Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirection [Solved]

Started by aznfeat , Apr 25 2009 11:21 PM

  • This topic is locked This topic is locked

#1
aznfeat
Posted 25 April 2009 - 11:21 PM

aznfeat

    Member

  • Member
  • PipPip
  • 11 posts
Whenever I click on a google search, it opens a new tab and redirects me to another site. It doesn't even open the site I'm trying to open. I am sure that this is not the only problem on my laptop. I have other problems too such as frequent freezing. Or the "blue screen of death"
Here is my Rooter log:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:76128 Mo/Free:3179 Mo)
D:\ [CD-Rom] (Total:620 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 04/25/2009|22:07

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
---------- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
---------- C:\WINDOWS\system32\DVDRAMSV.exe
---------- C:\WINDOWS\system32\E_S00RP1.EXE
---------- C:\Program Files\Windows Live\Toolbar\wltuser.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- c:\program files\mcafee.com\agent\mcdetect.exe
---------- c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
---------- c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\WINDOWS\system32\igfxtray.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
---------- C:\WINDOWS\system32\TCtrlIOHook.exe
---------- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\Program Files\Apoint2K\Apoint.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
---------- C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
---------- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
---------- C:\WINDOWS\system32\TPSMain.exe
---------- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
---------- C:\WINDOWS\system32\ZoomingHook.exe
---------- C:\Program Files\Apoint2K\Apntex.exe
---------- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
---------- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
---------- C:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\Program Files\Toshiba\Tvs\TvsTray.exe
---------- C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
---------- c:\progra~1\mcafee.com\vso\mcvsescn.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\system32\BtUsrBdg.exe
---------- C:\WINDOWS\system32\BTSetBootKey.exe
---------- C:\toshiba\ivp\ism\ivpsvmgr.exe
---------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
---------- C:\WINDOWS\system32\TPSBattM.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
---------- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
---------- C:\Program Files\PowerISO\PWRISOVM.EXE
---------- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
---------- C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
---------- C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
---------- C:\WINDOWS\system32\RAMASST.exe
---------- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
---------- c:\PROGRA~1\mcafee.com\vso\mcshield.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Oscar\Desktop\virusremover.exe
---------- C:\Documents and Settings\Oscar\Desktop\domokun.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/25/2009|22:08

----------------------\\ Scan completed at 22:08

Here is my OTLI log:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:76128 Mo/Free:3179 Mo)
D:\ [CD-Rom] (Total:620 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 04/25/2009|22:07

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
---------- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
---------- C:\WINDOWS\system32\DVDRAMSV.exe
---------- C:\WINDOWS\system32\E_S00RP1.EXE
---------- C:\Program Files\Windows Live\Toolbar\wltuser.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- c:\program files\mcafee.com\agent\mcdetect.exe
---------- c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
---------- c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\WINDOWS\system32\igfxtray.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
---------- C:\WINDOWS\system32\TCtrlIOHook.exe
---------- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\Program Files\Apoint2K\Apoint.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
---------- C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
---------- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
---------- C:\WINDOWS\system32\TPSMain.exe
---------- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
---------- C:\WINDOWS\system32\ZoomingHook.exe
---------- C:\Program Files\Apoint2K\Apntex.exe
---------- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
---------- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
---------- C:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\Program Files\Toshiba\Tvs\TvsTray.exe
---------- C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
---------- c:\progra~1\mcafee.com\vso\mcvsescn.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\system32\BtUsrBdg.exe
---------- C:\WINDOWS\system32\BTSetBootKey.exe
---------- C:\toshiba\ivp\ism\ivpsvmgr.exe
---------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
---------- C:\WINDOWS\system32\TPSBattM.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
---------- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
---------- C:\Program Files\PowerISO\PWRISOVM.EXE
---------- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
---------- C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
---------- C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
---------- C:\WINDOWS\system32\RAMASST.exe
---------- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
---------- c:\PROGRA~1\mcafee.com\vso\mcshield.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Oscar\Desktop\virusremover.exe
---------- C:\Documents and Settings\Oscar\Desktop\domokun.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/25/2009|22:08

----------------------\\ Scan completed at 22:08


Here is my OTLI extra's log:


OTListIt Extras logfile created on: 4/25/2009 10:09:11 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Oscar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 115.93 Mb Available Physical Memory | 23.07% Memory free
1.20 Gb Paging File | 0.60 Gb Available in Paging File | 49.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 3.10 Gb Free Space | 4.18% Space Free | Partition Type: NTFS
Drive D: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Oscar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 (Sonic Solutions)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine (TOSHIBA Corporation)
C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger (TOSHIBA Corporation)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Common Files\AOL\1143328800\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1143328800\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Silkroad\SilkErrSender.exe:*:Enabled:FTPSender MFC ?? ???? File not found
C:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III (Blizzard Entertainment)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine (TOSHIBA CORPORATION)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent ()
C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ ()
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil (IVT Corporation)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory (Wizet)
C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax File not found
C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager File not found
C:\Program Files\StickyNote\StickyNote.exe:*:Disabled:Architecture launch vehicle File not found
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype ()
C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 (SEIKO EPSON CORPORATION)
C:\Documents and Settings\Oscar\Starcraft\StarCraft.exe:*:Enabled:Starcraft (Blizzard Entertainment)
C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module (Sonic Solutions)
C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 (Sonic Solutions)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Documents and Settings\Janice\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player File not found
C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost File not found
C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard (Microsoft Corporation)
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 (Adobe Systems Incorporated)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player (Veoh Networks)
C:\WINDOWS\svcho.exe:*:Enabled:enable ()
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft (Blizzard Entertainment)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19339503-C7B5-4FBB-808C-847C3D1C2353}" = Hair Stylist
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6918E1F4-0988-433C-A418-CC0BF87A7A2B}" = MapleStory
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}" = URGE
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}" = MyConnect Special Offer
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C65E65-5CF2-4C16-8023-950BA678FE15}" = XTNDConnect Blue Manager 3.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Toshiba Registration and Metamail Trust Architecture
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C619B312-19F3-460A-9F7B-443248379F18}" = Opera 9.25
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E44C3DDA-99BD-4B14-80DF-FD8A9315D12B}" = TSR Installation Wizard
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6" = AIM 6
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AT&T Connection Services Software" = AT&T Connection Services Manager
"BitTorrent" = BitTorrent 5.0.7
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"Canon Camera WIA Driver PowerShot A40" = Canon PowerShot A40 WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CANONBJ_Deinstall_CNMCP4b.DLL" = Canon i850
"CdaC13Ba" = Cda Product Service - shared component
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DC++" = DC++ 0.698
"ERUNT_is1" = ERUNT 1.1j
"Fn-esse" = TOSHIBA Fn-esse
"getPlus®_dll" = getPlus®_dll
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire PRO 4.18.8
"Makeovers Trial" = Makeovers Trial
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MicrosoftWordMTWLingo" = Translation Services Provided by WorldLingo for Microsoft Word
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"ObjectDock" = ObjectDock
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PhotoRecord" = Canon PhotoRecord
"PlayFLV" = PlayFLV
"Port Magic" = Pure Networks Port Magic
"PowerISO" = PowerISO
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 2.2
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"Skype_is1" = Skype 2.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Veoh Web Player Beta" = Veoh Web Player
"VirusScan Online" = McAfee VirusScan
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2009 12:39:18 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2009 1:46:39 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11704
Description = Product: Nero 7 Demo -- Error 1704. An installation for Windows Live
Messenger is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 4/8/2009 1:51:34 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11704
Description = Product: IKEA Home Planner -- Error 1704. An installation for Windows
Live Messenger is currently suspended. You must undo the changes made by that
installation to continue. Do you want to undo those changes?

Error - 4/8/2009 4:12:08 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1704. An installation for Quicken 2007 is currently suspended. You must undo the
changes made by that installation to continue. Do you want to undo those changes?

Error - 4/10/2009 1:50:17 AM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/10/2009 1:50:17 AM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/10/2009 1:54:00 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2009 1:31:35 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3384, faulting module
unknown, version 0.0.0.0, fault address 0x0914fc5c.

Error - 4/23/2009 2:08:39 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 4/23/2009 2:08:39 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

[ System Events ]
Error - 4/23/2009 10:30:56 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 4/23/2009 10:30:57 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/26/2009 12:23:13 AM | Computer Name = TOSHIBA-USER | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {686F1733-7D3C-4AA2-B1CD-F156A876749D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/26/2009 12:23:46 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 4/26/2009 12:23:46 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/26/2009 12:33:07 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 4/26/2009 12:33:07 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/26/2009 12:42:10 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 4/26/2009 12:42:10 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/26/2009 12:43:01 AM | Computer Name = TOSHIBA-USER | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {686F1733-7D3C-4AA2-B1CD-F156A876749D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.


< End of report >
  • 0

Advertisements

#2
handhfan
Posted 05 May 2009 - 05:18 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, aznfeat, and welcome to GeeksToGo!

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Edited by handhfan, 05 May 2009 - 05:19 PM.

  • 0

#3
aznfeat
Posted 05 May 2009 - 06:17 PM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you very much for the reply ^^
Here is the log:
ComboFix 09-05-05.03 - Oscar 05/05/2009 17:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.242 [GMT -7:00]
Running from: c:\documents and settings\Oscar\Desktop\Combofix2.exe
AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\plugins\npclntax.dll
c:\windows\svcho.exe
c:\windows\syssvc.exe
c:\windows\system32\drivers\UACdldlhyfk.sys
c:\windows\system32\mcenspc.dll
c:\windows\system32\rjwksnqf.ini
c:\windows\system32\sbfwoshm.ini
c:\windows\system32\soajvkpf.ini
c:\windows\system32\tgeimbjp.ini
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twain32\user.ds.lll
c:\windows\system32\tyltuibk.ini
c:\windows\system32\UACcwrjkcgd.dll
c:\windows\system32\UACdfmylyxe.dat
c:\windows\system32\UACdmttimpp.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmccrrdby.log
c:\windows\system32\UACokbrocnm.db
c:\windows\system32\UACpxypxkfr.dll
c:\windows\system32\UACtjdhrbay.dll
c:\windows\system32\UACukympabg.dll
c:\windows\system32\UACulaxjsbr.log
c:\windows\system32\UACutkyboxy.dll
c:\windows\system32\UACvbqaqlkb.log
c:\windows\system32\xpcbejsa.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-04-26 05:01 . 2009-04-26 05:01 -------- d-----w c:\program files\ERUNT
2009-04-24 02:36 . 2009-04-24 02:38 35382 ----a-w c:\windows\scunin.dat
2009-04-24 02:36 . 2009-04-24 02:38 967 ----a-w c:\windows\ScUnin.pif
2009-04-24 02:36 . 2009-04-24 02:38 94208 ----a-w c:\windows\ScUnin.exe
2009-04-24 02:35 . 2009-04-24 02:41 -------- d-----w c:\program files\Starcraft
2009-04-23 06:11 . 2009-05-05 22:19 -------- d-----w c:\documents and settings\Oscar\Tracing
2009-04-23 06:10 . 2009-04-23 06:10 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-10 05:43 . 2009-04-10 05:43 -------- d-----w c:\documents and settings\Tom\Application Data\Move Networks
2009-04-08 06:48 . 2004-02-19 09:03 65536 ----a-w c:\windows\system32\E_S00RP1.EXE
2009-04-08 06:05 . 2009-04-08 06:05 -------- d-----w c:\documents and settings\Tom\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 05:21 . 2008-01-22 09:17 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-01 05:50 . 2005-05-23 21:28 -------- d-----w c:\program files\Notebook Maximizer
2009-04-26 17:01 . 2009-04-26 17:01 -------- d-----w c:\program files\domokun(mbam)
2009-04-26 16:44 . 2008-11-24 00:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 06:11 . 2009-04-02 02:37 -------- d-----w c:\program files\Windows Live
2009-04-08 15:56 . 2005-05-23 21:24 -------- d-----w c:\program files\Common Files\Adobe
2009-04-08 06:34 . 2005-05-23 21:30 -------- d-----w c:\program files\Quicken
2009-04-08 06:32 . 2007-11-11 22:59 90888 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 06:06 . 2007-01-12 23:14 -------- d-----w c:\program files\Common Files\Ahead
2009-04-08 05:51 . 2008-01-15 09:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 05:42 . 2006-04-21 06:41 -------- d-----w c:\program files\Lavasoft
2009-04-08 05:41 . 2005-05-23 21:48 -------- d-----w c:\program files\Common Files\aolshare
2009-04-08 05:41 . 2005-05-23 21:48 -------- d-----w c:\program files\Common Files\AOL
2009-04-06 22:32 . 2008-11-24 00:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-11-24 00:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 08:35 . 2009-04-05 08:35 -------- d-----w c:\program files\VideoLAN
2009-04-05 04:36 . 2009-04-05 04:36 -------- d-----w c:\program files\Veoh Networks
2009-04-02 02:50 . 2006-04-15 22:59 90888 ----a-w c:\documents and settings\Oscar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 02:40 . 2009-04-02 02:40 -------- d-----w c:\program files\Microsoft
2009-04-02 02:39 . 2009-04-02 02:39 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 02:32 . 2009-04-02 02:32 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-29 20:58 . 2009-03-29 20:58 -------- d-----w c:\program files\Bonjour
2009-03-29 20:57 . 2006-05-29 04:27 -------- d-----w c:\program files\QuickTime
2009-03-27 00:54 . 2009-03-27 00:54 -------- d-----w c:\program files\PowerISO
2009-03-26 20:38 . 2005-05-23 21:43 -------- d-----w c:\program files\Google
2009-03-26 05:05 . 2009-03-26 05:05 -------- d-----w c:\program files\Adobe Media Player
2009-03-26 04:59 . 2009-03-26 04:59 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-26 04:50 . 2009-03-26 04:50 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-02 07:22 . 2008-11-15 06:42 256 ----a-w c:\windows\system32\pool.bin
2009-02-07 04:10 . 2009-02-07 04:10 129024 ----a-w c:\windows\system32\gyhqky.dll
2009-02-07 04:10 . 2009-02-07 04:10 129024 ----a-w c:\windows\system32\cirnlyvv.dll
2009-02-07 01:52 . 2009-02-07 01:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 03:07 . 2009-02-06 03:07 129024 ----a-w c:\windows\system32\kpopfc.dll
2009-02-06 03:07 . 2009-02-06 03:07 129024 ----a-w c:\windows\system32\rgnyioyu.dll
2009-02-05 03:04 . 2009-02-05 03:04 129024 ----a-w c:\windows\system32\jjvzzi.dll
2009-02-05 03:04 . 2009-02-05 03:04 129024 ----a-w c:\windows\system32\mbekkvhx.dll
2006-10-22 06:09 . 2006-10-22 06:08 80 -csh--r c:\windows\system32\D83403AA31.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-03-01 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-21 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 180224]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 40960]
"IVPServiceMgr"="c:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 475136]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Auto EPSON Stylus Photo RX620 Series on LIVINGRM"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-26 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2004-05-01 28672]
"TFncKy"="TFncKy.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-04-12 88358]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-12-28 270336]
"ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-05-01 24576]
"CFSServ.exe"="CFSServ.exe" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2003-11-06 53248]
"BTSETBOOTKEY"="BTSetBootKey.exe" - c:\windows\system32\BTSetBootKey.exe [2003-04-15 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\documents and settings\Oscar\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-5-18 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-2 113664]
Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2005-5-23 329472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-24 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Documents and Settings\\Oscar\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [9/26/2006 7:10 PM 57512]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [9/26/2006 7:10 PM 15876]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [5/23/2005 2:25 PM 23296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys --> c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - c:\program files\Common Files\AOL\Launch\AOLLaunch.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
HKLM-Run-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://web-jpn.org/kidsweb/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 13);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 17:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-06 17:13
ComboFix-quarantined-files.txt 2009-05-06 00:12

Pre-Run: 1,680,904,192 bytes free
Post-Run: 2,232,786,944 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

280 --- E O F --- 2008-12-18 03:38
  • 0

#4
handhfan
Posted 05 May 2009 - 06:22 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\gyhqky.dll
c:\windows\system32\cirnlyvv.dll
c:\windows\system32\sirenacm.dll
c:\windows\system32\kpopfc.dll
c:\windows\system32\rgnyioyu.dll
c:\windows\system32\jjvzzi.dll
c:\windows\system32\mbekkvhx.dll
c:\windows\system32\D83403AA31.dll



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


Post the new ComboFix log and a new OTListIt2.txt log in your next reply.
  • 0

#5
aznfeat
Posted 05 May 2009 - 06:38 PM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the fast reply...
This is my combo fix log:

ComboFix 09-05-05.03 - Oscar 05/05/2009 17:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.88 [GMT -7:00]
Running from: c:\documents and settings\Oscar\Desktop\Combofix2.exe
Command switches used :: c:\documents and settings\Oscar\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\cirnlyvv.dll
c:\windows\system32\D83403AA31.dll
c:\windows\system32\gyhqky.dll
c:\windows\system32\jjvzzi.dll
c:\windows\system32\kpopfc.dll
c:\windows\system32\mbekkvhx.dll
c:\windows\system32\rgnyioyu.dll
c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cirnlyvv.dll
c:\windows\system32\D83403AA31.dll
c:\windows\system32\gyhqky.dll
c:\windows\system32\jjvzzi.dll
c:\windows\system32\kpopfc.dll
c:\windows\system32\mbekkvhx.dll
c:\windows\system32\rgnyioyu.dll
c:\windows\system32\sirenacm.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-04-26 05:01 . 2009-04-26 05:01 -------- d-----w c:\program files\ERUNT
2009-04-24 02:36 . 2009-04-24 02:38 35382 ----a-w c:\windows\scunin.dat
2009-04-24 02:36 . 2009-04-24 02:38 967 ----a-w c:\windows\ScUnin.pif
2009-04-24 02:36 . 2009-04-24 02:38 94208 ----a-w c:\windows\ScUnin.exe
2009-04-24 02:35 . 2009-04-24 02:41 -------- d-----w c:\program files\Starcraft
2009-04-23 06:11 . 2009-05-05 22:19 -------- d-----w c:\documents and settings\Oscar\Tracing
2009-04-23 06:10 . 2009-04-23 06:10 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-10 05:43 . 2009-04-10 05:43 -------- d-----w c:\documents and settings\Tom\Application Data\Move Networks
2009-04-08 06:48 . 2004-02-19 09:03 65536 ----a-w c:\windows\system32\E_S00RP1.EXE
2009-04-08 06:05 . 2009-04-08 06:05 -------- d-----w c:\documents and settings\Tom\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 05:21 . 2008-01-22 09:17 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-01 05:50 . 2005-05-23 21:28 -------- d-----w c:\program files\Notebook Maximizer
2009-04-26 17:01 . 2009-04-26 17:01 -------- d-----w c:\program files\domokun(mbam)
2009-04-26 16:44 . 2008-11-24 00:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 06:11 . 2009-04-02 02:37 -------- d-----w c:\program files\Windows Live
2009-04-08 15:56 . 2005-05-23 21:24 -------- d-----w c:\program files\Common Files\Adobe
2009-04-08 06:34 . 2005-05-23 21:30 -------- d-----w c:\program files\Quicken
2009-04-08 06:32 . 2007-11-11 22:59 90888 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 06:06 . 2007-01-12 23:14 -------- d-----w c:\program files\Common Files\Ahead
2009-04-08 05:51 . 2008-01-15 09:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 05:42 . 2006-04-21 06:41 -------- d-----w c:\program files\Lavasoft
2009-04-08 05:41 . 2005-05-23 21:48 -------- d-----w c:\program files\Common Files\aolshare
2009-04-08 05:41 . 2005-05-23 21:48 -------- d-----w c:\program files\Common Files\AOL
2009-04-06 22:32 . 2008-11-24 00:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-11-24 00:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 08:35 . 2009-04-05 08:35 -------- d-----w c:\program files\VideoLAN
2009-04-05 04:36 . 2009-04-05 04:36 -------- d-----w c:\program files\Veoh Networks
2009-04-02 02:50 . 2006-04-15 22:59 90888 ----a-w c:\documents and settings\Oscar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 02:40 . 2009-04-02 02:40 -------- d-----w c:\program files\Microsoft
2009-04-02 02:39 . 2009-04-02 02:39 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 02:32 . 2009-04-02 02:32 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-29 20:58 . 2009-03-29 20:58 -------- d-----w c:\program files\Bonjour
2009-03-29 20:57 . 2006-05-29 04:27 -------- d-----w c:\program files\QuickTime
2009-03-27 00:54 . 2009-03-27 00:54 -------- d-----w c:\program files\PowerISO
2009-03-26 20:38 . 2005-05-23 21:43 -------- d-----w c:\program files\Google
2009-03-26 05:05 . 2009-03-26 05:05 -------- d-----w c:\program files\Adobe Media Player
2009-03-26 04:59 . 2009-03-26 04:59 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-26 04:50 . 2009-03-26 04:50 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-02 07:22 . 2008-11-15 06:42 256 ----a-w c:\windows\system32\pool.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-03-01 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-21 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 180224]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 40960]
"IVPServiceMgr"="c:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 475136]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Auto EPSON Stylus Photo RX620 Series on LIVINGRM"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-26 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2004-05-01 28672]
"TFncKy"="TFncKy.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-04-12 88358]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-12-28 270336]
"ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-05-01 24576]
"CFSServ.exe"="CFSServ.exe" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2003-11-06 53248]
"BTSETBOOTKEY"="BTSetBootKey.exe" - c:\windows\system32\BTSetBootKey.exe [2003-04-15 36864]

c:\documents and settings\Oscar\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-5-18 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-2 113664]
Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2005-5-23 329472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-24 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Documents and Settings\\Oscar\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [9/26/2006 7:10 PM 57512]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [9/26/2006 7:10 PM 15876]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [5/23/2005 2:25 PM 23296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys --> c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://web-jpn.org/kidsweb/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 13);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 17:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-06 17:32
ComboFix-quarantined-files.txt 2009-05-06 00:31
ComboFix2.txt 2009-05-06 00:13

Pre-Run: 2,220,789,760 bytes free
Post-Run: 2,221,936,640 bytes free

247 --- E O F --- 2008-12-18 03:38

Here is my OTListIt2 log:

OTListIt logfile created on: 5/5/2009 5:35:16 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Oscar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 191.24 Mb Available Physical Memory | 38.06% Memory free
1.20 Gb Paging File | 0.92 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 2.11 Gb Free Space | 2.83% Space Free | Partition Type: NTFS
Drive D: | 321.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Oscar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (EPSON_PM_RPCV2_01 [Auto | Running]) -- C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McDetect.exe [Auto | Stopped]) -- c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
SRV - (McShield [On_Demand | Stopped]) -- c:\Program Files\McAfee.com\VSO\McShield.exe ()
SRV - (McTskshd.exe [Auto | Stopped]) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (MCVSRte [Auto | Stopped]) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe (Networks Associates Technology, Inc)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (BTCOMM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Btcomm.sys (Windigo Systems)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BTKRNBDG [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys (Windigo Systems)
DRV - (BTNetFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (ICAM5USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Icam5USB.sys (Microsoft Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (IWCA [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\iwca.sys (Intel Corporation)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (NaiFiltr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys ()
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (npkcrypt [Auto | Running]) -- C:\Nexon\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SerTVOutCtlr [System | Running]) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SrvcEKIOMngr [System | Running]) -- C:\WINDOWS\System32\Drivers\EKIoMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (SrvcSSIOMngr [System | Running]) -- C:\WINDOWS\System32\Drivers\SSIoMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (TBiosDrv [Auto | Running]) -- C:\WINDOWS\system32\drivers\TBiosDrv.sys ()
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (TPwSav [System | Running]) -- C:\WINDOWS\System32\Drivers\TPwSav.sys (TOSHIBA )
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://web-jpn.org/kidsweb/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.34

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/02 01:55:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/27 17:58:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/05 17:07:42 | 00,000,000 | ---D | M]

[2008/07/07 00:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Extensions
[2008/07/07 00:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/05 17:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions
[2009/05/02 13:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/05/02 19:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2006/03/25 15:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
[2009/04/18 11:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/04 21:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\[email protected]
[2009/05/05 17:25:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 17:58:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/05 22:28:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/28 19:22:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/22 16:02:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/18 15:11:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/02 01:56:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/24 18:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/27 17:58:18 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 17:58:18 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/28 21:44:52 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/28 21:44:52 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/28 21:44:52 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/28 21:44:52 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/28 21:44:53 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/28 21:44:53 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/28 21:44:53 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/28 21:44:53 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (1195 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 128.95.198.85 uwcps_rainiers.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.87 uwcps_libr_ps.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.88 uwcps-art-sci.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.86 uwcps-dept-ps.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.85 uwcps_rainiers
O1 - Hosts: 128.95.198.87 uwcps_libr_ps
O1 - Hosts: 128.95.198.88 uwcps-art-sci
O1 - Hosts: 128.95.198.86 uwcps-dept-ps
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX620 Series on LIVINGRM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P48 "Auto EPSON Stylus Photo RX620 Series on LIVINGRM" /O19 "\\LIVINGRM\EPSONSty" /M "Stylus Photo RX620" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [BTSETBOOTKEY] BTSetBootKey.exe ()
O4 - HKLM..\Run: [BTUSRBDG] BtUsrBdg.exe (Extended Systems, Inc.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe (Ingenuiti)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [ZoomingHook] ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll (Metamail Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/05 17:00:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/05 16:59:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/05 16:59:52 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/05 16:57:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/05 16:57:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/05 16:57:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/05 16:57:21 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/05 16:57:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/05 16:57:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/05 16:57:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/05 16:57:21 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/05 16:51:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/05 16:50:51 | 03,012,988 | R--- | C] () -- C:\Documents and Settings\Oscar\Desktop\Combofix2.exe
[2009/05/05 16:49:16 | 03,012,988 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
[2009/05/03 20:08:44 | 03,692,115 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Epik High_One_(feat._Ji_Sun).mp3
[2009/05/03 20:01:45 | 05,564,416 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Epik High - Love Love Love.mp3
[2009/05/03 19:52:13 | 06,156,834 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Big bang -Haru Haru.mp3
[2009/05/03 19:28:37 | 04,976,265 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\BigBang - haru haru.mp3
[2009/05/03 13:26:25 | 04,865,247 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Big Bang, 21 - Lollipop.mp3
[2009/04/27 21:09:05 | 00,778,458 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\LAL_TOO_MUCH_FRUIT__by_randyotter.jpg
[2009/04/27 20:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\My Documents\BitTorrent Downloads
[2009/04/27 20:13:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\BitTorrent
[2009/04/27 18:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\vlc
[2009/04/26 11:20:23 | 00,304,957 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\hjsplit.zip
[2009/04/26 11:05:30 | 35,840,2255 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\domokun.rar
[2009/04/26 10:01:19 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 10:01:14 | 00,000,000 | ---D | C] -- C:\Program Files\domokun(mbam)
[2009/04/26 09:44:47 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\domokun1.lnk
[2009/04/26 09:39:09 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\domokun.exe
[2009/04/26 09:38:01 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
[2009/04/25 22:08:17 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe
[2009/04/25 22:07:14 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/25 22:06:54 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Rooter.exe
[2009/04/25 22:02:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/25 22:01:39 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\NTREGOPT.lnk
[2009/04/25 22:01:39 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\ERUNT.lnk
[2009/04/25 22:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/25 22:01:03 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Oscar\Desktop\erunt_setup.exe
[2009/04/25 21:59:39 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Oscar\Desktop\SysRestorePoint.exe
[2009/04/23 19:36:46 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/04/23 19:36:46 | 00,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2009/04/23 19:36:46 | 00,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2009/04/23 19:35:23 | 00,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2009/04/22 23:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/04/22 23:09:29 | 00,001,847 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Windows Live Messenger .lnk
[2009/04/22 23:07:13 | 01,143,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Oscar\Desktop\wlsetup-web.exe
[2009/04/08 08:56:37 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/08 01:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/04/07 23:48:34 | 00,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP1.EXE
[2009/02/03 18:00:25 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vnwsqs.dll
[2009/02/03 18:00:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ujoxncxx.dll
[2009/02/02 14:10:11 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\hlpcvq.dll
[2009/02/02 14:10:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wbkgtxua.dll
[2009/02/01 18:31:59 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ihidbr.dll
[2009/02/01 18:31:57 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cxmwvlnq.dll
[2009/01/31 18:29:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\hzoagn.dll
[2009/01/31 18:29:23 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\lyfdwdyc.dll
[2009/01/30 01:31:46 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\okylju.dll
[2009/01/30 01:31:44 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\atihawvt.dll
[2009/01/28 19:45:45 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wupqza.dll
[2009/01/28 19:45:43 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ylskqptp.dll
[2009/01/27 19:19:42 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wsklws.dll
[2009/01/27 19:19:40 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vflergbl.dll
[2009/01/26 19:01:02 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\nmktce.dll
[2009/01/26 19:00:58 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bmmbatuf.dll
[2009/01/25 19:03:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wfxlkrtl.dll
[2009/01/25 19:03:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wfudqz.dll
[2009/01/25 16:19:05 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\qhlzjf.dll
[2009/01/25 16:19:03 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jincfaba.dll
[2009/01/24 16:16:10 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mkbsbo.dll
[2009/01/24 16:16:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xinlasin.dll
[2009/01/23 15:13:51 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jzdtmc.dll
[2009/01/23 15:13:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bvoaeaey.dll
[2009/01/22 17:17:42 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jjevlt.dll
[2009/01/22 17:17:22 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mgdqxdek.dll
[2009/01/22 16:26:19 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\sbopqslu.dll
[2009/01/21 14:18:25 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mqrgdm.dll
[2009/01/21 14:18:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xcoguipb.dll
[2008/12/27 01:08:49 | 00,134,656 | ---- | C] () -- C:\WINDOWS\System32\wbrtqd.dll
[2008/12/27 01:08:43 | 00,134,656 | ---- | C] () -- C:\WINDOWS\System32\wgoqsogo.dll
[2008/12/26 01:01:58 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\lkqrhx.dll
[2008/12/26 01:01:40 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\qbquqagf.dll
[2008/11/23 15:02:19 | 00,011,613 | ---- | C] () -- C:\WINDOWS\System32\yxysir.sys
[2008/09/29 00:36:04 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/29 00:36:00 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/31 13:46:53 | 00,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2008/05/15 18:05:18 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/20 23:12:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2008/01/19 17:39:36 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/25 01:30:28 | 00,106,496 | ---- | C] () -- C:\WINDOWS\fileutil.dll
[2007/07/17 19:42:49 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/07/17 19:42:49 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/04/29 13:45:06 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL
[2007/03/03 20:53:43 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/03/03 20:53:43 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/01/15 14:06:20 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/09/26 19:10:31 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.DLL
[2006/05/24 15:47:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/20 16:15:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/04/18 17:04:53 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/25 22:01:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/25 21:56:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/25 17:56:41 | 00,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2006/03/25 17:56:39 | 00,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2006/03/25 15:48:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/11 09:15:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/24 09:44:16 | 00,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/24 09:34:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/24 09:34:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/24 09:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/24 09:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/24 09:34:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/24 09:34:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/24 09:32:19 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/24 09:31:49 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/24 09:31:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/24 09:31:49 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/24 09:31:49 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/10 19:02:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/14 07:22:22 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/14 07:22:21 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/05/23 17:32:31 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/05/23 15:14:59 | 00,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/23 15:14:59 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/23 14:30:21 | 00,000,119 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/05/23 14:25:40 | 00,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2005/05/23 13:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/23 13:52:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/23 13:45:19 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/23 10:01:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/23 09:51:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/23 09:32:45 | 00,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/23 09:29:57 | 00,000,835 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/05/23 09:29:51 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/04/25 13:44:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/04/20 20:38:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/04/20 20:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/03/30 14:50:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/25 16:44:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/08/12 09:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/01/14 09:45:00 | 00,225,792 | ---- | C] () -- C:\WINDOWS\System32\sqlite.dll
[2004/01/13 19:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[8 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/05 17:32:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/05 17:30:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/05 17:06:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/05 17:06:09 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\wuxcptia.job
[2009/05/05 17:05:59 | 52,689,7152 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/05 17:05:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/05 17:00:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/05 16:50:55 | 03,012,988 | R--- | M] () -- C:\Documents and Settings\Oscar\Desktop\Combofix2.exe
[2009/05/05 16:49:37 | 03,012,988 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
[2009/05/05 14:54:50 | 01,896,749 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/05/03 22:21:30 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/03 20:08:51 | 03,692,115 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Epik High_One_(feat._Ji_Sun).mp3
[2009/05/03 20:01:56 | 05,564,416 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Epik High - Love Love Love.mp3
[2009/05/03 19:52:33 | 06,156,834 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Big bang -Haru Haru.mp3
[2009/05/03 19:28:45 | 04,976,265 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\BigBang - haru haru.mp3
[2009/05/03 13:27:37 | 04,865,247 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Big Bang, 21 - Lollipop.mp3
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 21:09:14 | 00,778,458 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\LAL_TOO_MUCH_FRUIT__by_randyotter.jpg
[2009/04/26 11:20:25 | 00,304,957 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\hjsplit.zip
[2009/04/26 11:16:49 | 35,840,2255 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\domokun.rar
[2009/04/26 10:01:19 | 00,000,639 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 09:44:47 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\domokun1.lnk
[2009/04/26 09:39:15 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\domokun.exe
[2009/04/26 09:38:02 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
[2009/04/25 22:08:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe
[2009/04/25 22:06:54 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Rooter.exe
[2009/04/25 22:01:39 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\NTREGOPT.lnk
[2009/04/25 22:01:39 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\ERUNT.lnk
[2009/04/25 22:01:03 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Oscar\Desktop\erunt_setup.exe
[2009/04/25 21:59:39 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Oscar\Desktop\SysRestorePoint.exe
[2009/04/23 21:41:02 | 01,575,492 | -H-- | M] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\IconCache.db
[2009/04/23 19:38:57 | 00,035,382 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2009/04/23 19:38:56 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/04/23 19:38:56 | 00,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2009/04/22 23:10:27 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\My Sharing Folders.lnk
[2009/04/22 23:09:29 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Windows Live Messenger .lnk
[2009/04/22 23:07:14 | 01,143,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Oscar\Desktop\wlsetup-web.exe
[2009/04/14 19:19:19 | 00,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2009/04/14 17:35:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/14 17:35:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/08 08:56:37 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/08 01:12:14 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/04/07 23:34:15 | 00,000,119 | ---- | M] () -- C:\WINDOWS\Quicken.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >
  • 0

#6
handhfan
Posted 07 May 2009 - 03:39 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
[2009/02/03 18:00:25 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vnwsqs.dll
[2009/02/03 18:00:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ujoxncxx.dll
[2009/02/02 14:10:11 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\hlpcvq.dll
[2009/02/02 14:10:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wbkgtxua.dll
[2009/02/01 18:31:59 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ihidbr.dll
[2009/02/01 18:31:57 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cxmwvlnq.dll
[2009/01/31 18:29:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\hzoagn.dll
[2009/01/31 18:29:23 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\lyfdwdyc.dll
[2009/01/30 01:31:46 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\okylju.dll
[2009/01/30 01:31:44 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\atihawvt.dll
[2009/01/28 19:45:45 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wupqza.dll
[2009/01/28 19:45:43 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ylskqptp.dll
[2009/01/27 19:19:42 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wsklws.dll
[2009/01/27 19:19:40 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vflergbl.dll
[2009/01/26 19:01:02 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\nmktce.dll
[2009/01/26 19:00:58 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bmmbatuf.dll
[2009/01/25 19:03:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wfxlkrtl.dll
[2009/01/25 19:03:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wfudqz.dll
[2009/01/25 16:19:05 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\qhlzjf.dll
[2009/01/25 16:19:03 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jincfaba.dll
[2009/01/24 16:16:10 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mkbsbo.dll
[2009/01/24 16:16:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xinlasin.dll
[2009/01/23 15:13:51 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jzdtmc.dll
[2009/01/23 15:13:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bvoaeaey.dll
[2009/01/22 17:17:42 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jjevlt.dll
[2009/01/22 17:17:22 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mgdqxdek.dll
[2009/01/22 16:26:19 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\sbopqslu.dll
[2009/01/21 14:18:25 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mqrgdm.dll
[2009/01/21 14:18:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xcoguipb.dll
[2008/12/27 01:08:49 | 00,134,656 | ---- | C] () -- C:\WINDOWS\System32\wbrtqd.dll
[2008/12/27 01:08:43 | 00,134,656 | ---- | C] () -- C:\WINDOWS\System32\wgoqsogo.dll
[2008/12/26 01:01:58 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\lkqrhx.dll
[2008/12/26 01:01:40 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\qbquqagf.dll
[2008/11/23 15:02:19 | 00,011,613 | ---- | C] () -- C:\WINDOWS\System32\yxysir.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTListIt2 log

  • 0

#7
aznfeat
Posted 07 May 2009 - 11:59 PM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay so this is my OTListIt2 Log:

OTListIt logfile created on: 5/7/2009 10:43:08 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Oscar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 120.08 Mb Available Physical Memory | 23.90% Memory free
1.20 Gb Paging File | 0.78 Gb Available in Paging File | 65.39% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 1.69 Gb Free Space | 2.27% Space Free | Partition Type: NTFS
Drive D: | 321.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Oscar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\VSO\mcvsrte.exe (Networks Associates Technology, Inc)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\VSO\McShield.exe ()
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
PRC - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (Networks Associates Technology, Inc)
PRC - c:\Program Files\McAfee.com\VSO\McVSEscn.exe (Networks Associates Technology, Inc)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\BtUsrBdg.exe (Extended Systems, Inc.)
PRC - C:\WINDOWS\system32\BTSetBootKey.exe ()
PRC - C:\toshiba\ivp\ism\ivpsvmgr.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\BitTorrent\bittorrent.exe ()
PRC - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Metamail Inc\Metamail Reader\Metamail Secure Server.exe (Metamail Corp.)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (EPSON_PM_RPCV2_01 [Auto | Running]) -- C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McDetect.exe [Auto | Running]) -- c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
SRV - (McShield [On_Demand | Running]) -- c:\Program Files\McAfee.com\VSO\McShield.exe ()
SRV - (McTskshd.exe [Auto | Running]) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (MCVSRte [Auto | Running]) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe (Networks Associates Technology, Inc)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (BTCOMM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Btcomm.sys (Windigo Systems)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BTKRNBDG [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys (Windigo Systems)
DRV - (BTNetFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (ICAM5USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Icam5USB.sys (Microsoft Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (IWCA [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\iwca.sys (Intel Corporation)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (NaiFiltr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys ()
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (npkcrypt [Auto | Running]) -- C:\Nexon\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SerTVOutCtlr [System | Running]) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SrvcEKIOMngr [System | Running]) -- C:\WINDOWS\System32\Drivers\EKIoMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (SrvcSSIOMngr [System | Running]) -- C:\WINDOWS\System32\Drivers\SSIoMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (TBiosDrv [Auto | Running]) -- C:\WINDOWS\system32\drivers\TBiosDrv.sys ()
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (TPwSav [System | Running]) -- C:\WINDOWS\System32\Drivers\TPwSav.sys (TOSHIBA )
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.34

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/02 01:55:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/05 22:59:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/05 17:07:42 | 00,000,000 | ---D | M]

[2008/07/07 00:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Extensions
[2008/07/07 00:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/06 17:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions
[2009/05/02 13:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/05/02 19:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2006/03/25 15:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
[2009/04/18 11:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/04 21:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\[email protected]
[2009/05/06 17:48:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 17:58:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/05 22:28:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/28 19:22:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/22 16:02:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/18 15:11:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/02 01:56:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/24 18:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/27 17:58:18 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 17:58:18 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/28 21:44:52 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/28 21:44:52 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/28 21:44:52 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/28 21:44:52 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/28 21:44:53 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/28 21:44:53 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/28 21:44:53 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/28 21:44:53 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (1195 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 128.95.198.85 uwcps_rainiers.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.87 uwcps_libr_ps.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.88 uwcps-art-sci.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.86 uwcps-dept-ps.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.85 uwcps_rainiers
O1 - Hosts: 128.95.198.87 uwcps_libr_ps
O1 - Hosts: 128.95.198.88 uwcps-art-sci
O1 - Hosts: 128.95.198.86 uwcps-dept-ps
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX620 Series on LIVINGRM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P48 "Auto EPSON Stylus Photo RX620 Series on LIVINGRM" /O19 "\\LIVINGRM\EPSONSty" /M "Stylus Photo RX620" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [BTSETBOOTKEY] BTSetBootKey.exe ()
O4 - HKLM..\Run: [BTUSRBDG] BtUsrBdg.exe (Extended Systems, Inc.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe (Ingenuiti)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [ZoomingHook] ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll (Metamail Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/07 22:38:33 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 15:08:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\Malwarebytes
[2009/05/05 19:51:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\Kentridge
[2009/05/05 17:56:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/05 17:56:06 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/05 17:56:06 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/05/05 17:56:05 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/05 17:56:05 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/05 17:56:04 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/05 17:56:04 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/05 17:56:04 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/05 17:56:04 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/05 17:56:04 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/05 17:54:41 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/05 17:54:41 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/05 17:54:41 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/05 17:49:35 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/05 17:00:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/05 16:59:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/05 16:59:52 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/05 16:57:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/05 16:57:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/05 16:57:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/05 16:57:21 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/05 16:57:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/05 16:57:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/05 16:57:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/05 16:57:21 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/05 16:51:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/05 16:50:51 | 03,012,988 | R--- | C] () -- C:\Documents and Settings\Oscar\Desktop\Combofix2.exe
[2009/05/05 16:49:16 | 03,012,988 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
[2009/05/03 20:08:44 | 03,692,115 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Epik High_One_(feat._Ji_Sun).mp3
[2009/05/03 20:01:45 | 05,564,416 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Epik High - Love Love Love.mp3
[2009/05/03 19:52:13 | 06,156,834 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Big bang -Haru Haru.mp3
[2009/05/03 19:28:37 | 04,976,265 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\BigBang - haru haru.mp3
[2009/05/03 13:26:25 | 04,865,247 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Big Bang, 21 - Lollipop.mp3
[2009/04/27 21:09:05 | 00,778,458 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\LAL_TOO_MUCH_FRUIT__by_randyotter.jpg
[2009/04/27 20:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\My Documents\BitTorrent Downloads
[2009/04/27 20:13:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\BitTorrent
[2009/04/27 18:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\vlc
[2009/04/26 11:20:23 | 00,304,957 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\hjsplit.zip
[2009/04/26 11:05:30 | 35,840,2255 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\domokun.rar
[2009/04/26 10:01:19 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 10:01:14 | 00,000,000 | ---D | C] -- C:\Program Files\domokun(mbam)
[2009/04/26 09:44:47 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\domokun1.lnk
[2009/04/26 09:39:09 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\domokun.exe
[2009/04/26 09:38:01 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
[2009/04/25 22:08:17 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe
[2009/04/25 22:07:14 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/25 22:06:54 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Rooter.exe
[2009/04/25 22:02:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/25 22:01:39 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\NTREGOPT.lnk
[2009/04/25 22:01:39 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\ERUNT.lnk
[2009/04/25 22:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/25 22:01:03 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Oscar\Desktop\erunt_setup.exe
[2009/04/25 21:59:39 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Oscar\Desktop\SysRestorePoint.exe
[2009/04/23 19:36:46 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/04/23 19:36:46 | 00,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2009/04/23 19:36:46 | 00,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2009/04/23 19:35:23 | 00,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2009/04/22 23:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/04/22 23:09:29 | 00,001,847 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Windows Live Messenger .lnk
[2009/04/22 23:07:13 | 01,143,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Oscar\Desktop\wlsetup-web.exe
[2009/04/08 08:56:37 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/08 01:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/04/07 23:48:34 | 00,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP1.EXE
[2009/02/03 18:00:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ujoxncxx.dll
[2009/02/02 14:10:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wbkgtxua.dll
[2009/02/01 18:31:57 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cxmwvlnq.dll
[2009/01/31 18:29:23 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\lyfdwdyc.dll
[2009/01/30 01:31:44 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\atihawvt.dll
[2009/01/28 19:45:43 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ylskqptp.dll
[2009/01/27 19:19:40 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vflergbl.dll
[2009/01/26 19:00:58 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bmmbatuf.dll
[2009/01/25 19:03:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wfxlkrtl.dll
[2009/01/25 16:19:03 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jincfaba.dll
[2009/01/24 16:16:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xinlasin.dll
[2009/01/23 15:13:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bvoaeaey.dll
[2009/01/22 17:17:22 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mgdqxdek.dll
[2009/01/22 16:26:19 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\sbopqslu.dll
[2009/01/21 14:18:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xcoguipb.dll
[2008/09/29 00:36:04 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/29 00:36:00 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/31 13:46:53 | 00,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2008/05/15 18:05:18 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/20 23:12:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2008/01/19 17:39:36 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/25 01:30:28 | 00,106,496 | ---- | C] () -- C:\WINDOWS\fileutil.dll
[2007/07/17 19:42:49 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/07/17 19:42:49 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/04/29 13:45:06 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL
[2007/03/03 20:53:43 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/03/03 20:53:43 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/01/15 14:06:20 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/09/26 19:10:31 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.DLL
[2006/05/24 15:47:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/20 16:15:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/04/18 17:04:53 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/25 22:01:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/25 21:56:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/25 17:56:41 | 00,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2006/03/25 17:56:39 | 00,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2006/03/25 15:48:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/11 09:15:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/24 09:44:16 | 00,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/24 09:34:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/24 09:34:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/24 09:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/24 09:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/24 09:34:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/24 09:34:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/24 09:32:19 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/24 09:31:49 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/24 09:31:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/24 09:31:49 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/24 09:31:49 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/10 19:02:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/14 07:22:22 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/14 07:22:21 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/05/23 17:32:31 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/05/23 15:14:59 | 00,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/23 15:14:59 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/23 14:30:21 | 00,000,119 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/05/23 14:25:40 | 00,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2005/05/23 13:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/23 13:52:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/23 13:45:19 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/23 10:01:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/23 09:51:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/23 09:32:45 | 00,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/23 09:29:57 | 00,000,835 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/05/23 09:29:51 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/04/25 13:44:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/04/20 20:38:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/04/20 20:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/03/30 14:50:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/25 16:44:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/08/12 09:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/01/14 09:45:00 | 00,225,792 | ---- | C] () -- C:\WINDOWS\System32\sqlite.dll
[2004/01/13 19:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[8 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/07 22:42:02 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/07 22:41:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/07 22:41:18 | 52,689,7152 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/07 22:41:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/07 22:31:08 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\wuxcptia.job
[2009/05/06 22:45:22 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/06 15:08:52 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/06 15:08:51 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/06 15:08:49 | 00,484,106 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/06 15:03:38 | 02,211,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 23:10:44 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/05 17:30:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/05 17:00:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/05 16:50:55 | 03,012,988 | R--- | M] () -- C:\Documents and Settings\Oscar\Desktop\Combofix2.exe
[2009/05/05 16:49:37 | 03,012,988 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
[2009/05/05 14:54:50 | 01,896,749 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/05/03 20:08:51 | 03,692,115 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Epik High_One_(feat._Ji_Sun).mp3
[2009/05/03 20:01:56 | 05,564,416 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Epik High - Love Love Love.mp3
[2009/05/03 19:52:33 | 06,156,834 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Big bang -Haru Haru.mp3
[2009/05/03 19:28:45 | 04,976,265 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\BigBang - haru haru.mp3
[2009/05/03 13:27:37 | 04,865,247 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Big Bang, 21 - Lollipop.mp3
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 21:09:14 | 00,778,458 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\LAL_TOO_MUCH_FRUIT__by_randyotter.jpg
[2009/04/26 11:20:25 | 00,304,957 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\hjsplit.zip
[2009/04/26 11:16:49 | 35,840,2255 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\domokun.rar
[2009/04/26 10:01:19 | 00,000,639 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 09:44:47 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\domokun1.lnk
[2009/04/26 09:39:15 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\domokun.exe
[2009/04/26 09:38:02 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
[2009/04/25 22:08:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe
[2009/04/25 22:06:54 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Rooter.exe
[2009/04/25 22:01:39 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\NTREGOPT.lnk
[2009/04/25 22:01:39 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\ERUNT.lnk
[2009/04/25 22:01:03 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Oscar\Desktop\erunt_setup.exe
[2009/04/25 21:59:39 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Oscar\Desktop\SysRestorePoint.exe
[2009/04/23 21:41:02 | 01,575,492 | -H-- | M] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\IconCache.db
[2009/04/23 19:38:57 | 00,035,382 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2009/04/23 19:38:56 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/04/23 19:38:56 | 00,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2009/04/22 23:10:27 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\My Sharing Folders.lnk
[2009/04/22 23:09:29 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Windows Live Messenger .lnk
[2009/04/22 23:07:14 | 01,143,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Oscar\Desktop\wlsetup-web.exe
[2009/04/14 19:19:19 | 00,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2009/04/14 17:35:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/14 17:35:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/08 08:56:37 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/08 01:12:14 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/04/07 23:34:15 | 00,000,119 | ---- | M] () -- C:\WINDOWS\Quicken.ini
< End of report >

Here is the log they gave me when they were done with the custom scan/fix just in case you need it:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vnwsqs.dll
C:\WINDOWS\System32\vnwsqs.dll NOT unregistered.
C:\WINDOWS\System32\vnwsqs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\ujoxncxx.dll
C:\WINDOWS\System32\ujoxncxx.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ujoxncxx.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hlpcvq.dll
C:\WINDOWS\System32\hlpcvq.dll NOT unregistered.
C:\WINDOWS\System32\hlpcvq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\wbkgtxua.dll
C:\WINDOWS\System32\wbkgtxua.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wbkgtxua.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ihidbr.dll
C:\WINDOWS\System32\ihidbr.dll NOT unregistered.
C:\WINDOWS\System32\ihidbr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\cxmwvlnq.dll
C:\WINDOWS\System32\cxmwvlnq.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\cxmwvlnq.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hzoagn.dll
C:\WINDOWS\System32\hzoagn.dll NOT unregistered.
C:\WINDOWS\System32\hzoagn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\lyfdwdyc.dll
C:\WINDOWS\System32\lyfdwdyc.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\lyfdwdyc.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\okylju.dll
C:\WINDOWS\System32\okylju.dll NOT unregistered.
C:\WINDOWS\System32\okylju.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\atihawvt.dll
C:\WINDOWS\System32\atihawvt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\atihawvt.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wupqza.dll
C:\WINDOWS\System32\wupqza.dll NOT unregistered.
C:\WINDOWS\System32\wupqza.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\ylskqptp.dll
C:\WINDOWS\System32\ylskqptp.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ylskqptp.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wsklws.dll
C:\WINDOWS\System32\wsklws.dll NOT unregistered.
C:\WINDOWS\System32\wsklws.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\vflergbl.dll
C:\WINDOWS\System32\vflergbl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\vflergbl.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nmktce.dll
C:\WINDOWS\System32\nmktce.dll NOT unregistered.
C:\WINDOWS\System32\nmktce.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\bmmbatuf.dll
C:\WINDOWS\System32\bmmbatuf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\bmmbatuf.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\wfxlkrtl.dll
C:\WINDOWS\System32\wfxlkrtl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wfxlkrtl.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wfudqz.dll
C:\WINDOWS\System32\wfudqz.dll NOT unregistered.
C:\WINDOWS\System32\wfudqz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\qhlzjf.dll
C:\WINDOWS\System32\qhlzjf.dll NOT unregistered.
C:\WINDOWS\System32\qhlzjf.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\jincfaba.dll
C:\WINDOWS\System32\jincfaba.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jincfaba.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mkbsbo.dll
C:\WINDOWS\System32\mkbsbo.dll NOT unregistered.
C:\WINDOWS\System32\mkbsbo.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\xinlasin.dll
C:\WINDOWS\System32\xinlasin.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xinlasin.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jzdtmc.dll
C:\WINDOWS\System32\jzdtmc.dll NOT unregistered.
C:\WINDOWS\System32\jzdtmc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\bvoaeaey.dll
C:\WINDOWS\System32\bvoaeaey.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\bvoaeaey.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jjevlt.dll
C:\WINDOWS\System32\jjevlt.dll NOT unregistered.
C:\WINDOWS\System32\jjevlt.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\mgdqxdek.dll
C:\WINDOWS\System32\mgdqxdek.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\mgdqxdek.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\sbopqslu.dll
C:\WINDOWS\System32\sbopqslu.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\sbopqslu.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mqrgdm.dll
C:\WINDOWS\System32\mqrgdm.dll NOT unregistered.
C:\WINDOWS\System32\mqrgdm.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\xcoguipb.dll
C:\WINDOWS\System32\xcoguipb.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xcoguipb.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wbrtqd.dll
C:\WINDOWS\System32\wbrtqd.dll NOT unregistered.
C:\WINDOWS\System32\wbrtqd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wgoqsogo.dll
C:\WINDOWS\System32\wgoqsogo.dll NOT unregistered.
C:\WINDOWS\System32\wgoqsogo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\lkqrhx.dll
C:\WINDOWS\System32\lkqrhx.dll NOT unregistered.
C:\WINDOWS\System32\lkqrhx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\qbquqagf.dll
C:\WINDOWS\System32\qbquqagf.dll NOT unregistered.
C:\WINDOWS\System32\qbquqagf.dll moved successfully.
C:\WINDOWS\System32\yxysir.sys moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Oscar\Local Settings\temp\Perflib_Perfdata_990.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\temp\~DF537.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\temp\~DFF44A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b48.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 05072009_223833

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\System32\ujoxncxx.dll
C:\WINDOWS\System32\ujoxncxx.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ujoxncxx.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\wbkgtxua.dll
C:\WINDOWS\System32\wbkgtxua.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wbkgtxua.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\cxmwvlnq.dll
C:\WINDOWS\System32\cxmwvlnq.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\cxmwvlnq.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\lyfdwdyc.dll
C:\WINDOWS\System32\lyfdwdyc.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\lyfdwdyc.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\atihawvt.dll
C:\WINDOWS\System32\atihawvt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\atihawvt.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\ylskqptp.dll
C:\WINDOWS\System32\ylskqptp.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ylskqptp.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\vflergbl.dll
C:\WINDOWS\System32\vflergbl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\vflergbl.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\bmmbatuf.dll
C:\WINDOWS\System32\bmmbatuf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\bmmbatuf.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\wfxlkrtl.dll
C:\WINDOWS\System32\wfxlkrtl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wfxlkrtl.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\jincfaba.dll
C:\WINDOWS\System32\jincfaba.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jincfaba.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\xinlasin.dll
C:\WINDOWS\System32\xinlasin.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xinlasin.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\bvoaeaey.dll
C:\WINDOWS\System32\bvoaeaey.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\bvoaeaey.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\mgdqxdek.dll
C:\WINDOWS\System32\mgdqxdek.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\mgdqxdek.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\sbopqslu.dll
C:\WINDOWS\System32\sbopqslu.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\sbopqslu.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\xcoguipb.dll
C:\WINDOWS\System32\xcoguipb.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xcoguipb.dll scheduled to be moved on reboot.
File C:\Documents and Settings\Oscar\Local Settings\temp\Perflib_Perfdata_990.dat not found!
File C:\Documents and Settings\Oscar\Local Settings\temp\~DF537.tmp not found!
C:\Documents and Settings\Oscar\Local Settings\temp\~DFF44A.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_b48.dat not found!

Registry entries deleted on Reboot...
  • 0

#8
handhfan
Posted 11 May 2009 - 10:52 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Please double-click OTListIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTLI
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
[2009/02/03 18:00:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ujoxncxx.dll
[2009/02/02 14:10:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wbkgtxua.dll
[2009/02/01 18:31:57 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cxmwvlnq.dll
[2009/01/31 18:29:23 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\lyfdwdyc.dll
[2009/01/30 01:31:44 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\atihawvt.dll
[2009/01/28 19:45:43 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ylskqptp.dll
[2009/01/27 19:19:40 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vflergbl.dll
[2009/01/26 19:00:58 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bmmbatuf.dll
[2009/01/25 19:03:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wfxlkrtl.dll
[2009/01/25 16:19:03 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jincfaba.dll
[2009/01/24 16:16:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xinlasin.dll
[2009/01/23 15:13:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bvoaeaey.dll
[2009/01/22 17:17:22 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mgdqxdek.dll
[2009/01/22 16:26:19 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\sbopqslu.dll
[2009/01/21 14:18:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xcoguipb.dll

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
  • Click the red Run Fix button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTListIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

#9
aznfeat
Posted 11 May 2009 - 04:51 PM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the reply, I really appreciate it!
Here is the log:

========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
LoadLibrary failed for C:\WINDOWS\System32\ujoxncxx.dll
C:\WINDOWS\System32\ujoxncxx.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ujoxncxx.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\wbkgtxua.dll
C:\WINDOWS\System32\wbkgtxua.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wbkgtxua.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\cxmwvlnq.dll
C:\WINDOWS\System32\cxmwvlnq.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\cxmwvlnq.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\lyfdwdyc.dll
C:\WINDOWS\System32\lyfdwdyc.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\lyfdwdyc.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\atihawvt.dll
C:\WINDOWS\System32\atihawvt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\atihawvt.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\ylskqptp.dll
C:\WINDOWS\System32\ylskqptp.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ylskqptp.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\vflergbl.dll
C:\WINDOWS\System32\vflergbl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\vflergbl.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\bmmbatuf.dll
C:\WINDOWS\System32\bmmbatuf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\bmmbatuf.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\wfxlkrtl.dll
C:\WINDOWS\System32\wfxlkrtl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wfxlkrtl.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\jincfaba.dll
C:\WINDOWS\System32\jincfaba.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jincfaba.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\xinlasin.dll
C:\WINDOWS\System32\xinlasin.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xinlasin.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\bvoaeaey.dll
C:\WINDOWS\System32\bvoaeaey.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\bvoaeaey.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\mgdqxdek.dll
C:\WINDOWS\System32\mgdqxdek.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\mgdqxdek.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\sbopqslu.dll
C:\WINDOWS\System32\sbopqslu.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\sbopqslu.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\xcoguipb.dll
C:\WINDOWS\System32\xcoguipb.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xcoguipb.dll scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Oscar\Local Settings\temp\etilqs_Prhw2KgbNalWs7VUN5ca scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\temp\Perflib_Perfdata_65c.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\temp\~DF62E5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\temp\~DF642E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_340.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 05112009_153951

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\System32\ujoxncxx.dll
C:\WINDOWS\System32\ujoxncxx.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ujoxncxx.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\wbkgtxua.dll
C:\WINDOWS\System32\wbkgtxua.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wbkgtxua.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\cxmwvlnq.dll
C:\WINDOWS\System32\cxmwvlnq.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\cxmwvlnq.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\lyfdwdyc.dll
C:\WINDOWS\System32\lyfdwdyc.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\lyfdwdyc.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\atihawvt.dll
C:\WINDOWS\System32\atihawvt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\atihawvt.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\ylskqptp.dll
C:\WINDOWS\System32\ylskqptp.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\ylskqptp.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\vflergbl.dll
C:\WINDOWS\System32\vflergbl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\vflergbl.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\bmmbatuf.dll
C:\WINDOWS\System32\bmmbatuf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\bmmbatuf.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\wfxlkrtl.dll
C:\WINDOWS\System32\wfxlkrtl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\wfxlkrtl.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\jincfaba.dll
C:\WINDOWS\System32\jincfaba.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jincfaba.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\xinlasin.dll
C:\WINDOWS\System32\xinlasin.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xinlasin.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\bvoaeaey.dll
C:\WINDOWS\System32\bvoaeaey.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\bvoaeaey.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\mgdqxdek.dll
C:\WINDOWS\System32\mgdqxdek.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\mgdqxdek.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\sbopqslu.dll
C:\WINDOWS\System32\sbopqslu.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\sbopqslu.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\System32\xcoguipb.dll
C:\WINDOWS\System32\xcoguipb.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xcoguipb.dll scheduled to be moved on reboot.
File C:\Documents and Settings\Oscar\Local Settings\temp\etilqs_Prhw2KgbNalWs7VUN5ca not found!
File C:\Documents and Settings\Oscar\Local Settings\temp\Perflib_Perfdata_65c.dat not found!
C:\Documents and Settings\Oscar\Local Settings\temp\~DF62E5.tmp moved successfully.
File C:\Documents and Settings\Oscar\Local Settings\temp\~DF642E.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_340.dat not found!
C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Oscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Edited by aznfeat, 11 May 2009 - 04:53 PM.

  • 0

#10
handhfan
Posted 11 May 2009 - 10:09 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Let's scan again with OTListIt2 and post a new log. Hopefully it'll look much cleaner. :)
  • 0

Advertisements

#11
aznfeat
Posted 12 May 2009 - 04:39 PM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I hope so to :]
This is my log:

OTListIt logfile created on: 5/12/2009 3:32:38 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Oscar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 49.23 Mb Available Physical Memory | 9.80% Memory free
1.20 Gb Paging File | 0.76 Gb Available in Paging File | 63.63% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 1.53 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
Drive D: | 321.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Oscar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\VSO\mcvsrte.exe (Networks Associates Technology, Inc)
PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (Networks Associates Technology, Inc)
PRC - c:\Program Files\McAfee.com\VSO\McVSEscn.exe (Networks Associates Technology, Inc)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\BtUsrBdg.exe (Extended Systems, Inc.)
PRC - C:\WINDOWS\system32\BTSetBootKey.exe ()
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\toshiba\ivp\ism\ivpsvmgr.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Metamail Inc\Metamail Reader\Metamail Secure Server.exe (Metamail Corp.)
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - c:\Program Files\McAfee.com\VSO\McShield.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe (Windigo Systems)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (EPSON_PM_RPCV2_01 [Auto | Running]) -- C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McDetect.exe [Auto | Running]) -- c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
SRV - (McShield [On_Demand | Running]) -- c:\Program Files\McAfee.com\VSO\McShield.exe ()
SRV - (McTskshd.exe [Auto | Running]) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (MCVSRte [Auto | Running]) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe (Networks Associates Technology, Inc)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (BTCOMM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Btcomm.sys (Windigo Systems)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BTKRNBDG [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys (Windigo Systems)
DRV - (BTNetFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (ICAM5USB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ICAM5D2.sys (Intel Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (IWCA [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\iwca.sys (Intel Corporation)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (NaiFiltr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys ()
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (npkcrypt [Auto | Running]) -- C:\Nexon\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SerTVOutCtlr [System | Running]) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SrvcEKIOMngr [System | Running]) -- C:\WINDOWS\System32\Drivers\EKIoMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (SrvcSSIOMngr [System | Running]) -- C:\WINDOWS\System32\Drivers\SSIoMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (TBiosDrv [Auto | Running]) -- C:\WINDOWS\system32\drivers\TBiosDrv.sys ()
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (TPwSav [System | Running]) -- C:\WINDOWS\System32\Drivers\TPwSav.sys (TOSHIBA )
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.34

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/02 01:55:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/05 22:59:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/05 17:07:42 | 00,000,000 | ---D | M]

[2008/07/07 00:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Extensions
[2008/07/07 00:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/09 23:20:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions
[2009/05/02 13:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/05/02 19:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2006/03/25 15:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
[2009/04/18 11:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/04 21:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\[email protected]
[2009/05/11 15:13:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 17:58:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/05 22:28:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/28 19:22:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/22 16:02:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/18 15:11:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/02 01:56:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/24 18:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/27 17:58:18 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 17:58:18 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/28 21:44:52 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/28 21:44:52 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/28 21:44:52 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/28 21:44:52 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/28 21:44:53 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/28 21:44:53 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/28 21:44:53 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/28 21:44:53 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (1195 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 128.95.198.85 uwcps_rainiers.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.87 uwcps_libr_ps.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.88 uwcps-art-sci.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.86 uwcps-dept-ps.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.85 uwcps_rainiers
O1 - Hosts: 128.95.198.87 uwcps_libr_ps
O1 - Hosts: 128.95.198.88 uwcps-art-sci
O1 - Hosts: 128.95.198.86 uwcps-dept-ps
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX620 Series on LIVINGRM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P48 "Auto EPSON Stylus Photo RX620 Series on LIVINGRM" /O19 "\\LIVINGRM\EPSONSty" /M "Stylus Photo RX620" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [BTSETBOOTKEY] BTSetBootKey.exe ()
O4 - HKLM..\Run: [BTUSRBDG] BtUsrBdg.exe (Extended Systems, Inc.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe (Ingenuiti)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [ZoomingHook] ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll (Metamail Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/11 19:41:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\Panels
[2009/05/11 19:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\images
[2009/05/11 19:15:52 | 00,483,361 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\HongKong_Skyline1.jpg
[2009/05/11 19:14:38 | 00,483,361 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\HongKong_Skyline.jpg
[2009/05/11 18:37:26 | 00,023,631 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\274351.doc
[2009/05/10 16:56:45 | 30,818,305 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\McJin_Meen_Fai_Rap_Mixtape.zip
[2009/05/10 01:34:02 | 00,195,547 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\andrew-paglinawan_quicksand.zip
[2009/05/08 23:12:48 | 00,012,771 | ---- | C] () -- C:\WINDOWS\System32\Icam5UNI.hlp
[2009/05/08 23:03:24 | 00,000,000 | ---D | C] -- C:\temp
[2009/05/08 23:01:40 | 00,029,255 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\url.htm
[2009/05/07 22:38:33 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 15:08:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\Malwarebytes
[2009/05/05 19:51:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\Kentridge
[2009/05/05 17:56:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/05 17:56:06 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/05 17:56:06 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/05/05 17:56:05 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/05 17:56:05 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/05 17:56:04 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/05 17:56:04 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/05 17:56:04 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/05 17:56:04 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/05 17:56:04 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/05 17:54:41 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/05 17:54:41 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/05 17:54:41 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/05 17:49:35 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/05 17:00:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/05 16:59:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/05 16:59:52 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/05 16:57:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/05 16:57:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/05 16:57:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/05 16:57:21 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/05 16:57:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/05 16:57:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/05 16:57:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/05 16:57:21 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/05 16:51:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/05 16:50:51 | 03,012,988 | R--- | C] () -- C:\Documents and Settings\Oscar\Desktop\Combofix2.exe
[2009/05/05 16:49:16 | 03,012,988 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
[2009/05/03 20:08:44 | 03,692,115 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Epik High_One_(feat._Ji_Sun).mp3
[2009/05/03 20:01:45 | 05,564,416 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Epik High - Love Love Love.mp3
[2009/05/03 19:52:13 | 06,156,834 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Big bang -Haru Haru.mp3
[2009/05/03 19:28:37 | 04,976,265 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\BigBang - haru haru.mp3
[2009/05/03 13:26:25 | 04,865,247 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Big Bang, 21 - Lollipop.mp3
[2009/04/27 21:09:05 | 00,778,458 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\LAL_TOO_MUCH_FRUIT__by_randyotter.jpg
[2009/04/27 20:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\My Documents\BitTorrent Downloads
[2009/04/27 20:13:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\BitTorrent
[2009/04/27 18:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\vlc
[2009/04/26 11:20:23 | 00,304,957 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\hjsplit.zip
[2009/04/26 11:05:30 | 35,840,2255 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\domokun.rar
[2009/04/26 10:01:19 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 10:01:14 | 00,000,000 | ---D | C] -- C:\Program Files\domokun(mbam)
[2009/04/26 09:44:47 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\domokun1.lnk
[2009/04/26 09:39:09 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\domokun.exe
[2009/04/26 09:38:01 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
[2009/04/25 22:08:17 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe
[2009/04/25 22:07:14 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/25 22:06:54 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Rooter.exe
[2009/04/25 22:02:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/25 22:01:39 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\NTREGOPT.lnk
[2009/04/25 22:01:39 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\ERUNT.lnk
[2009/04/25 22:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/25 22:01:03 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Oscar\Desktop\erunt_setup.exe
[2009/04/25 21:59:39 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Oscar\Desktop\SysRestorePoint.exe
[2009/04/23 19:36:46 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/04/23 19:36:46 | 00,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2009/04/23 19:36:46 | 00,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2009/04/23 19:35:23 | 00,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2009/04/22 23:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/04/22 23:09:29 | 00,001,847 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Windows Live Messenger .lnk
[2009/04/22 23:07:13 | 01,143,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Oscar\Desktop\wlsetup-web.exe
[2009/02/03 18:00:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ujoxncxx.dll
[2009/02/02 14:10:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wbkgtxua.dll
[2009/02/01 18:31:57 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cxmwvlnq.dll
[2009/01/31 18:29:23 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\lyfdwdyc.dll
[2009/01/30 01:31:44 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\atihawvt.dll
[2009/01/28 19:45:43 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ylskqptp.dll
[2009/01/27 19:19:40 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vflergbl.dll
[2009/01/26 19:00:58 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bmmbatuf.dll
[2009/01/25 19:03:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wfxlkrtl.dll
[2009/01/25 16:19:03 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\jincfaba.dll
[2009/01/24 16:16:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xinlasin.dll
[2009/01/23 15:13:50 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bvoaeaey.dll
[2009/01/22 17:17:22 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mgdqxdek.dll
[2009/01/22 16:26:19 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\sbopqslu.dll
[2009/01/21 14:18:24 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xcoguipb.dll
[2008/09/29 00:36:04 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/29 00:36:00 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/31 13:46:53 | 00,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2008/05/15 18:05:18 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/20 23:12:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2008/01/19 17:39:36 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/25 01:30:28 | 00,106,496 | ---- | C] () -- C:\WINDOWS\fileutil.dll
[2007/07/17 19:42:49 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/07/17 19:42:49 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/04/29 13:45:06 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL
[2007/03/03 20:53:43 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/03/03 20:53:43 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/01/15 14:06:20 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/09/26 19:10:31 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.DLL
[2006/05/24 15:47:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/20 16:15:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/04/18 17:04:53 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/25 22:01:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/25 21:56:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/25 17:56:41 | 00,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2006/03/25 17:56:39 | 00,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2006/03/25 15:48:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/11 09:15:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/24 09:44:16 | 00,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/24 09:34:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/24 09:34:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/24 09:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/24 09:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/24 09:34:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/24 09:34:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/24 09:32:19 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/24 09:31:49 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/24 09:31:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/24 09:31:49 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/24 09:31:49 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/10 19:02:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/14 07:22:22 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/14 07:22:21 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/05/23 17:32:31 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/05/23 15:14:59 | 00,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/23 15:14:59 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/23 14:30:21 | 00,000,119 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/05/23 14:25:40 | 00,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2005/05/23 13:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/23 13:52:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/23 13:45:19 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/23 10:01:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/23 09:51:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/23 09:32:45 | 00,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/23 09:29:57 | 00,000,835 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/05/23 09:29:51 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/04/25 13:44:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/04/20 20:38:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/04/20 20:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/03/30 14:50:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/25 16:44:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/08/12 09:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/01/14 09:45:00 | 00,225,792 | ---- | C] () -- C:\WINDOWS\System32\sqlite.dll
[2004/01/13 19:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[8 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/12 15:29:41 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/12 15:28:01 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\wuxcptia.job
[2009/05/12 15:28:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/12 15:27:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/12 15:27:51 | 52,689,7152 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/11 21:29:54 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/11 19:15:55 | 00,483,361 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\HongKong_Skyline1.jpg
[2009/05/11 19:14:48 | 00,483,361 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\HongKong_Skyline.jpg
[2009/05/11 18:37:26 | 00,023,631 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\274351.doc
[2009/05/10 16:57:11 | 30,818,305 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\McJin_Meen_Fai_Rap_Mixtape.zip
[2009/05/10 10:42:38 | 00,094,016 | ---- | M] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/10 10:40:38 | 02,229,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/10 01:34:02 | 00,195,547 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\andrew-paglinawan_quicksand.zip
[2009/05/08 23:01:41 | 00,029,255 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\url.htm
[2009/05/06 15:08:52 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/06 15:08:51 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/06 15:08:49 | 00,484,106 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 23:10:44 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/05 17:30:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/05 17:00:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/05 16:50:55 | 03,012,988 | R--- | M] () -- C:\Documents and Settings\Oscar\Desktop\Combofix2.exe
[2009/05/05 16:49:37 | 03,012,988 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
[2009/05/05 14:54:50 | 01,896,749 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/05/03 20:08:51 | 03,692,115 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Epik High_One_(feat._Ji_Sun).mp3
[2009/05/03 20:01:56 | 05,564,416 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Epik High - Love Love Love.mp3
[2009/05/03 19:52:33 | 06,156,834 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Big bang -Haru Haru.mp3
[2009/05/03 19:28:45 | 04,976,265 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\BigBang - haru haru.mp3
[2009/05/03 13:27:37 | 04,865,247 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Big Bang, 21 - Lollipop.mp3
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 21:09:14 | 00,778,458 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\LAL_TOO_MUCH_FRUIT__by_randyotter.jpg
[2009/04/26 11:20:25 | 00,304,957 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\hjsplit.zip
[2009/04/26 11:16:49 | 35,840,2255 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\domokun.rar
[2009/04/26 10:01:19 | 00,000,639 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 09:44:47 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\domokun1.lnk
[2009/04/26 09:39:15 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\domokun.exe
[2009/04/26 09:38:02 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
[2009/04/25 22:08:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe
[2009/04/25 22:06:54 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Rooter.exe
[2009/04/25 22:01:39 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\NTREGOPT.lnk
[2009/04/25 22:01:39 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\ERUNT.lnk
[2009/04/25 22:01:03 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Oscar\Desktop\erunt_setup.exe
[2009/04/25 21:59:39 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Oscar\Desktop\SysRestorePoint.exe
[2009/04/23 21:41:02 | 01,575,492 | -H-- | M] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\IconCache.db
[2009/04/23 19:38:57 | 00,035,382 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2009/04/23 19:38:56 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/04/23 19:38:56 | 00,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2009/04/22 23:10:27 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\My Sharing Folders.lnk
[2009/04/22 23:09:29 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Windows Live Messenger .lnk
[2009/04/22 23:07:14 | 01,143,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Oscar\Desktop\wlsetup-web.exe
[2009/04/14 19:19:19 | 00,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2009/04/14 17:35:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/14 17:35:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
< End of report >
  • 0

#12
handhfan
Posted 12 May 2009 - 04:45 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#13
aznfeat
Posted 12 May 2009 - 05:05 PM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the fast reply!
This is my Combofix log:
ComboFix 09-05-12.04 - Oscar 05/12/2009 15:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.192 [GMT -7:00]
Running from: c:\documents and settings\Oscar\Desktop\ComboFix3.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Essentials Codec Pack
c:\program files\Essentials Codec Pack\ac3filter.ax
c:\program files\Essentials Codec Pack\AviSplitter.ax
c:\program files\Essentials Codec Pack\l3codecx.ax
c:\program files\Essentials Codec Pack\VSFilter.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-09 06:12 . 1998-07-30 20:20 102912 ----a-w c:\windows\system32\Scale_en.dll
2009-05-09 06:12 . 2001-12-03 23:01 105808 ----a-w c:\windows\system32\drivers\ICAM5D2.sys
2009-05-09 06:03 . 2009-05-09 06:03 -------- d-----w C:\temp
2009-05-09 06:03 . 2009-05-09 06:03 -------- d-----w c:\temp\cs110_XP
2009-05-08 05:38 . 2009-05-08 05:38 -------- d-----w C:\_OTListIt
2009-05-06 22:08 . 2009-05-06 22:08 -------- d-----w c:\documents and settings\Oscar\Application Data\Malwarebytes
2009-05-06 00:56 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-06 00:56 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-05-06 00:56 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-06 00:56 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-06 00:56 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-06 00:56 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-06 00:56 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-06 00:56 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-06 00:56 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-06 00:56 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-06 00:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-06 00:54 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-26 05:01 . 2009-04-26 05:01 -------- d-----w c:\program files\ERUNT
2009-04-24 02:36 . 2009-04-24 02:38 35382 ----a-w c:\windows\scunin.dat
2009-04-24 02:36 . 2009-04-24 02:38 967 ----a-w c:\windows\ScUnin.pif
2009-04-24 02:36 . 2009-04-24 02:38 94208 ----a-w c:\windows\ScUnin.exe
2009-04-24 02:35 . 2009-04-24 02:41 -------- d-----w c:\program files\Starcraft
2009-04-23 06:11 . 2009-05-12 01:26 -------- d-----w c:\documents and settings\Oscar\Tracing
2009-04-23 06:10 . 2009-04-23 06:10 -------- d-----w c:\program files\Microsoft Sync Framework

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 22:29 . 2005-05-23 21:28 -------- d-----w c:\program files\Notebook Maximizer
2009-05-12 04:29 . 2008-01-22 09:17 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-10 17:42 . 2006-04-15 22:59 94016 ----a-w c:\documents and settings\Oscar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 17:01 . 2009-04-26 17:01 -------- d-----w c:\program files\domokun(mbam)
2009-04-26 16:44 . 2008-11-24 00:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 06:11 . 2009-04-02 02:37 -------- d-----w c:\program files\Windows Live
2009-04-08 15:56 . 2005-05-23 21:24 -------- d-----w c:\program files\Common Files\Adobe
2009-04-08 06:34 . 2005-05-23 21:30 -------- d-----w c:\program files\Quicken
2009-04-08 06:32 . 2007-11-11 22:59 90888 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 06:06 . 2007-01-12 23:14 -------- d-----w c:\program files\Common Files\Ahead
2009-04-08 05:51 . 2008-01-15 09:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 05:42 . 2006-04-21 06:41 -------- d-----w c:\program files\Lavasoft
2009-04-08 05:41 . 2005-05-23 21:48 -------- d-----w c:\program files\Common Files\aolshare
2009-04-08 05:41 . 2005-05-23 21:48 -------- d-----w c:\program files\Common Files\AOL
2009-04-06 22:32 . 2008-11-24 00:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-11-24 00:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 08:35 . 2009-04-05 08:35 -------- d-----w c:\program files\VideoLAN
2009-04-05 04:36 . 2009-04-05 04:36 -------- d-----w c:\program files\Veoh Networks
2009-04-02 02:40 . 2009-04-02 02:40 -------- d-----w c:\program files\Microsoft
2009-04-02 02:39 . 2009-04-02 02:39 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 02:32 . 2009-04-02 02:32 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-29 20:58 . 2009-03-29 20:58 -------- d-----w c:\program files\Bonjour
2009-03-29 20:57 . 2006-05-29 04:27 -------- d-----w c:\program files\QuickTime
2009-03-27 00:54 . 2009-03-27 00:54 -------- d-----w c:\program files\PowerISO
2009-03-26 20:38 . 2005-05-23 21:43 -------- d-----w c:\program files\Google
2009-03-26 05:05 . 2009-03-26 05:05 -------- d-----w c:\program files\Adobe Media Player
2009-03-26 04:59 . 2009-03-26 04:59 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-26 04:50 . 2009-03-26 04:50 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-06 14:22 . 2005-05-23 16:29 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-05-23 16:29 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 07:22 . 2008-11-15 06:42 256 ----a-w c:\windows\system32\pool.bin
2009-02-20 18:09 . 2005-05-23 16:29 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-06_00.11.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 22:28 . 2009-05-12 22:28 16384 c:\windows\Temp\Perflib_Perfdata_4b4.dat
+ 2006-03-25 21:59 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2006-03-25 21:59 . 2007-08-11 03:46 26488 c:\windows\system32\spupdsvc.exe
+ 2005-05-23 16:29 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2005-05-23 16:29 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2009-05-09 06:12 . 2008-04-14 00:12 53760 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\vfwwdm32.dll
+ 2009-05-09 06:12 . 2008-04-13 18:45 25728 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\usbcamd2.sys
+ 2009-05-09 06:12 . 2008-04-13 18:45 49408 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\stream.sys
+ 2009-05-09 06:12 . 2008-04-14 00:12 16896 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\msyuv.dll
+ 2009-05-09 06:12 . 2008-04-14 00:11 47616 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\iyuv_32.dll
+ 2009-05-09 06:12 . 2001-08-18 05:36 20480 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\Icam5EXT.dll
+ 2009-05-09 06:12 . 2001-08-18 05:36 45056 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\Icam5com.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2005-05-23 16:29 . 2009-03-11 07:50 65446 c:\windows\system32\perfc009.dat
+ 2005-05-23 16:29 . 2009-05-06 22:08 65446 c:\windows\system32\perfc009.dat
+ 2005-05-23 16:51 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2005-05-23 16:51 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
- 2005-05-23 16:29 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2005-05-23 16:29 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\msyuv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\msyuv.dll
+ 2006-11-08 05:03 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 05:03 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
- 2005-05-23 16:51 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2005-05-23 16:51 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\iyuv_32.dll
- 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\iyuv_32.dll
- 2006-11-07 11:26 . 2008-10-16 13:11 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 11:26 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2005-05-23 16:29 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2005-05-23 16:29 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
+ 2005-05-23 16:29 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 19:58 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 19:58 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2009-03-29 06:38 . 2001-12-03 23:00 73728 c:\windows\system32\Icam5com.dll
- 2001-08-17 14:03 . 2008-04-13 18:45 25728 c:\windows\system32\drivers\usbcamd2.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25728 c:\windows\system32\drivers\USBCAMD2.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
- 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
+ 2007-02-18 02:48 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2001-08-17 14:03 . 2008-04-13 18:45 25728 c:\windows\system32\dllcache\usbcamd2.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
- 2006-05-10 05:23 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\dllcache\msyuv.dll
- 2007-05-10 05:40 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-10 05:40 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2006-05-10 05:22 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:22 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\dllcache\iyuv_32.dll
- 2007-05-10 05:40 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-10 05:40 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-11-07 11:26 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-11-07 11:26 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-11-07 11:26 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 11:26 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-03-29 06:38 . 2001-12-03 23:00 73728 c:\windows\system32\dllcache\icam5com.dll
- 2009-04-23 06:09 . 2009-04-23 06:09 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-05-06 02:58 . 2009-05-06 02:58 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-05-06 06:09 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-05-06 06:09 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-05-06 06:09 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-05-06 06:09 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-05-06 06:09 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-05-06 06:09 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2001-08-17 22:36 . 2001-08-18 05:36 8192 c:\windows\system32\tsbyuv.dll
- 2001-08-17 22:36 . 2001-08-18 06:36 8192 c:\windows\system32\tsbyuv.dll
+ 2009-05-09 06:12 . 2001-08-18 06:36 8192 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\tsbyuv.dll
+ 2009-05-09 06:12 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\ksuser.dll
+ 2001-08-17 22:36 . 2001-08-18 05:36 8192 c:\windows\system32\dllcache\tsbyuv.dll
- 2001-08-17 22:36 . 2001-08-18 06:36 8192 c:\windows\system32\dllcache\tsbyuv.dll
+ 2005-05-23 16:29 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2005-05-23 16:29 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
+ 2005-05-23 16:51 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2005-05-23 16:51 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2005-05-23 16:51 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
+ 2005-05-23 16:29 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2005-05-23 16:29 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2005-05-23 16:29 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2009-05-09 06:12 . 2008-04-14 00:12 294912 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\msh263.drv
+ 2009-05-09 06:12 . 2008-04-13 19:16 141056 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\ks.sys
+ 2009-05-09 06:12 . 2001-08-17 21:06 100992 c:\windows\system32\ReinstallBackups\0033\DriverFiles\i386\Icam5USB.sys
+ 2005-05-23 16:29 . 2009-05-06 22:08 411142 c:\windows\system32\perfh009.dat
- 2005-05-23 16:29 . 2009-03-11 07:50 411142 c:\windows\system32\perfh009.dat
- 2005-05-23 16:29 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
+ 2005-05-23 16:29 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
- 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
- 2006-11-08 05:03 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 05:03 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
- 2005-05-23 16:51 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2005-05-23 16:51 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
+ 2005-05-23 16:51 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2005-05-23 16:51 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2005-05-23 16:51 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2005-05-23 16:29 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2005-05-23 16:29 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2005-05-23 16:29 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2006-10-17 19:57 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 19:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2006-10-17 19:27 . 2008-10-16 20:38 383488 c:\windows\system32\ieapfltr.dll
- 2005-05-23 16:29 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
+ 2005-05-23 16:29 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
+ 2009-03-29 06:38 . 2001-12-03 23:00 155648 c:\windows\system32\Icam5EXT.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
- 2005-05-23 16:29 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
+ 2005-05-23 16:29 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
- 2006-05-10 05:23 . 2008-10-16 20:38 826368 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:23 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-08 05:03 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 05:03 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-10-17 20:05 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 20:05 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2008-10-15 00:16 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
- 2006-10-17 20:04 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 20:04 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:23 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:23 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:23 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-10 05:40 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-10 05:40 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2006-10-17 20:04 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-10 05:40 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 11:27 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-10 05:40 . 2008-10-16 20:38 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-10 05:40 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-11-07 11:25 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 11:25 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 11:27 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 11:27 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 11:26 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-07 11:26 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-29 06:38 . 2001-12-03 23:00 155648 c:\windows\system32\dllcache\icam5ext.dll
- 2006-05-10 05:22 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:22 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:22 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-05-10 05:22 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:22 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-11-07 11:26 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 11:26 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2005-05-23 16:28 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
+ 2005-05-23 16:28 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
+ 2005-05-23 16:28 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
- 2005-05-23 16:28 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-05-06 06:09 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-05-06 06:09 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-05-06 06:09 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-05-06 06:09 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-05-06 06:09 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-05-06 06:09 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2005-05-23 16:29 . 2009-02-09 11:13 1846784 c:\windows\system32\win32k.sys
- 2005-05-23 16:29 . 2008-10-16 20:38 1160192 c:\windows\system32\urlmon.dll
+ 2005-05-23 16:29 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
+ 2005-05-23 16:29 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
- 2005-05-23 16:29 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
- 2005-05-23 16:29 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2005-05-23 16:29 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
+ 2005-05-23 16:29 . 2009-02-06 11:08 2189056 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-08 02:02 2066048 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2008-08-14 09:33 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2005-05-23 16:29 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
- 2006-11-08 05:03 . 2008-10-16 20:38 6066176 c:\windows\system32\ieframe.dll
+ 2006-11-08 05:03 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
- 2006-09-06 07:01 . 2007-04-17 09:28 2455488 c:\windows\system32\ieapfltr.dat
+ 2006-09-06 07:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2005-05-23 09:46 . 2009-05-10 17:40 2229920 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 00:15 . 2009-02-09 11:13 1846784 c:\windows\system32\dllcache\win32k.sys
- 2006-05-10 05:23 . 2008-10-16 20:38 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 00:15 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 00:15 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 00:15 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 00:15 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 00:15 . 2009-02-08 02:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 00:15 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-15 00:15 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-10 05:40 . 2008-10-16 20:38 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-10 05:40 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-10 05:40 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2007-05-10 05:40 . 2007-04-17 09:28 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-05-06 06:09 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-05-06 06:09 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-05-06 06:09 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-05-06 06:09 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2008-10-15 00:15 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 00:15 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 00:15 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 00:15 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 00:15 . 2009-02-08 02:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 00:15 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 00:15 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-05-23 16:30 . 2008-11-12 01:34 10838016 c:\windows\system32\wmp.dll
+ 2006-03-26 01:00 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
+ 2005-05-23 16:30 . 2008-11-12 01:34 10838016 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-21 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 180224]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 40960]
"IVPServiceMgr"="c:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 475136]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Auto EPSON Stylus Photo RX620 Series on LIVINGRM"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-26 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2004-05-01 28672]
"TFncKy"="TFncKy.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-04-12 88358]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-12-28 270336]
"ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-05-01 24576]
"CFSServ.exe"="CFSServ.exe" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2003-11-06 53248]
"BTSETBOOTKEY"="BTSetBootKey.exe" - c:\windows\system32\BTSetBootKey.exe [2003-04-15 36864]

c:\documents and settings\Oscar\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-5-18 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-2 113664]
Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2005-5-23 329472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-24 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Documents and Settings\\Oscar\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [9/26/2006 7:10 PM 57512]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [9/26/2006 7:10 PM 15876]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [5/23/2005 2:25 PM 23296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys --> c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 13);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 16:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-12 16:02
ComboFix-quarantined-files.txt 2009-05-12 23:01
ComboFix2.txt 2009-05-06 00:32
ComboFix3.txt 2009-05-06 00:13

Pre-Run: 1,594,728,448 bytes free
Post-Run: 1,578,622,976 bytes free

515 --- E O F --- 2009-05-06 06:11


This is my HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:50 PM, on 5/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RAMASST.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O1 - Hosts: 128.95.198.85 uwcps_rainiers.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.87 uwcps_libr_ps.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.88 uwcps-art-sci.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.86 uwcps-dept-ps.uwcps.pubserv.washington.edu
O1 - Hosts: 128.95.198.85 uwcps_rainiers
O1 - Hosts: 128.95.198.87 uwcps_libr_ps
O1 - Hosts: 128.95.198.88 uwcps-art-sci
O1 - Hosts: 128.95.198.86 uwcps-dept-ps
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX620 Series on LIVINGRM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P48 "Auto EPSON Stylus Photo RX620 Series on LIVINGRM" /O19 "\\LIVINGRM\EPSONSty" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 15857 bytes
  • 0

#14
handhfan
Posted 12 May 2009 - 05:57 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\System32\ujoxncxx.dll
C:\WINDOWS\System32\wbkgtxua.dll
C:\WINDOWS\System32\cxmwvlnq.dll
C:\WINDOWS\System32\lyfdwdyc.dll
C:\WINDOWS\System32\atihawvt.dll
C:\WINDOWS\System32\ylskqptp.dll
C:\WINDOWS\System32\vflergbl.dll
C:\WINDOWS\System32\bmmbatuf.dll
C:\WINDOWS\System32\wfxlkrtl.dll
C:\WINDOWS\System32\jincfaba.dll
C:\WINDOWS\System32\xinlasin.dll
C:\WINDOWS\System32\bvoaeaey.dll
C:\WINDOWS\System32\mgdqxdek.dll
C:\WINDOWS\System32\sbopqslu.dll
C:\WINDOWS\System32\xcoguipb.dll

Reboot::



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListIt2 log.

  • 0

#15
aznfeat
Posted 12 May 2009 - 07:21 PM

aznfeat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the fast reply again!

This is my ComboFix Log:

ComboFix 09-05-12.04 - Oscar 05/12/2009 17:41.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.80 [GMT -7:00]
Running from: c:\documents and settings\Oscar\Desktop\ComboFix3.exe
Command switches used :: c:\documents and settings\Oscar\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)

FILE ::
c:\windows\System32\atihawvt.dll
c:\windows\System32\bmmbatuf.dll
c:\windows\System32\bvoaeaey.dll
c:\windows\System32\cxmwvlnq.dll
c:\windows\System32\jincfaba.dll
c:\windows\System32\lyfdwdyc.dll
c:\windows\System32\mgdqxdek.dll
c:\windows\System32\sbopqslu.dll
c:\windows\System32\ujoxncxx.dll
c:\windows\System32\vflergbl.dll
c:\windows\System32\wbkgtxua.dll
c:\windows\System32\wfxlkrtl.dll
c:\windows\System32\xcoguipb.dll
c:\windows\System32\xinlasin.dll
c:\windows\System32\ylskqptp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\atihawvt.dll
c:\windows\System32\bmmbatuf.dll
c:\windows\System32\bvoaeaey.dll
c:\windows\System32\cxmwvlnq.dll
c:\windows\System32\jincfaba.dll
c:\windows\System32\lyfdwdyc.dll
c:\windows\System32\mgdqxdek.dll
c:\windows\System32\sbopqslu.dll
c:\windows\System32\ujoxncxx.dll
c:\windows\System32\vflergbl.dll
c:\windows\System32\wbkgtxua.dll
c:\windows\System32\wfxlkrtl.dll
c:\windows\System32\xcoguipb.dll
c:\windows\System32\xinlasin.dll
c:\windows\System32\ylskqptp.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-12 23:04 . 2009-05-12 23:04 -------- d-----w c:\program files\Trend Micro
2009-05-09 06:12 . 1998-07-30 20:20 102912 ----a-w c:\windows\system32\Scale_en.dll
2009-05-09 06:12 . 2001-12-03 23:01 105808 ----a-w c:\windows\system32\drivers\ICAM5D2.sys
2009-05-09 06:03 . 2009-05-09 06:03 -------- d-----w C:\temp
2009-05-09 06:03 . 2009-05-09 06:03 -------- d-----w c:\temp\cs110_XP
2009-05-08 05:38 . 2009-05-08 05:38 -------- d-----w C:\_OTListIt
2009-05-06 22:08 . 2009-05-06 22:08 -------- d-----w c:\documents and settings\Oscar\Application Data\Malwarebytes
2009-05-06 00:56 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-06 00:56 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-05-06 00:56 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-06 00:56 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-06 00:56 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-06 00:56 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-06 00:56 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-06 00:56 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-06 00:56 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-06 00:56 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-06 00:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-06 00:54 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-26 05:01 . 2009-04-26 05:01 -------- d-----w c:\program files\ERUNT
2009-04-24 02:36 . 2009-04-24 02:38 35382 ----a-w c:\windows\scunin.dat
2009-04-24 02:36 . 2009-04-24 02:38 967 ----a-w c:\windows\ScUnin.pif
2009-04-24 02:36 . 2009-04-24 02:38 94208 ----a-w c:\windows\ScUnin.exe
2009-04-24 02:35 . 2009-04-24 02:41 -------- d-----w c:\program files\Starcraft
2009-04-23 06:11 . 2009-05-12 01:26 -------- d-----w c:\documents and settings\Oscar\Tracing
2009-04-23 06:10 . 2009-04-23 06:10 -------- d-----w c:\program files\Microsoft Sync Framework

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 01:07 . 2005-05-23 21:28 -------- d-----w c:\program files\Notebook Maximizer
2009-05-12 04:29 . 2008-01-22 09:17 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-10 17:42 . 2006-04-15 22:59 94016 ----a-w c:\documents and settings\Oscar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 17:01 . 2009-04-26 17:01 -------- d-----w c:\program files\domokun(mbam)
2009-04-26 16:44 . 2008-11-24 00:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 06:11 . 2009-04-02 02:37 -------- d-----w c:\program files\Windows Live
2009-04-08 15:56 . 2005-05-23 21:24 -------- d-----w c:\program files\Common Files\Adobe
2009-04-08 06:34 . 2005-05-23 21:30 -------- d-----w c:\program files\Quicken
2009-04-08 06:32 . 2007-11-11 22:59 90888 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 06:06 . 2007-01-12 23:14 -------- d-----w c:\program files\Common Files\Ahead
2009-04-08 05:51 . 2008-01-15 09:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 05:42 . 2006-04-21 06:41 -------- d-----w c:\program files\Lavasoft
2009-04-08 05:41 . 2005-05-23 21:48 -------- d-----w c:\program files\Common Files\aolshare
2009-04-08 05:41 . 2005-05-23 21:48 -------- d-----w c:\program files\Common Files\AOL
2009-04-06 22:32 . 2008-11-24 00:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-11-24 00:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 08:35 . 2009-04-05 08:35 -------- d-----w c:\program files\VideoLAN
2009-04-05 04:36 . 2009-04-05 04:36 -------- d-----w c:\program files\Veoh Networks
2009-04-02 02:40 . 2009-04-02 02:40 -------- d-----w c:\program files\Microsoft
2009-04-02 02:39 . 2009-04-02 02:39 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 02:32 . 2009-04-02 02:32 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-29 20:58 . 2009-03-29 20:58 -------- d-----w c:\program files\Bonjour
2009-03-29 20:57 . 2006-05-29 04:27 -------- d-----w c:\program files\QuickTime
2009-03-27 00:54 . 2009-03-27 00:54 -------- d-----w c:\program files\PowerISO
2009-03-26 20:38 . 2005-05-23 21:43 -------- d-----w c:\program files\Google
2009-03-26 05:05 . 2009-03-26 05:05 -------- d-----w c:\program files\Adobe Media Player
2009-03-26 04:59 . 2009-03-26 04:59 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-26 04:50 . 2009-03-26 04:50 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-06 14:22 . 2005-05-23 16:29 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-05-23 16:29 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 07:22 . 2008-11-15 06:42 256 ----a-w c:\windows\system32\pool.bin
2009-02-20 18:09 . 2005-05-23 16:29 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-12_23.00.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-13 00:46 . 2009-05-13 00:46 16384 c:\windows\temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-21 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 180224]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 40960]
"IVPServiceMgr"="c:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 475136]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Auto EPSON Stylus Photo RX620 Series on LIVINGRM"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-26 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2004-05-01 28672]
"TFncKy"="TFncKy.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-04-12 88358]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-12-28 270336]
"ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-05-01 24576]
"CFSServ.exe"="CFSServ.exe" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2003-11-06 53248]
"BTSETBOOTKEY"="BTSetBootKey.exe" - c:\windows\system32\BTSetBootKey.exe [2003-04-15 36864]

c:\documents and settings\Oscar\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-5-18 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-2 113664]
Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2005-5-23 329472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-24 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Documents and Settings\\Oscar\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [9/26/2006 7:10 PM 57512]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [9/26/2006 7:10 PM 15876]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [5/23/2005 2:25 PM 23296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys --> c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\s4tekugi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 13);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 18:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1232)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2276)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\progra~1\McAfee.com\VSO\mcvsrte.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\METAMA~1\METAMA~1\METAMA~2.EXE
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
.
**************************************************************************
.
Completion time: 2009-05-13 18:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-13 01:12
ComboFix2.txt 2009-05-12 23:02
ComboFix3.txt 2009-05-06 00:32
ComboFix4.txt 2009-05-06 00:13

Pre-Run: 1,520,922,624 bytes free
Post-Run: 1,519,611,904 bytes free

329 --- E O F --- 2009-05-06 06:11

This is my OTLI2 Log:

OTListIt logfile created on: 5/12/2009 6:13:53 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Oscar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 126.32 Mb Available Physical Memory | 25.14% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 71.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 1.44 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
Drive D: | 321.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Oscar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - c:\Program Files\McAfee.com\VSO\mcvsrte.exe (Networks Associates Technology, Inc)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (Networks Associates Technology, Inc)
PRC - c:\Program Files\McAfee.com\VSO\McVSEscn.exe (Networks Associates Technology, Inc)
PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\BtUsrBdg.exe (Extended Systems, Inc.)
PRC - C:\WINDOWS\system32\BTSetBootKey.exe ()
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\toshiba\ivp\ism\ivpsvmgr.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Metamail Inc\Metamail Reader\Metamail Secure Server.exe (Metamail Corp.)
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - c:\Program Files\McAfee.com\VSO\McShield.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe (Windigo Systems)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (EPSON_PM_RPCV2_01 [Auto | Running]) -- C:\WINDOWS\system32\E_S00RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McDetect.exe [Auto | Running]) -- c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
SRV - (McShield [On_Demand | Running]) -- c:\Program Files\McAfee.com\VSO\McShield.exe ()
SRV - (McTskshd.exe [Auto | Running]) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (MCVSRte [Auto | Running]) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe (Networks Associates Technology, Inc)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (BTCOMM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Btcomm.sys (Windigo Systems)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BTKRNBDG [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys (Windigo Systems)
DRV - (BTNetFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (ICAM5USB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ICAM5D2.sys (Intel Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (IWCA [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\iwca.sys (Intel Corporation)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (NaiFiltr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys ()
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (npkcrypt [Auto | Running]) -- C:\Nexon\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SerTVOutCtlr [System | Running]) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SrvcEKIOMngr [System | Running]) -- C:\WINDOWS\System32\Drivers\EKIoMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (SrvcSSIOMngr [System | Running]) -- C:\WINDOWS\System32\Drivers\SSIoMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (TBiosDrv [Auto | Running]) -- C:\WINDOWS\system32\drivers\TBiosDrv.sys ()
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (TPwSav [System | Running]) -- C:\WINDOWS\System32\Drivers\TPwSav.sys (TOSHIBA )
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.34

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/02 01:55:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/05 22:59:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/05 17:07:42 | 00,000,000 | ---D | M]

[2008/07/07 00:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Extensions
[2008/07/07 00:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/12 15:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions
[2009/05/02 13:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/05/02 19:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2006/03/25 15:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
[2009/04/18 11:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/04 21:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\mozilla\Firefox\Profiles\s4tekugi.default\extensions\[email protected]
[2009/05/12 15:40:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 17:58:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/05 22:28:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/28 19:22:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/22 16:02:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/18 15:11:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/02 01:56:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/24 18:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/27 17:58:18 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 17:58:18 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/28 21:44:52 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/28 21:44:52 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/28 21:44:52 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/28 21:44:52 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/28 21:44:53 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/28 21:44:53 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/28 21:44:53 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/28 21:44:53 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX620 Series on LIVINGRM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P48 "Auto EPSON Stylus Photo RX620 Series on LIVINGRM" /O19 "\\LIVINGRM\EPSONSty" /M "Stylus Photo RX620" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [BTSETBOOTKEY] BTSetBootKey.exe ()
O4 - HKLM..\Run: [BTUSRBDG] BtUsrBdg.exe (Extended Systems, Inc.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe (Ingenuiti)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [ZoomingHook] ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll (Metamail Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/12 18:05:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/12 17:43:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/12 16:04:35 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\HijackThis.lnk
[2009/05/12 16:04:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/12 16:04:19 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Oscar\Desktop\HJTInstall.exe
[2009/05/12 15:51:02 | 03,021,595 | R--- | C] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix3.exe
[2009/05/11 19:41:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\Panels
[2009/05/11 19:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\images
[2009/05/11 19:15:52 | 00,483,361 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\HongKong_Skyline1.jpg
[2009/05/11 19:14:38 | 00,483,361 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\HongKong_Skyline.jpg
[2009/05/11 18:37:26 | 00,023,631 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\274351.doc
[2009/05/10 16:56:45 | 30,818,305 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\McJin_Meen_Fai_Rap_Mixtape.zip
[2009/05/10 01:34:02 | 00,195,547 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\andrew-paglinawan_quicksand.zip
[2009/05/08 23:12:48 | 00,012,771 | ---- | C] () -- C:\WINDOWS\System32\Icam5UNI.hlp
[2009/05/08 23:03:24 | 00,000,000 | ---D | C] -- C:\temp
[2009/05/08 23:01:40 | 00,029,255 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\url.htm
[2009/05/07 22:38:33 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 15:08:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\Malwarebytes
[2009/05/05 19:51:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\Kentridge
[2009/05/05 17:56:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/05 17:56:06 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/05 17:56:06 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/05/05 17:56:05 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/05 17:56:05 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/05 17:56:04 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/05 17:56:04 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/05 17:56:04 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/05 17:56:04 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/05 17:56:04 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/05 17:54:41 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/05 17:54:41 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/05 17:54:41 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/05 17:00:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/05 16:59:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/05 16:59:52 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/05 16:57:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/05 16:57:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/05 16:57:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/05 16:57:21 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/05 16:57:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/05 16:57:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/05 16:57:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/05 16:57:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/05 16:51:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/05 16:50:51 | 03,012,988 | R--- | C] () -- C:\Documents and Settings\Oscar\Desktop\Combofix2.exe
[2009/05/05 16:49:16 | 03,012,988 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
[2009/05/03 20:08:44 | 03,692,115 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Epik High_One_(feat._Ji_Sun).mp3
[2009/05/03 20:01:45 | 05,564,416 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Epik High - Love Love Love.mp3
[2009/05/03 19:52:13 | 06,156,834 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Big bang -Haru Haru.mp3
[2009/05/03 19:28:37 | 04,976,265 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\BigBang - haru haru.mp3
[2009/05/03 13:26:25 | 04,865,247 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Big Bang, 21 - Lollipop.mp3
[2009/04/27 21:09:05 | 00,778,458 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\LAL_TOO_MUCH_FRUIT__by_randyotter.jpg
[2009/04/27 20:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\My Documents\BitTorrent Downloads
[2009/04/27 20:13:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\BitTorrent
[2009/04/27 18:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\vlc
[2009/04/26 11:20:23 | 00,304,957 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\hjsplit.zip
[2009/04/26 11:05:30 | 35,840,2255 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\domokun.rar
[2009/04/26 10:01:19 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 10:01:14 | 00,000,000 | ---D | C] -- C:\Program Files\domokun(mbam)
[2009/04/26 09:44:47 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\domokun1.lnk
[2009/04/26 09:39:09 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\domokun.exe
[2009/04/26 09:38:01 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
[2009/04/25 22:08:17 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe
[2009/04/25 22:07:14 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/25 22:06:54 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Rooter.exe
[2009/04/25 22:02:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/25 22:01:39 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\NTREGOPT.lnk
[2009/04/25 22:01:39 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\ERUNT.lnk
[2009/04/25 22:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/25 22:01:03 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Oscar\Desktop\erunt_setup.exe
[2009/04/25 21:59:39 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Oscar\Desktop\SysRestorePoint.exe
[2009/04/23 19:36:46 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/04/23 19:36:46 | 00,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2009/04/23 19:36:46 | 00,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2009/04/23 19:35:23 | 00,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2009/04/22 23:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/04/22 23:09:29 | 00,001,847 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Windows Live Messenger .lnk
[2009/04/22 23:07:13 | 01,143,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Oscar\Desktop\wlsetup-web.exe
[2008/09/29 00:36:04 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/29 00:36:00 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/31 13:46:53 | 00,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2008/05/15 18:05:18 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/20 23:12:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2008/01/19 17:39:36 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/25 01:30:28 | 00,106,496 | ---- | C] () -- C:\WINDOWS\fileutil.dll
[2007/07/17 19:42:49 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/07/17 19:42:49 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/04/29 13:45:06 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL
[2007/03/03 20:53:43 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/03/03 20:53:43 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/01/15 14:06:20 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/09/26 19:10:31 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.DLL
[2006/05/24 15:47:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/20 16:15:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/04/18 17:04:53 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/25 22:01:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/25 21:56:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/25 17:56:41 | 00,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2006/03/25 17:56:39 | 00,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2006/03/25 15:48:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/11 09:15:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/24 09:44:16 | 00,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/24 09:34:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/24 09:34:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/24 09:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/24 09:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/24 09:34:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/24 09:34:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/24 09:32:19 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/24 09:31:49 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/24 09:31:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/24 09:31:49 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/24 09:31:49 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/10 19:02:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/14 07:22:22 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/14 07:22:21 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/05/23 17:32:31 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/05/23 15:14:59 | 00,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/23 15:14:59 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/23 14:30:21 | 00,000,119 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/05/23 14:25:40 | 00,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2005/05/23 13:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/23 13:52:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/23 13:45:19 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/23 10:01:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/23 09:51:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/23 09:32:45 | 00,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/23 09:29:57 | 00,000,835 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/05/23 09:29:51 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/04/25 13:44:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/04/20 20:38:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/04/20 20:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/03/30 14:50:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/25 16:44:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/08/12 09:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/01/14 09:45:00 | 00,225,792 | ---- | C] () -- C:\WINDOWS\System32\sqlite.dll
[2004/01/13 19:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[8 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/12 18:07:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/12 18:07:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/12 18:05:05 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/12 18:04:59 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\wuxcptia.job
[2009/05/12 18:04:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/12 18:04:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/12 18:04:48 | 52,689,7152 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/12 16:04:35 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\HijackThis.lnk
[2009/05/12 16:04:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Oscar\Desktop\HJTInstall.exe
[2009/05/12 15:51:24 | 03,021,595 | R--- | M] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix3.exe
[2009/05/11 21:29:54 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/11 19:15:55 | 00,483,361 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\HongKong_Skyline1.jpg
[2009/05/11 19:14:48 | 00,483,361 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\HongKong_Skyline.jpg
[2009/05/11 18:37:26 | 00,023,631 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\274351.doc
[2009/05/10 16:57:11 | 30,818,305 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\McJin_Meen_Fai_Rap_Mixtape.zip
[2009/05/10 10:42:38 | 00,094,016 | ---- | M] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/10 10:40:38 | 02,229,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/10 01:34:02 | 00,195,547 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\andrew-paglinawan_quicksand.zip
[2009/05/08 23:01:41 | 00,029,255 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\url.htm
[2009/05/06 15:08:52 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/06 15:08:51 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/06 15:08:49 | 00,484,106 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 23:10:44 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/05 17:00:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/05 16:50:55 | 03,012,988 | R--- | M] () -- C:\Documents and Settings\Oscar\Desktop\Combofix2.exe
[2009/05/05 16:49:37 | 03,012,988 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\ComboFix.exe
[2009/05/05 14:54:50 | 01,896,749 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/05/03 20:08:51 | 03,692,115 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Epik High_One_(feat._Ji_Sun).mp3
[2009/05/03 20:01:56 | 05,564,416 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Epik High - Love Love Love.mp3
[2009/05/03 19:52:33 | 06,156,834 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Big bang -Haru Haru.mp3
[2009/05/03 19:28:45 | 04,976,265 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\BigBang - haru haru.mp3
[2009/05/03 13:27:37 | 04,865,247 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Big Bang, 21 - Lollipop.mp3
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 21:09:14 | 00,778,458 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\LAL_TOO_MUCH_FRUIT__by_randyotter.jpg
[2009/04/26 11:20:25 | 00,304,957 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\hjsplit.zip
[2009/04/26 11:16:49 | 35,840,2255 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\domokun.rar
[2009/04/26 10:01:19 | 00,000,639 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 09:44:47 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\domokun1.lnk
[2009/04/26 09:39:15 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\domokun.exe
[2009/04/26 09:38:02 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup.exe
[2009/04/25 22:08:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oscar\Desktop\OTListIt2.exe
[2009/04/25 22:06:54 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Rooter.exe
[2009/04/25 22:01:39 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\NTREGOPT.lnk
[2009/04/25 22:01:39 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\ERUNT.lnk
[2009/04/25 22:01:03 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Oscar\Desktop\erunt_setup.exe
[2009/04/25 21:59:39 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Oscar\Desktop\SysRestorePoint.exe
[2009/04/23 21:41:02 | 01,575,492 | -H-- | M] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\IconCache.db
[2009/04/23 19:38:57 | 00,035,382 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2009/04/23 19:38:56 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/04/23 19:38:56 | 00,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2009/04/22 23:10:27 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\My Sharing Folders.lnk
[2009/04/22 23:09:29 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Windows Live Messenger .lnk
[2009/04/22 23:07:14 | 01,143,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Oscar\Desktop\wlsetup-web.exe
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/14 19:19:19 | 00,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2009/04/14 17:35:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/14 17:35:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP