ganó corrida de Santo Domingo.url -> hxxp://www.lidersanantonio.cl/prontus4_nots/site/artic/20090125/pags/20090125000810.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Purchasing - cars, etc\New car prices, used car pricing, auto reviews by Edmunds car buying guide.url -> hxxp://www.edmunds.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Mysql\MySQL 5.0 Reference Manual  15.10.11 How to Cope with Deadlocks.url -> hxxp://dev.mysql.com/doc/refman/5.0/en/innodb-deadlocks.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Mysql\MySQL 5.0 Reference Manual  A.2.6 Too many connections.url -> hxxp://dev.mysql.com/doc/refman/5.0/en/too-many-connections.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Mysql\MySQL 5.0 Reference Manual.url -> hxxp://dev.mysql.com/doc/refman/5.0/en/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Mysql\MySQL Manual.url -> hxxp://dev.mysql.com/doc/mysql/en/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Mysql\MySQL Reference Manual for version 3.23.16-alpha. - Table of Contents.url -> hxxp://www.sdc.iup.edu/documentation/mySQL/manual_toc.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Music\Beautiful Music 102.1FM KAHM.url -> hxxp://www.kahm.info/kahm.php
InternetURL: C:\Documents and Settings\kakdh\Favorites\Music\Download Multiple Church Music Files - LDS Church Music.url -> hxxp://www.lds.org/cm/display/0,17631,7572-1,00.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\Arizona Game and Fish Department azgfd.com.url -> hxxp://www.azgfd.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\Fire Progression Map Page.url -> hxxp://www.fireteam-sw.com/whitney/willow/maps/fire_progression_1_MMDDYY.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\Free typing tutor online with free typing lessons..url -> hxxp://www.powertyping.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\HawsEDC--Making AutoCAD Work for You.url -> hxxp://hawsedc.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\HOAXBUSTERS Home Page.url -> hxxp://hoaxbusters.ciac.org/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\Self-Hypnosis Induction Method.url -> hxxp://www.bcx.net/hypnosis/induct.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\Welcome to Care For Life.url -> hxxp://www.careforlife.org/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Miscellaneous\YouTube - survival tools to make fire.url -> hxxp://www.youtube.com/watch?v=-H2VyYJ_8fw&NR=1
InternetURL: C:\Documents and Settings\kakdh\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Documents and Settings\kakdh\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Documents and Settings\kakdh\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151
InternetURL: C:\Documents and Settings\kakdh\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Documents and Settings\kakdh\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Documents and Settings\kakdh\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Documents and Settings\kakdh\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Bloomberg.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=Bloomberg&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Capitol Records.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=Capitol&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\CBS.URL -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=CBS&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\CNBC Dow Jones Business Video.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=CNBC&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\CNET Today - Technology News.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=CNET&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\CNN Videoselect.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=CNN&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\DISNEY.URL -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=Disney&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\ESPN Sports.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=ESPN&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Fox News.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=FoxNews&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Fox Sports.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=FoxSports&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Hollywood Online.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=Hollywood&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Internet Radio Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&ar=Media&sba=RadioGuide&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\MSNBC.URL -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=MSNBC&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\MUSICVIDEOS.COM.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=MusicVideos&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\NBC VideoSeeker.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=NBC&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Real.com Radio Tuner.url -> hxxp://realguide.real.com/stations/
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\TV Guide Entertainment Network.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=TVGuide&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Universal Studios Online.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=UniversalStudios&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Warner Bros. Hip Clips.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=Windows&sbp=MediaPlayer&ar=Favorite&sba=WarnerBros&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\What's On Now.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ntserver&sbp=netshow&ar=NetShow&sba=Events&pver=3.0
InternetURL: C:\Documents and Settings\kakdh\Favorites\MEDIA\Windows Media Showcase.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&ar=Media&sba=Guide&pver=6.2
InternetURL: C:\Documents and Settings\kakdh\Favorites\Maps\HikeArizona.COM.url -> hxxp://www.hikearizona.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Maps\TopoZone - The Web's Topographic Map, and more!.url -> hxxp://www.topozone.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Links\Suggested Sites.url -> https://ieonline.mic...ft.com/#ieslice
InternetURL: C:\Documents and Settings\kakdh\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Documents and Settings\kakdh\Favorites\LDS FS\AdvancedMD Medical Billing, Scheduling & EMR Software - Login Area.url -> hxxp://advancedmd.com/client/login.asp
InternetURL: C:\Documents and Settings\kakdh\Favorites\LDS FS\Blue Step Login In.url -> https://www.mesahq.bluestep.net/
InternetURL: C:\Documents and Settings\kakdh\Favorites\LDS FS\Church Directory of Organizations and Leaders - Sign In.url -> https://col.ldschurch.org/signin.asp
InternetURL: C:\Documents and Settings\kakdh\Favorites\LDS FS\ldsmail.net login.url -> hxxp://www.ldsmail.net/
InternetURL: C:\Documents and Settings\kakdh\Favorites\HTML & Web Design\color explanation.url -> hxxp://www.htmlgoodies.com/tutors/colorexp.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\HTML & Web Design\Complete HTML True Color Chart; Table of color codes for html documents.url -> hxxp://www.immigration-usa.com/html_colors.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\HTML & Web Design\Core JavaScript Reference 1.5.url -> hxxp://devedge.netscape.com/library/manuals/2000/javascript/1.5/reference/ix.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\HTML & Web Design\So You Want A Basic Color Code, Huh.url -> hxxp://www.htmlgoodies.com/tutors/colors.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\HTML & Web Design\W3C HTML Home Page.url -> hxxp://www.w3.org/MarkUp/
InternetURL: C:\Documents and Settings\kakdh\Favorites\HTML & Web Design\Gardening\Tomato Growers Supply Company Tomato seeds, Pepper seeds, Eggplant seeds.  More than 500 varieties. Hybrid tomato seeds, Heirl.url -> hxxp://www.tomatogrowers.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\House\http--156.42.40.50-UnOfficialDocs-pdf-19930369292.pdf.url -> hxxp://156.42.40.50/UnOfficialDocs/pdf/19930369292.pdf
InternetURL: C:\Documents and Settings\kakdh\Favorites\House\http--156.42.40.50-UnOfficialDocs-pdf-19940397756.pdf.url -> hxxp://156.42.40.50/UnOfficialDocs/pdf/19940397756.pdf
InternetURL: C:\Documents and Settings\kakdh\Favorites\House\Maricopa County Recorder.url -> hxxp://recorder.maricopa.gov/recdocdata/GetRecDataPgDn.aspx?&rec=0&rec2=0&rec3=0&suf=&nm=Haws%20Kato&bdt=01/01/1947&edt=3/8/2009&cde=&set=250
InternetURL: C:\Documents and Settings\kakdh\Favorites\Health\3 Sure-fire Ways to Reduce Pain and Speed Healing.url -> hxxp://www.buzzle.com/articles/3-sure-fire-ways-to-reduce-pain-and-speed-healing.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Health\Better Ideal Weight Body Calculations.url -> hxxp://www.halls.md/ideal-weight/body.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Health\DoctorYourself.com - Lower Cholesterol, Triglycerides, Blood Sugar.url -> hxxp://www.doctoryourself.com/nibbling.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Health\[bleep] Curvature Resource Center - Cause.url -> hxxp://www.herballove.com/library/resource/curvature/cause.asp
InternetURL: C:\Documents and Settings\kakdh\Favorites\Health\Top 10 Cholesterol Lowering Foods.url -> hxxp://www.healthbolt.net/2007/05/29/top-10-cholesterol-lowering-foods/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Health\Varicose veins during pregnancy - BabyCenter.url -> hxxp://www.babycenter.com/0_varicose-veins-during-pregnancy_271.bc
InternetURL: C:\Documents and Settings\kakdh\Favorites\Health\Wheat, Barley and other Grass Juice - Healing People & Pets.url -> hxxp://www.shirleys-wellness-cafe.com/greens.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Health\Short Leg Syndrome\Short Leg Syndrome Part Two  massagetoday.com.url -> hxxp://www.massagetoday.com/mpacms/mt/article.php?id=13710
InternetURL: C:\Documents and Settings\kakdh\Favorites\Genealogy & Family History\David Moses Haws Pedigree Tree - PhpGedView.url -> hxxp://hawsedc.com/phpGedView/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Genealogy & Family History\K D Haws and R M Cooper Family Tree - PhpGedView.url -> hxxp://www.hawsedc.com/phpGedView/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Genealogy & Family History\Kato Devar Haws Documented Ancestry (Deceased Individuals).url -> hxxp://home.sprintmail.com/~hawstom/kdhaws/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Games\Math.com Chess - Play Chess against the Computer.url -> hxxp://chess.math.com/index.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Games\Play Chess Against the Computer - Chess.com.url -> hxxp://www.chess.com/play/computer.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Games\Somegames.net - Flash - Easy Chess.url -> hxxp://www.somegames.net/flashgames/EasyChess.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Games\Web Sudoku - Billions of Free Sudoku Puzzles to Play Online.url -> hxxp://www.websudoku.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\French Audio Dictionary - French Terms Starting With A.url -> hxxp://french.about.com/library/pronunciation/bl-audiodico-a.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\French videos.url -> hxxp://www.ashcombe.surrey.sch.uk/Curriculum/modlang/french/index_fr_video.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\French-English Translation.url -> hxxp://www.french-linguistics.co.uk/translate/
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\health - English-French Dictionary WordReference.com.url -> hxxp://www.wordreference.com/enfr/health
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\http--www.acapela-group.com-text-to-speech-interactive-demo.html.url -> hxxp://www.acapela-group.com/text-to-speech-interactive-demo.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\International Keyboards and Fonts.url -> hxxp://www.usna.edu/LangStudy/international_keyboards.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\La Bible en français - French and English online Bible with MP3 Audio.url -> hxxp://www.wordproject.org/fr/index.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\Langauge Guide French Readings.url -> hxxp://www.languageguide.org/francais/lectures/
InternetURL: C:\Documents and Settings\kakdh\Favorites\French\LanguageGuide Foreign Language Vocabulary, Grammar, and Readings.url -> hxxp://www.languageguide.org/
InternetURL: C:\Documents and Settings\kakdh\Favorites\FBF\Fire-by-Friction with Damp Materials.url -> hxxp://www.primitiveways.com/fire_damp_materials.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\FBF\Friction fire woods and successful wood combinations.url -> hxxp://www.primitiveways.com/Fire%20Making%20Materials.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\FBF\Friction Materials Various Techniques - REWILD.info Field Guide.url -> hxxp://www.rewild.info/fieldguide/index.php?title=Friction_Materials:_Various_Techniques
InternetURL: C:\Documents and Settings\kakdh\Favorites\FBF\Wildwood Survival - Bow Drill - Advanced Bow-Drill.url -> hxxp://wildwoodsurvival.com/survival/fire/bowdrill/pmoc/advancedbowdrill.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Dominican\Ciguatera - Wikipedia, the free encyclopedia.url -> hxxp://en.wikipedia.org/wiki/Ciguatera
InternetURL: C:\Documents and Settings\kakdh\Favorites\Dominican\Diccionario Dominicano  Dominicanismos by Colonial Tour and Travel.url -> hxxp://www.colonialtours.com.do/diccionario.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Dominican\República Dominicana.url -> hxxp://guiarepublicadominicana.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Body Detox Diet.url -> hxxp://www.healthrecipes.com/body_detox.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Cancer - Enzyme Therapy.url -> hxxp://www.herbtime.com/InformationPages/CancerEnzymeTherapy.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\DoctorYourself.com - Lower Cholesterol, Triglycerides, Blood Sugar.url -> hxxp://www.doctoryourself.com/nibbling.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Dr. Stanley Bass - How to live on an all-raw vegetarian diet healthfully.url -> hxxp://www.drbass.com/rawdiet.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Dr. Stanley S. Bass In search of the ultimate vegetarian diet.url -> hxxp://www.angelfire.com/ny2/bass/mice.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Holistic Health Clinics and Retreats resources.url -> hxxp://www.shirleys-wellness-cafe.com/clinics.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\http--members.fortunecity.com-elijah_web-ehtn003.htm.url -> hxxp://members.fortunecity.com/elijah_web/ehtn003.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\http--www.soilandhealth.org-02-0201hyglibcat-020149imp.on.pritikin-020149imp.on.pritikin.pdf.url -> hxxp://www.soilandhealth.org/02/0201hyglibcat/020149imp.on.pritikin/020149imp.on.pritikin.pdf
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Hunza - The Truth, Myths and Lies About the Health and Diet of the Long-Lived People of Hunza, Pakistan, Hunza Bread and Pie.url -> hxxp://www.biblelife.org/hunza.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Interview of Aajonus Vonderplanitz by Charles Donham and Bob Avery (Natural Health M2M Coordinator).url -> hxxp://www.karlloren.com/Diabetes/p77.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Natural Health Gurus Ate Animal Foods.url -> hxxp://chetday.com/healthgurus.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Preventive Medicine Is honey dangerous for diabetes patients.url -> hxxp://preventordoctor.blogspot.com/2008/12/is-honey-dangerous-for-diabetes.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Questions and Answers with Stephen Arlin.url -> hxxp://www.rawfood.com/interviewsa2.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Raw Food Recipes.url -> hxxp://vegweb.com/food/raw/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Roots, tubers, plantains and bananas in human nutrition - Toxic substances and antinutritional factors.url -> hxxp://www.fao.org/docrep/t0207e/T0207E08.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Ruth Heidrich's Articles.url -> hxxp://www.ruthheidrich.com/Box3.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Sports Nutrition Guidelines for the Vegetarian -- The Vegetarian Resource Group.url -> hxxp://www.vrg.org/nutshell/athletes.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Sproutman Publications.url -> hxxp://www.sproutman.com/sprouts.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Staying a Healthy Vegan (Vegan Outreach).url -> hxxp://www.veganoutreach.org/health/stayinghealthy.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\The Complete Book of Raw Food UK -- Detox Your World.url -> hxxp://www.detoxyourworld.com/products/educational/tcborf/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Turnips - LocalHarvest.url -> hxxp://www.localharvest.org/turnips.jsp
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Vegetarians in Paradise-Vegan Recipes-Gourmet Vegetarian Recipes Index.url -> hxxp://www.vegparadise.com/recipeindex.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\VegSource Article.url -> hxxp://www.vegsource.com/articles2/media_nelson1.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Diet\Whitaker Wellness.url -> hxxp://www.whitakerwellness.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Dell\Dell Auction.url -> hxxp://www.dellauction.com
InternetURL: C:\Documents and Settings\kakdh\Favorites\Dell\Dell.url -> hxxp://www.dell.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Dell\Dellnet.url -> hxxp://www.dellnet.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Dell\Gigabuys.url -> hxxp://www.gigabuys.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Dell\Support.Dell.com.url -> hxxp://support.dell.com
InternetURL: C:\Documents and Settings\kakdh\Favorites\Counseling & MSW\assertiveness training - psychological self-help.url -> hxxp://mentalhelp.net/psyhelp/chap13/chap13e.htm
InternetURL: C:\Documents and Settings\kakdh\Favorites\Counseling & MSW\Conociendo la depresión.url -> hxxp://www.angelfire.com/pe/actualidadpsi/depresion.html
InternetURL: C:\Documents and Settings\kakdh\Favorites\Counseling & MSW\DR ROCK's DOMAIN.url -> hxxp://www.dr-rock.com/
InternetURL: C:\Documents and Settings\kakdh\Favorites\Counseling & MSW\Excerpt from Betrayal Trauma The Logic of Forgetting Childhood Abuse.url -> hxxp://movingforward.org/mfv4n1jjf.shtml
InternetURL: C:\Documents and Settings\kakdh\Favorites\Counseling & MSW\http--www.extension.harvard.edu-2003-04-syllabi-20213-psyce2488.pdf.url -> hxxp://www.extension.harvard.edu/2003-04/syllabi/20213/psyce2488.pdf
InternetURL: C:\Documents and Settings\kakdh\Favorites\Counseling & MSW\Reauthoring.url -> hxxp://redsquirrel.com/reauthor.html
InternetURL: C:\Documents and Settings\lesliec\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\lesliec\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\lesliec\Favorites\Links\Customize Links.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks
InternetURL: C:\Documents and Settings\lesliec\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Documents and Settings\lesliec\Favorites\Links\Windows Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=30857&clcid=0x409
InternetURL: C:\Documents and Settings\lesliec\Favorites\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia
InternetURL: C:\Documents and Settings\lesliec\Favorites\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows

==================== End of log =============================

< End of report >

 

< Begin FSS.txt log >

Farbar Service Scanner Version: 25-02-2014
Ran by kakdh (administrator) on 07-04-2014 at 12:13:40
Running from "C:\Documents and Settings\kakdh\Desktop\Tom's Malware Fix"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) VBoxNetFlt(11)
0x0A0000000500000001000000020000000300000004000000080000000600000007000000090000000B000000
IpSec Tag value is correct.

**** End of log ****

< End of report >


Edited by hawstom, 07 April 2014 - 12:22 PM.

  • 0

#8
Valinorum
Posted 07 April 2014 - 01:04 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
We have finished first phase. Please await my next instruction.
  • 0

#9
hawstom
Posted 07 April 2014 - 01:14 PM

hawstom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

OK.  I will be here, and I have enabled email notifications, so take as long as you need.


  • 0

#10
Valinorum
Posted 07 April 2014 - 08:40 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi hawstom, :)

I am imploring that the tools I suggest is to be put in your Desktop an not any of the folders such as you are doing. Note that, everything I ask, I ask for a reason. We do not want an unwanted occurrence while fixing your PC. Copy both ComboFix and FRST.exe to your Desktop (c:\documents and settings\kakdh\Desktop\).
  • Step #4 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
SearchScopes: HKLM - DefaultScope value is missing.
FF DefaultSearchEngine: AOL Search
S4 0195291294167578mcinstcleanup; C:\DOCUME~1\kakdh\LOCALS~1\Temp\019529~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
C:\DOCUME~1\kakdh\LOCALS~1\Temp\019529~1.EXE
C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-03-11] (AVG Technologies)
C:\WINDOWS\system32\drivers\avgtpx86.sys
C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #5 Scan with Malwarebytes' Anti-Malware
    Un-install your current version of Malwarebytes' Anti-Malware. << Do not disregard this step.
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
    • Please go here then click on: EOLS1.gif.pagespeed.ce.drf6rgtaCz.gif

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:EOLS2.gif.pagespeed.ce.lNUTYf4hmK.gif
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:EOLS3.gif.pagespeed.ce.KadG-KgShM.gif
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    When The Scan is Complete:
    • If No Threats Were Found:
      • Put a checkmark in "Uninstall application on close"
      • Close the program
      • Report to me that nothing was found
    • If Threats Were Found:
      • Click on "list of threats found"
      • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
      • Click on Back
      • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
      • Click on Finish
      • Close the program
      • Copy and paste the report here
  •  

    You do no have an anti-virus in your system. Please download/purchase an anti-virus for your system to keep you protected. If you are looking for free anti-virus, I'd recommend avast!.

     
    • Required Log(s):
      • FRST Fix Log;
      • MBAM Log;
      • ESET Scan Log
    Regards,
    Valinorum

  • 0

Advertisements

#11
Essexboy
Posted 13 April 2014 - 04:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
hawstom
Posted 13 April 2014 - 07:47 PM

hawstom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks so much.  I will stay with you as long as this takes. 

 

The MBAM instructions need to be updated.  "View Detailed Log" is no longer available.

 

I had to run MBAM more than once, and all logs are below.  I have now installed McAfee Security Suite.

 

< Begin FRST Fix log >

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by kakdh at 2014-04-13 07:14:36 Run:1
Running from C:\Documents and Settings\kakdh\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM - DefaultScope value is missing.
FF DefaultSearchEngine: AOL Search
S4 0195291294167578mcinstcleanup; C:\DOCUME~1\kakdh\LOCALS~1\Temp\019529~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
C:\DOCUME~1\kakdh\LOCALS~1\Temp\019529~1.EXE
C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-03-11] (AVG Technologies)
C:\WINDOWS\system32\drivers\avgtpx86.sys
C:\Documents and Settings\kakdh\Local Settings\Application
Data\qdvoehob
C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj
End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
Firefox DefaultSearchEngine deleted successfully.
0195291294167578mcinstcleanup => Service deleted successfully.
"C:\DOCUME~1\kakdh\LOCALS~1\Temp\019529~1.EXE" => File/Directory not found.
C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini => Moved successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\WINDOWS\system32\drivers\avgtpx86.sys => Moved successfully.
"C:\Documents and Settings\kakdh\Local Settings\Application" => File/Directory not found.
C:\Documents and Settings\kakdh\Local Settings\Application Data\cbspcbvj => Moved successfully.

==== End of Fixlog ====

 

< End of report >

 

< Begin MBAM 1 log >

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/13/2014
Scan Time: 10:28:45 AM
Logfile: mbam-log-2014-04-13 (08-59-07).txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.13.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: kakdh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318775
Time Elapsed: 1 hr, 28 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Spy.Zbot, C:\WINDOWS\system32\elluucse.exe, Quarantined, [f40cf50bd7297f813a5ecb7f25df04fc],

Physical Sectors: 0
(No malicious items detected)

(end)

 

< End of report >

 

< Begin MBAM 2 log >

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/13/2014
Scan Time: 10:28:45 AM
Logfile: mbam-log-2014-04-13 (11-03-01).txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.13.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: kakdh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318775
Time Elapsed: 1 hr, 28 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Spy.Zbot, C:\WINDOWS\system32\elluucse.exe, Quarantined, [f40cf50bd7297f813a5ecb7f25df04fc],

Physical Sectors: 0
(No malicious items detected)

(end)

 

< End of report >

 

< Begin MBAM 3 log >

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/13/2014
Scan Time: 10:28:45 AM
Logfile: mbam-log-2014-04-13 (11-05-11).txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.13.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: kakdh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318775
Time Elapsed: 1 hr, 28 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Spy.Zbot, C:\WINDOWS\system32\elluucse.exe, Quarantined, [f40cf50bd7297f813a5ecb7f25df04fc],

Physical Sectors: 0
(No malicious items detected)

(end)

 

< End of report >

 

< Begin MBAM Protection log >

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/13/2014
Scan Time: 10:28:45 AM
Logfile: protection-log-2014-04-13.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.13.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: kakdh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318775
Time Elapsed: 1 hr, 28 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Spy.Zbot, C:\WINDOWS\system32\elluucse.exe, Quarantined, [f40cf50bd7297f813a5ecb7f25df04fc],

Physical Sectors: 0
(No malicious items detected)

(end)

 

< End of report >

 

< Begin ESET Scan log >

C:\Documents and Settings\kakdh\Application Data\Sun\Java\Deployment\cache\6.0\58\224849fa-5780cdde multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\kakdh\My Documents\Downloads\cbsidlm-cbsi183-Whats_Running-SEO-10256718.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Egpubau\ylgyadg.exe.vir a variant of Win32/Kryptik.BUVK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Hypoufby\qizyav.exe.vir a variant of Win32/Kryptik.BUVK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Iqottaf\bexyra.exe.vir a variant of Win32/Kryptik.BUVK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Lioqukov\ywacyxr.exe.vir a variant of Win32/Kryptik.BUVK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Unlifaev\xaokwe.exe.vir a variant of Win32/Kryptik.BUVK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Xaixrace\_qyipqas_.exe.zip a variant of Win32/Kryptik.BUVK trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Ydtuawu\fedyaw.exe.vir a variant of Win32/Kryptik.BUVK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Ytgyqal\ewxeah.exe.vir a variant of Win32/Kryptik.BUVK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Application Data\Zaokvuib\xehek.exe.vir a variant of Win32/Kryptik.BUVK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\dbjkvtvm.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\ecokaboc.exe.vir Win32/TrojanDownloader.Zortob.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\gfnmjasv.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\iremshnq.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\kwpbikxr.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\mppkbvon.exe.vir a variant of Win32/Kryptik.BYJZ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\muvlcrsr.exe.vir a variant of Win32/Kryptik.BYJZ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\nmcjfnuf.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\ntjgkghu.exe.vir a variant of Win32/Kryptik.BYEJ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\qqdesrpq.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\kakdh\Local Settings\Application Data\vkknekdd.exe.vir a variant of Win32/Kryptik.BYJZ trojan cleaned by deleting - quarantined
 

< End of report >


  • 0

#13
Valinorum
Posted 14 April 2014 - 07:05 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi hawstom, :)
  • Step #7 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
C:\WINDOWS\system32\elluucse.exe
C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum
  • 0

#14
hawstom
Posted 14 April 2014 - 09:13 AM

hawstom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

< Begin FRST Fix Log >

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by kakdh at 2014-04-14 07:58:42 Run:2
Running from C:\Documents and Settings\kakdh\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\WINDOWS\system32\elluucse.exe
C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob
End


*****************

"C:\WINDOWS\system32\elluucse.exe" => File/Directory not found.
C:\Documents and Settings\kakdh\Local Settings\Application Data\qdvoehob => Moved successfully.

==== End of Fixlog ====

< End of report >


  • 0

#15
Valinorum
Posted 14 April 2014 - 09:17 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
How is your system running?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP