View Full Version : Virtumonde Malware Removal Help
gblgbl38
2009-02-08, 02:20
I have a recurring virtumonde malware problem and need help in getting rid of it. I've downloaded and updated SpyBot S&D, MalwareBytes Anti-Malware, and HijackThis. I have AVG Anti-Virus, but it won't fully install for me, and I haven't renewed my McAfee AV license, so I am currently exposed without an AV program running.
Please help. Attached is my current HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:47 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iedw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {855cd5a3-99bd-4c0a-9e1e-5845c5e99c91} - C:\WINDOWS\system32\hulifeki.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: {caeb48a1-c18b-dd89-d694-dc1770b954ff} - {ff459b07-71cd-496d-98dd-b81c1a84beac} - C:\WINDOWS\system32\lmqndu.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s
O4 - HKLM\..\Run: [CPM33c3cd2b] Rundll32.exe "c:\windows\system32\peroruvo.dll",a
O4 - HKLM\..\Run: [30f0feb7] rundll32.exe "C:\WINDOWS\system32\nohisoye.dll",b
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7642] command /c del "c:\windows\system32\gumapoke.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4170] cmd /c del "c:\windows\system32\gumapoke.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6427] command /c del "C:\WINDOWS\system32\nohisoye.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2471] cmd /c del "C:\WINDOWS\system32\nohisoye.dll_old"
O4 - HKLM\..\RunOnce: [VcClnUp.exe] C:\DOCUME~1\shalisa\LOCALS~1\Temp\VcClnUp0.exe -F C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg /RemoveAll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7232] command /c del "c:\windows\system32\gumapoke.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9409] cmd /c del "c:\windows\system32\gumapoke.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3129] command /c del "C:\WINDOWS\system32\nohisoye.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7196] cmd /c del "C:\WINDOWS\system32\nohisoye.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZSzim055YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://shalisamarie03.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB3718FA-D1F4-4698-80C2-BEAD94ABC046}: NameServer = 208.186.134.101,208.186.134.102
O20 - AppInit_DLLs: tkylgr.dll C:\WINDOWS\system32\dobafigi.dll c:\windows\system32\zomisula.dll c:\windows\system32\lidanufu.dll umtokf.dll C:\WINDOWS\system32\yohilite.dll mdaeta.dll c:\windows\system32\venijija.dll iqhiyk.dll C:\WINDOWS\system32\veyevida.dll c:\windows\system32\peroruvo.dll c:\windows\system32\pewofesa.dll c:\windows\system32\halojoge.dll c:\windows\system32\gumapoke.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\peroruvo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\peroruvo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 12742 bytes
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Hi gblgbl38,
Is this the same machine that Shelf life was helping with, or is it the neighbours machine ?
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
gblgbl38
2009-02-11, 22:06
Hello Katana,
Thank you for your help. Yes, this is the neighbor's machine and not the same that Shelf Life was helping me with. I've left instructions with the neighbor to follow exactly any instructions she receives in this forum, and I will be available to help her if she has any questions and will monitor this thread with her as well.
I will follow up to make sure she understands your initial instructions.
gblgbl38
2009-02-14, 06:04
Hello Katana,
I have ran RIST.exe and attached is the content of the log.txt.
Logfile of random's system information tool 1.05 (written by random/random)
Run by shalisa at 2009-02-13 20:43:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 94 MB (0%) free of 54 GB
Total RAM: 1022 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:16 PM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\shalisa\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\shalisa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {855cd5a3-99bd-4c0a-9e1e-5845c5e99c91} - C:\WINDOWS\system32\hulifeki.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: {caeb48a1-c18b-dd89-d694-dc1770b954ff} - {ff459b07-71cd-496d-98dd-b81c1a84beac} - C:\WINDOWS\system32\lmqndu.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s
O4 - HKLM\..\Run: [CPM33c3cd2b] Rundll32.exe "c:\windows\system32\huwiyuke.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZSzim055YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://shalisamarie03.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB3718FA-D1F4-4698-80C2-BEAD94ABC046}: NameServer = 208.186.134.101,208.186.134.102
O20 - AppInit_DLLs: tkylgr.dll C:\WINDOWS\system32\dobafigi.dll c:\windows\system32\zomisula.dll c:\windows\system32\lidanufu.dll umtokf.dll C:\WINDOWS\system32\yohilite.dll mdaeta.dll c:\windows\system32\venijija.dll iqhiyk.dll C:\WINDOWS\system32\veyevida.dll c:\windows\system32\gumapoke.dll c:\windows\system32\huwiyuke.dll c:\windows\system32\hedukage.dll c:\windows\system32\seyayewi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwiyuke.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwiyuke.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 11875 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1163907846.job
C:\WINDOWS\tasks\rdazhhss.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{855cd5a3-99bd-4c0a-9e1e-5845c5e99c91}]
C:\WINDOWS\system32\hulifeki.dll [65535-65535-31889 64170]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-05 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-05 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-05 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff459b07-71cd-496d-98dd-b81c1a84beac}]
C:\WINDOWS\system32\lmqndu.dll [2009-01-29 135272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-05 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"mojanuyogo"=C:\WINDOWS\system32\tinonere.dll [65535-65535-31889 64170]
"CPM33c3cd2b"=c:\windows\system32\peroruvo.dll [2009-02-04 107647]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-12 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\11301208366269784378834874340649]
C:\Program Files\Antivirus 2009\av2009.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="tkylgr.dll C:\WINDOWS\system32\dobafigi.dll c:\windows\system32\zomisula.dll c:\windows\system32\lidanufu.dll umtokf.dll C:\WINDOWS\system32\yohilite.dll mdaeta.dll c:\windows\system32\venijija.dll iqhiyk.dll C:\WINDOWS\system32\veyevida.dll c:\windows\system32\gumapoke.dll c:\windows\system32\huwiyuke.dll c:\windows\system32\hedukage.dll c:\windows\system32\seyayewi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwiyuke.dll [2009-02-11 108845]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvUOHwW
"notification packages"=scecli
C:\WINDOWS\system32\roloropo.dll
C:\WINDOWS\system32\rarunuku.dll
C:\WINDOWS\system32\renazuvi.dll
C:\WINDOWS\system32\dobafigi.dll
C:\WINDOWS\system32\yohilite.dll
C:\WINDOWS\system32\veyevida.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"="C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe:*:Enabled:symlcsvc"
"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe:*:Enabled:ccEvtMgr"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\HPZipm12.exe"="C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Norton Ghost\Agent\VProSvc.exe"="C:\Program Files\Norton Ghost\Agent\VProSvc.exe:*:Enabled:VProSvc"
"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe"="C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe:*:Enabled:sqlservr"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Dell Support Center\bin\sprtsvc.exe"="C:\Program Files\Dell Support Center\bin\sprtsvc.exe:*:Enabled:sprtsvc"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy"
"C:\WINDOWS\system32\dwwin.exe"="C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin"
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe"="C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb7ed184-e5c9-11dd-b7c8-001676a9a773}]
shell\AutoRun\command - F:\USBAutoRun.exe
======List of files/folders created in the last 1 months======
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\sefewana.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\kipiheba.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\jukohani.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\hajutuki.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\gumapoke.dll_old
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\yujitana.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\lululune.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\bawayeka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ziyewila.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zitotela.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zimuworo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zigomobo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zidoyowi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zehigipu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zefumiwu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zebelivu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zafufovi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yosohede.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yosineku.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yojonaso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yitidena.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yesukeje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yemiruje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yaruvofo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yapakati.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\woyawizi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wepejapu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wavoyolu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vumehijo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vosukidu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vomuganu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\veyevida.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vepineto.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tumigike.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tomuzipu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tiyupotu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tinonere.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tesifoti.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tanovivo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\takihiru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\suyetebo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sumonibe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\soziredo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\soyopuvo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sosilore.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sokodewu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\seyayewi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\semasema.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\seduvumo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\robejaku.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ribemago.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ribehige.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\remebeyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rawuyona.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rarunuku.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pulovuwi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\potibubi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\polekove.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pojavoru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pinafadi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pihuzura.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pidizowi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pewofesa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\peroruvo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nuvoyijo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\numisufe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nosadepu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nofohogo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nijopido.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nifisofo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nepivoyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nehakite.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mudagodu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mubohome.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mizuyoha.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mivalivo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\miliyepa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\melunule.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\matumiga.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lulakodu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lolanayo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lokudeti.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\logipefu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lilofati.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lekegafu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lebobofu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lapujide.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kozezupo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kotafeka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kipiheba.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kilatape.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kedisuzo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\katowola.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kamideva.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kakinahu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kafimehe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\junegehu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jokilake.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jisaleyu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jinuyeju.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jimekaju.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jepazeje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\huwiyuke.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hulifeki.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hezigotu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hedukage.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\halojoge.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hajakari.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\govegomu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gomopiwe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\godisida.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gekujoni.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gavulowe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fozehuka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fihatoye.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\feyujafi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\feviliru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fepabavi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fekidafa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fehamito.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fasapako.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\duweweba.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\domemaha.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dijipire.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\deyagehu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dawusere.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dakuzuso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bozuneyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bezayedo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bevukeyo.dll
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\ZOMISULA.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\YOHILITE.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\YESIGOJU.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\WOBEBUPI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\VENIJIJA.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\SAMISEDE.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\RENAZUVI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\NUVANIFI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\MALARUWO.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\LUTAYESI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\LIDANUFU.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\DOBAFIGI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\DEGUKIME.DLL.del
2009-02-13 20:43:12 ----D---- C:\rsit
2009-02-13 18:13:13 ----SH---- C:\WINDOWS\system32\osuzukad.ini
2009-02-13 18:11:34 ----ASH---- C:\WINDOWS\system32\mmnlyw.dll
2009-02-12 15:39:09 ----SH---- C:\WINDOWS\system32\obeteyus.ini
2009-02-12 15:32:32 ----SH---- C:\WINDOWS\system32\gokuteho.dll
2009-02-12 15:32:22 ----ASH---- C:\WINDOWS\system32\ehprqo.dll
2009-02-11 17:57:30 ----SH---- C:\WINDOWS\system32\udikusov.ini
2009-02-11 17:56:49 ----SH---- C:\WINDOWS\system32\boruviya.dll
2009-02-11 17:56:29 ----ASH---- C:\WINDOWS\system32\zyimod.dll
2009-02-10 15:44:50 ----SH---- C:\WINDOWS\system32\iyenuzob.ini
2009-02-10 15:43:43 ----ASH---- C:\WINDOWS\system32\efjmov.dll
2009-02-09 07:16:59 ----SH---- C:\WINDOWS\system32\romabotu.dll
2009-02-09 07:16:26 ----SH---- C:\WINDOWS\system32\ewipomog.ini
2009-02-09 07:16:20 ----ASH---- C:\WINDOWS\system32\cdogfk.dll
2009-02-08 19:19:52 ----SH---- C:\WINDOWS\system32\urukejet.ini
2009-02-08 19:16:11 ----ASH---- C:\WINDOWS\system32\bxmqhy.dll
2009-02-07 17:04:09 ----SHD---- C:\Config.Msi
2009-02-07 16:25:41 ----D---- C:\Documents and Settings\shalisa\Application Data\Malwarebytes
2009-02-07 16:25:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-07 16:25:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-07 16:23:20 ----D---- C:\Program Files\Trend Micro
2009-02-07 16:04:34 ----SH---- C:\WINDOWS\system32\eyosihon.ini
2009-02-07 16:04:25 ----A---- C:\WINDOWS\system32\enkvrn.dll
2009-02-06 16:12:25 ----SH---- C:\WINDOWS\system32\inahokuj.ini
2009-02-06 16:10:50 ----SH---- C:\WINDOWS\system32\ludoyuja.dll
2009-02-06 16:10:35 ----ASH---- C:\WINDOWS\system32\ocrxqh.dll
2009-02-05 20:24:09 ----SH---- C:\WINDOWS\system32\imudatig.ini
2009-02-05 20:23:29 ----SH---- C:\WINDOWS\system32\wuyedawa.dll
2009-02-05 20:23:07 ----ASH---- C:\WINDOWS\system32\oakczf.dll
2009-02-04 15:39:08 ----SH---- C:\WINDOWS\system32\ifajuyef.ini
2009-02-03 17:51:57 ----SH---- C:\WINDOWS\system32\odeyazeb.ini
2009-02-03 17:50:29 ----ASH---- C:\WINDOWS\system32\tzoapv.dll
2009-02-02 16:39:29 ----SH---- C:\WINDOWS\system32\avedimak.ini
2009-02-02 16:39:22 ----ASH---- C:\WINDOWS\system32\sincra.dll
2009-02-02 15:39:09 ----ASH---- C:\WINDOWS\system32\oenjzu.dll
2009-02-01 16:16:51 ----SH---- C:\WINDOWS\system32\akefatok.ini
2009-02-01 16:14:19 ----ASH---- C:\WINDOWS\system32\ekqbna.dll
2009-01-31 17:50:12 ----SH---- C:\WINDOWS\system32\upizumot.ini
2009-01-31 17:47:45 ----ASH---- C:\WINDOWS\system32\qbhfll.dll
2009-01-31 14:27:38 ----SH---- C:\WINDOWS\system32\ifodujuf.ini
2009-01-31 14:24:47 ----ASH---- C:\WINDOWS\system32\bdqngg.dll
2009-01-29 19:06:38 ----SH---- C:\WINDOWS\system32\juhiruma.dll
2009-01-29 19:04:11 ----SH---- C:\WINDOWS\system32\uwedokos.ini
2009-01-29 19:04:09 ----ASH---- C:\WINDOWS\system32\lmqndu.dll
2009-01-28 19:00:35 ----SH---- C:\WINDOWS\system32\aneditiy.ini
2009-01-28 19:00:30 ----ASH---- C:\WINDOWS\system32\iqhiyk.dll
2009-01-25 16:45:44 ----SH---- C:\WINDOWS\system32\ukajebor.ini
2009-01-25 16:45:25 ----A---- C:\WINDOWS\system32\MDAETA.DLL.del
2009-01-24 18:27:53 ----SH---- C:\WINDOWS\system32\adisidog.ini
2009-01-24 18:07:18 ----ASH---- C:\WINDOWS\system32\bhndim.dll
2009-01-23 15:30:11 ----SH---- C:\WINDOWS\system32\alowotak.ini
2009-01-23 15:29:57 ----ASH---- C:\WINDOWS\system32\jpmbkv.dll
2009-01-22 15:35:52 ----SH---- C:\WINDOWS\system32\eripijid.ini
2009-01-22 15:32:39 ----ASH---- C:\WINDOWS\system32\lzcinc.dll
2009-01-21 15:32:48 ----SH---- C:\WINDOWS\system32\ofazizer.ini
2009-01-21 15:32:23 ----ASH---- C:\WINDOWS\system32\jaxgon.dll
2009-01-20 19:07:51 ----SH---- C:\WINDOWS\system32\umogevog.ini
2009-01-20 19:07:35 ----ASH---- C:\WINDOWS\system32\qbvbju.dll
2009-01-19 12:00:38 ----ASH---- C:\WINDOWS\system32\lqrzsh.dll
2009-01-19 12:00:35 ----SH---- C:\WINDOWS\system32\ogohofon.ini
2009-01-19 11:47:21 ----A---- C:\WINDOWS\Partizan.txt
2009-01-18 22:11:50 ----D---- C:\Program Files\Common Files\Real
2009-01-18 22:10:54 ----D---- C:\Documents and Settings\shalisa\Application Data\Real
2009-01-18 22:09:21 ----D---- C:\Program Files\V CAST Music with Rhapsody
2009-01-18 19:56:45 ----D---- C:\Documents and Settings\shalisa\Application Data\Help
2009-01-18 19:37:08 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem #2.txt
2009-01-18 19:13:27 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem.txt
2009-01-18 18:45:09 ----D---- C:\Program Files\LG Electronics
2009-01-18 09:55:26 ----SH---- C:\WINDOWS\system32\avevubuf.ini
2009-01-18 09:53:11 ----A---- C:\WINDOWS\system32\UMTOKF.DLL.del
2009-01-17 08:59:11 ----SH---- C:\WINDOWS\system32\etikahen.ini
2009-01-17 08:54:14 ----ASH---- C:\WINDOWS\system32\jekrxm.dll
2009-01-16 12:52:25 ----SH---- C:\WINDOWS\system32\iziwayow.ini
2009-01-16 12:52:21 ----ASH---- C:\WINDOWS\system32\odmkfh.dll
2009-01-16 11:52:20 ----SH---- C:\WINDOWS\system32\abehipik.ini
2009-01-15 14:02:01 ----A---- C:\WINDOWS\system32\TKYLGR.DLL.del
2009-01-15 14:01:56 ----SH---- C:\WINDOWS\system32\ojihemuv.ini
======List of files/folders modified in the last 1 months======
2009-02-13 20:43:15 ----D---- C:\WINDOWS\Prefetch
2009-02-13 19:02:25 ----D---- C:\WINDOWS\Temp
2009-02-13 18:28:52 ----D---- C:\Program Files\Mozilla Firefox
2009-02-13 18:15:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-13 18:13:13 ----D---- C:\WINDOWS\system32
2009-02-13 18:12:55 ----D---- C:\WINDOWS
2009-02-13 18:11:20 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-02-12 16:46:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-12 16:07:19 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-07 17:06:13 ----SHD---- C:\WINDOWS\Installer
2009-02-07 17:04:44 ----D---- C:\WINDOWS\system32\drivers
2009-02-07 17:04:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-07 17:04:29 ----RD---- C:\Program Files
2009-02-07 17:04:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-07 17:01:20 ----A---- C:\WINDOWS\wininit.ini
2009-02-07 16:19:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-07 16:04:24 ----A---- C:\WINDOWS\system32\rijilutu.dll
2009-02-07 16:04:21 ----N---- C:\WINDOWS\system32\nohisoye.dll_old
2009-02-06 16:09:55 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2009-02-05 20:25:24 ----D---- C:\Program Files\Google
2009-01-25 16:58:25 ----D---- C:\WINDOWS\WinSxS
2009-01-25 16:58:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-18 22:27:38 ----HD---- C:\WINDOWS\inf
2009-01-18 22:23:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-18 22:23:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-18 22:11:50 ----D---- C:\Program Files\Common Files
2009-01-18 19:56:45 ----D---- C:\~QTWTMP.TMP
2009-01-14 16:26:19 ----D---- C:\Documents and Settings\shalisa\Application Data\Vso
2009-01-14 16:26:17 ----A---- C:\Documents and Settings\shalisa\Application Data\inst.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-10 47360]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2006-03-30 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2006-03-30 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2006-03-30 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2006-03-30 73696]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-05-25 9154560]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
gblgbl38
2009-02-14, 06:05
Hello Katana,
I have ran RIST.exe and attached is the content of the log.txt. I will have to make another post for the info.txt because it wouldn't all fit in this post!
Logfile of random's system information tool 1.05 (written by random/random)
Run by shalisa at 2009-02-13 20:43:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 94 MB (0%) free of 54 GB
Total RAM: 1022 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:16 PM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\shalisa\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\shalisa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {855cd5a3-99bd-4c0a-9e1e-5845c5e99c91} - C:\WINDOWS\system32\hulifeki.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: {caeb48a1-c18b-dd89-d694-dc1770b954ff} - {ff459b07-71cd-496d-98dd-b81c1a84beac} - C:\WINDOWS\system32\lmqndu.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s
O4 - HKLM\..\Run: [CPM33c3cd2b] Rundll32.exe "c:\windows\system32\huwiyuke.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZSzim055YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://shalisamarie03.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB3718FA-D1F4-4698-80C2-BEAD94ABC046}: NameServer = 208.186.134.101,208.186.134.102
O20 - AppInit_DLLs: tkylgr.dll C:\WINDOWS\system32\dobafigi.dll c:\windows\system32\zomisula.dll c:\windows\system32\lidanufu.dll umtokf.dll C:\WINDOWS\system32\yohilite.dll mdaeta.dll c:\windows\system32\venijija.dll iqhiyk.dll C:\WINDOWS\system32\veyevida.dll c:\windows\system32\gumapoke.dll c:\windows\system32\huwiyuke.dll c:\windows\system32\hedukage.dll c:\windows\system32\seyayewi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwiyuke.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwiyuke.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 11875 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1163907846.job
C:\WINDOWS\tasks\rdazhhss.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{855cd5a3-99bd-4c0a-9e1e-5845c5e99c91}]
C:\WINDOWS\system32\hulifeki.dll [65535-65535-31889 64170]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-05 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-05 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-05 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff459b07-71cd-496d-98dd-b81c1a84beac}]
C:\WINDOWS\system32\lmqndu.dll [2009-01-29 135272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-05 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"mojanuyogo"=C:\WINDOWS\system32\tinonere.dll [65535-65535-31889 64170]
"CPM33c3cd2b"=c:\windows\system32\peroruvo.dll [2009-02-04 107647]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-12 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\11301208366269784378834874340649]
C:\Program Files\Antivirus 2009\av2009.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="tkylgr.dll C:\WINDOWS\system32\dobafigi.dll c:\windows\system32\zomisula.dll c:\windows\system32\lidanufu.dll umtokf.dll C:\WINDOWS\system32\yohilite.dll mdaeta.dll c:\windows\system32\venijija.dll iqhiyk.dll C:\WINDOWS\system32\veyevida.dll c:\windows\system32\gumapoke.dll c:\windows\system32\huwiyuke.dll c:\windows\system32\hedukage.dll c:\windows\system32\seyayewi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwiyuke.dll [2009-02-11 108845]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvUOHwW
"notification packages"=scecli
C:\WINDOWS\system32\roloropo.dll
C:\WINDOWS\system32\rarunuku.dll
C:\WINDOWS\system32\renazuvi.dll
C:\WINDOWS\system32\dobafigi.dll
C:\WINDOWS\system32\yohilite.dll
C:\WINDOWS\system32\veyevida.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"="C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe:*:Enabled:symlcsvc"
"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe:*:Enabled:ccEvtMgr"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\HPZipm12.exe"="C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Norton Ghost\Agent\VProSvc.exe"="C:\Program Files\Norton Ghost\Agent\VProSvc.exe:*:Enabled:VProSvc"
"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe"="C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe:*:Enabled:sqlservr"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Dell Support Center\bin\sprtsvc.exe"="C:\Program Files\Dell Support Center\bin\sprtsvc.exe:*:Enabled:sprtsvc"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy"
"C:\WINDOWS\system32\dwwin.exe"="C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin"
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe"="C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb7ed184-e5c9-11dd-b7c8-001676a9a773}]
shell\AutoRun\command - F:\USBAutoRun.exe
======List of files/folders created in the last 1 months======
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\sefewana.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\kipiheba.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\jukohani.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\hajutuki.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\gumapoke.dll_old
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\yujitana.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\lululune.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\bawayeka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ziyewila.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zitotela.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zimuworo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zigomobo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zidoyowi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zehigipu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zefumiwu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zebelivu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zafufovi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yosohede.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yosineku.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yojonaso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yitidena.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yesukeje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yemiruje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yaruvofo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yapakati.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\woyawizi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wepejapu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wavoyolu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vumehijo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vosukidu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vomuganu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\veyevida.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vepineto.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tumigike.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tomuzipu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tiyupotu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tinonere.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tesifoti.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tanovivo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\takihiru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\suyetebo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sumonibe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\soziredo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\soyopuvo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sosilore.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sokodewu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\seyayewi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\semasema.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\seduvumo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\robejaku.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ribemago.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ribehige.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\remebeyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rawuyona.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rarunuku.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pulovuwi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\potibubi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\polekove.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pojavoru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pinafadi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pihuzura.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pidizowi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pewofesa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\peroruvo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nuvoyijo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\numisufe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nosadepu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nofohogo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nijopido.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nifisofo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nepivoyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nehakite.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mudagodu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mubohome.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mizuyoha.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mivalivo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\miliyepa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\melunule.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\matumiga.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lulakodu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lolanayo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lokudeti.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\logipefu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lilofati.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lekegafu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lebobofu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lapujide.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kozezupo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kotafeka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kipiheba.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kilatape.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kedisuzo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\katowola.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kamideva.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kakinahu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kafimehe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\junegehu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jokilake.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jisaleyu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jinuyeju.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jimekaju.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jepazeje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\huwiyuke.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hulifeki.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hezigotu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hedukage.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\halojoge.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hajakari.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\govegomu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gomopiwe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\godisida.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gekujoni.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gavulowe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fozehuka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fihatoye.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\feyujafi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\feviliru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fepabavi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fekidafa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fehamito.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fasapako.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\duweweba.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\domemaha.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dijipire.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\deyagehu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dawusere.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dakuzuso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bozuneyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bezayedo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bevukeyo.dll
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\ZOMISULA.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\YOHILITE.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\YESIGOJU.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\WOBEBUPI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\VENIJIJA.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\SAMISEDE.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\RENAZUVI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\NUVANIFI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\MALARUWO.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\LUTAYESI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\LIDANUFU.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\DOBAFIGI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\DEGUKIME.DLL.del
2009-02-13 20:43:12 ----D---- C:\rsit
2009-02-13 18:13:13 ----SH---- C:\WINDOWS\system32\osuzukad.ini
2009-02-13 18:11:34 ----ASH---- C:\WINDOWS\system32\mmnlyw.dll
2009-02-12 15:39:09 ----SH---- C:\WINDOWS\system32\obeteyus.ini
2009-02-12 15:32:32 ----SH---- C:\WINDOWS\system32\gokuteho.dll
2009-02-12 15:32:22 ----ASH---- C:\WINDOWS\system32\ehprqo.dll
2009-02-11 17:57:30 ----SH---- C:\WINDOWS\system32\udikusov.ini
2009-02-11 17:56:49 ----SH---- C:\WINDOWS\system32\boruviya.dll
2009-02-11 17:56:29 ----ASH---- C:\WINDOWS\system32\zyimod.dll
2009-02-10 15:44:50 ----SH---- C:\WINDOWS\system32\iyenuzob.ini
2009-02-10 15:43:43 ----ASH---- C:\WINDOWS\system32\efjmov.dll
2009-02-09 07:16:59 ----SH---- C:\WINDOWS\system32\romabotu.dll
2009-02-09 07:16:26 ----SH---- C:\WINDOWS\system32\ewipomog.ini
2009-02-09 07:16:20 ----ASH---- C:\WINDOWS\system32\cdogfk.dll
2009-02-08 19:19:52 ----SH---- C:\WINDOWS\system32\urukejet.ini
2009-02-08 19:16:11 ----ASH---- C:\WINDOWS\system32\bxmqhy.dll
2009-02-07 17:04:09 ----SHD---- C:\Config.Msi
2009-02-07 16:25:41 ----D---- C:\Documents and Settings\shalisa\Application Data\Malwarebytes
2009-02-07 16:25:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-07 16:25:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-07 16:23:20 ----D---- C:\Program Files\Trend Micro
2009-02-07 16:04:34 ----SH---- C:\WINDOWS\system32\eyosihon.ini
2009-02-07 16:04:25 ----A---- C:\WINDOWS\system32\enkvrn.dll
2009-02-06 16:12:25 ----SH---- C:\WINDOWS\system32\inahokuj.ini
2009-02-06 16:10:50 ----SH---- C:\WINDOWS\system32\ludoyuja.dll
2009-02-06 16:10:35 ----ASH---- C:\WINDOWS\system32\ocrxqh.dll
2009-02-05 20:24:09 ----SH---- C:\WINDOWS\system32\imudatig.ini
2009-02-05 20:23:29 ----SH---- C:\WINDOWS\system32\wuyedawa.dll
2009-02-05 20:23:07 ----ASH---- C:\WINDOWS\system32\oakczf.dll
2009-02-04 15:39:08 ----SH---- C:\WINDOWS\system32\ifajuyef.ini
2009-02-03 17:51:57 ----SH---- C:\WINDOWS\system32\odeyazeb.ini
2009-02-03 17:50:29 ----ASH---- C:\WINDOWS\system32\tzoapv.dll
2009-02-02 16:39:29 ----SH---- C:\WINDOWS\system32\avedimak.ini
2009-02-02 16:39:22 ----ASH---- C:\WINDOWS\system32\sincra.dll
2009-02-02 15:39:09 ----ASH---- C:\WINDOWS\system32\oenjzu.dll
2009-02-01 16:16:51 ----SH---- C:\WINDOWS\system32\akefatok.ini
2009-02-01 16:14:19 ----ASH---- C:\WINDOWS\system32\ekqbna.dll
2009-01-31 17:50:12 ----SH---- C:\WINDOWS\system32\upizumot.ini
2009-01-31 17:47:45 ----ASH---- C:\WINDOWS\system32\qbhfll.dll
2009-01-31 14:27:38 ----SH---- C:\WINDOWS\system32\ifodujuf.ini
2009-01-31 14:24:47 ----ASH---- C:\WINDOWS\system32\bdqngg.dll
2009-01-29 19:06:38 ----SH---- C:\WINDOWS\system32\juhiruma.dll
2009-01-29 19:04:11 ----SH---- C:\WINDOWS\system32\uwedokos.ini
2009-01-29 19:04:09 ----ASH---- C:\WINDOWS\system32\lmqndu.dll
2009-01-28 19:00:35 ----SH---- C:\WINDOWS\system32\aneditiy.ini
2009-01-28 19:00:30 ----ASH---- C:\WINDOWS\system32\iqhiyk.dll
2009-01-25 16:45:44 ----SH---- C:\WINDOWS\system32\ukajebor.ini
2009-01-25 16:45:25 ----A---- C:\WINDOWS\system32\MDAETA.DLL.del
2009-01-24 18:27:53 ----SH---- C:\WINDOWS\system32\adisidog.ini
2009-01-24 18:07:18 ----ASH---- C:\WINDOWS\system32\bhndim.dll
2009-01-23 15:30:11 ----SH---- C:\WINDOWS\system32\alowotak.ini
2009-01-23 15:29:57 ----ASH---- C:\WINDOWS\system32\jpmbkv.dll
2009-01-22 15:35:52 ----SH---- C:\WINDOWS\system32\eripijid.ini
2009-01-22 15:32:39 ----ASH---- C:\WINDOWS\system32\lzcinc.dll
2009-01-21 15:32:48 ----SH---- C:\WINDOWS\system32\ofazizer.ini
2009-01-21 15:32:23 ----ASH---- C:\WINDOWS\system32\jaxgon.dll
2009-01-20 19:07:51 ----SH---- C:\WINDOWS\system32\umogevog.ini
2009-01-20 19:07:35 ----ASH---- C:\WINDOWS\system32\qbvbju.dll
2009-01-19 12:00:38 ----ASH---- C:\WINDOWS\system32\lqrzsh.dll
2009-01-19 12:00:35 ----SH---- C:\WINDOWS\system32\ogohofon.ini
2009-01-19 11:47:21 ----A---- C:\WINDOWS\Partizan.txt
2009-01-18 22:11:50 ----D---- C:\Program Files\Common Files\Real
2009-01-18 22:10:54 ----D---- C:\Documents and Settings\shalisa\Application Data\Real
2009-01-18 22:09:21 ----D---- C:\Program Files\V CAST Music with Rhapsody
2009-01-18 19:56:45 ----D---- C:\Documents and Settings\shalisa\Application Data\Help
2009-01-18 19:37:08 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem #2.txt
2009-01-18 19:13:27 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem.txt
2009-01-18 18:45:09 ----D---- C:\Program Files\LG Electronics
2009-01-18 09:55:26 ----SH---- C:\WINDOWS\system32\avevubuf.ini
2009-01-18 09:53:11 ----A---- C:\WINDOWS\system32\UMTOKF.DLL.del
2009-01-17 08:59:11 ----SH---- C:\WINDOWS\system32\etikahen.ini
2009-01-17 08:54:14 ----ASH---- C:\WINDOWS\system32\jekrxm.dll
2009-01-16 12:52:25 ----SH---- C:\WINDOWS\system32\iziwayow.ini
2009-01-16 12:52:21 ----ASH---- C:\WINDOWS\system32\odmkfh.dll
2009-01-16 11:52:20 ----SH---- C:\WINDOWS\system32\abehipik.ini
2009-01-15 14:02:01 ----A---- C:\WINDOWS\system32\TKYLGR.DLL.del
2009-01-15 14:01:56 ----SH---- C:\WINDOWS\system32\ojihemuv.ini
======List of files/folders modified in the last 1 months======
2009-02-13 20:43:15 ----D---- C:\WINDOWS\Prefetch
2009-02-13 19:02:25 ----D---- C:\WINDOWS\Temp
2009-02-13 18:28:52 ----D---- C:\Program Files\Mozilla Firefox
2009-02-13 18:15:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-13 18:13:13 ----D---- C:\WINDOWS\system32
2009-02-13 18:12:55 ----D---- C:\WINDOWS
2009-02-13 18:11:20 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-02-12 16:46:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-12 16:07:19 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-07 17:06:13 ----SHD---- C:\WINDOWS\Installer
2009-02-07 17:04:44 ----D---- C:\WINDOWS\system32\drivers
2009-02-07 17:04:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-07 17:04:29 ----RD---- C:\Program Files
2009-02-07 17:04:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-07 17:01:20 ----A---- C:\WINDOWS\wininit.ini
2009-02-07 16:19:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-07 16:04:24 ----A---- C:\WINDOWS\system32\rijilutu.dll
2009-02-07 16:04:21 ----N---- C:\WINDOWS\system32\nohisoye.dll_old
2009-02-06 16:09:55 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2009-02-05 20:25:24 ----D---- C:\Program Files\Google
2009-01-25 16:58:25 ----D---- C:\WINDOWS\WinSxS
2009-01-25 16:58:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-18 22:27:38 ----HD---- C:\WINDOWS\inf
2009-01-18 22:23:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-18 22:23:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-18 22:11:50 ----D---- C:\Program Files\Common Files
2009-01-18 19:56:45 ----D---- C:\~QTWTMP.TMP
2009-01-14 16:26:19 ----D---- C:\Documents and Settings\shalisa\Application Data\Vso
2009-01-14 16:26:17 ----A---- C:\Documents and Settings\shalisa\Application Data\inst.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-10 47360]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2006-03-30 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2006-03-30 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2006-03-30 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2006-03-30 73696]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-05-25 9154560]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
gblgbl38
2009-02-14, 06:13
Katana,
Sorry my computer posted the Log.txt twice! attatched to this post is the info.txt.
info.txt logfile of random's system information tool 1.05 2009-02-13 20:44:46
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Commentaries and Insights on the Book of Mormon-Vol I-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A101D283-2F5E-44AD-8862-C95132AC4117}\setup.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1100 series-->MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Mavis Beacon Teaches Typing 11-->C:\PROGRA~1\BRODER~1\MAVISB~1\UNINST.EXE
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Zoo Tycoon-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RegCure 1.3.0.2-->C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Roll-->C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Samsung USB Driver (MCCI 4.34) WHQL v3.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FAD03728-DA19-4313-959F-872A9C432A86}
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Study Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99A68791-DD46-4B77-B6C8-916558D9717D}\setup.exe" "/maint"
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Family Safety-->MsiExec.exe /X{DC509FE5-1445-46C9-827C-6120429CB942}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
System event log
Computer Name: ARCTIC
Event Code: 7036
Message: The Office Source Engine service entered the stopped state.
Record Number: 86681
Source Name: Service Control Manager
Time Written: 20090118201557.000000-420
Event Type: information
User:
Computer Name: ARCTIC
Event Code: 7036
Message: The Windows Installer service entered the stopped state.
Record Number: 86680
Source Name: Service Control Manager
Time Written: 20090118200402.000000-420
Event Type: information
User:
Computer Name: ARCTIC
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 86679
Source Name: Service Control Manager
Time Written: 20090118195412.000000-420
Event Type: error
User:
Computer Name: ARCTIC
Event Code: 7036
Message: The Application Management service entered the stopped state.
Record Number: 86678
Source Name: Service Control Manager
Time Written: 20090118195412.000000-420
Event Type: information
User:
Computer Name: ARCTIC
Event Code: 7035
Message: The Application Management service was successfully sent a start control.
Record Number: 86677
Source Name: Service Control Manager
Time Written: 20090118195412.000000-420
Event Type: information
User: ARCTIC\shalisa
Application event log
Computer Name: ARCTIC
Event Code: 26
Message:
Record Number: 21616
Source Name: ccSetMgr
Time Written: 20081124181350.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: ARCTIC
Event Code: 1002
Message: Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 21615
Source Name: Application Hang
Time Written: 20081123140922.000000-420
Event Type: error
User:
Computer Name: ARCTIC
Event Code: 302
Message: msnmsgr (3560) \\.\C:\Documents and Settings\braydon\Local Settings\Application Data\Microsoft\Messenger\braydonberatto@hotmail.com\SharingMetadata\Working\database_1C30_F11C_30F0_FE18\dfsr.db: The database engine has successfully completed recovery steps.
Record Number: 21614
Source Name: ESENT
Time Written: 20081123140825.000000-420
Event Type: information
User:
Computer Name: ARCTIC
Event Code: 301
Message: msnmsgr (3560) \\.\C:\Documents and Settings\braydon\Local Settings\Application Data\Microsoft\Messenger\braydonberatto@hotmail.com\SharingMetadata\Working\database_1C30_F11C_30F0_FE18\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\braydon\Local Settings\Application Data\Microsoft\Messenger\braydonberatto@hotmail.com\SharingMetadata\Working\database_1C30_F11C_30F0_FE18\fsr.log.
Record Number: 21613
Source Name: ESENT
Time Written: 20081123140815.000000-420
Event Type: information
User:
Computer Name: ARCTIC
Event Code: 301
Message: msnmsgr (3560) \\.\C:\Documents and Settings\braydon\Local Settings\Application Data\Microsoft\Messenger\braydonberatto@hotmail.com\SharingMetadata\Working\database_1C30_F11C_30F0_FE18\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\braydon\Local Settings\Application Data\Microsoft\Messenger\braydonberatto@hotmail.com\SharingMetadata\Working\database_1C30_F11C_30F0_FE18\fsr0004A.log.
Record Number: 21612
Source Name: ESENT
Time Written: 20081123140811.000000-420
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
FrostWire
Morpheus
LimeWire
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
Post back a new RSIT, so we can continue cleaning your pc.
gblgbl38
2009-02-16, 20:30
Katana,
Only LimeWire was in the Add/Remove Programs list, but I deleted the folders for both the Morpheus and FrostWire programs from the Program Files folder. There are probably still remnants of the programs in the registry and elsewhere, so let me know if there are other ways to remove the remnants.
I've run and have posted the RSIT log here:
Logfile of random's system information tool 1.05 (written by random/random)
Run by shalisa at 2009-02-16 11:19:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (4%) free of 54 GB
Total RAM: 1022 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:14 AM, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\shalisa\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\shalisa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {855cd5a3-99bd-4c0a-9e1e-5845c5e99c91} - C:\WINDOWS\system32\hulifeki.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: {caeb48a1-c18b-dd89-d694-dc1770b954ff} - {ff459b07-71cd-496d-98dd-b81c1a84beac} - C:\WINDOWS\system32\lmqndu.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s
O4 - HKLM\..\Run: [CPM33c3cd2b] Rundll32.exe "c:\windows\system32\seyayewi.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mojanuyogo] Rundll32.exe "C:\WINDOWS\system32\tinonere.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZSzim055YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://shalisamarie03.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB3718FA-D1F4-4698-80C2-BEAD94ABC046}: NameServer = 208.186.134.101,208.186.134.102
O20 - AppInit_DLLs: tkylgr.dll C:\WINDOWS\system32\dobafigi.dll c:\windows\system32\zomisula.dll c:\windows\system32\lidanufu.dll umtokf.dll C:\WINDOWS\system32\yohilite.dll mdaeta.dll c:\windows\system32\venijija.dll iqhiyk.dll C:\WINDOWS\system32\veyevida.dll c:\windows\system32\gumapoke.dll c:\windows\system32\huwiyuke.dll c:\windows\system32\hedukage.dll c:\windows\system32\seyayewi.dll c:\windows\system32\neganosu.dll c:\windows\system32\farewoka.dll c:\windows\system32\jegohami.dll c:\windows\system32\peroruvo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\peroruvo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 11454 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1163907846.job
C:\WINDOWS\tasks\rdazhhss.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{855cd5a3-99bd-4c0a-9e1e-5845c5e99c91}]
C:\WINDOWS\system32\hulifeki.dll [65535-65535-31889 64170]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-05 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-05 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-05 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff459b07-71cd-496d-98dd-b81c1a84beac}]
C:\WINDOWS\system32\lmqndu.dll [2009-01-29 135272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-05 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"mojanuyogo"=C:\WINDOWS\system32\tinonere.dll [65535-65535-31889 64170]
"CPM33c3cd2b"=c:\windows\system32\neganosu.dll [2009-02-14 109637]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-12 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\11301208366269784378834874340649]
C:\Program Files\Antivirus 2009\av2009.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="tkylgr.dll C:\WINDOWS\system32\dobafigi.dll c:\windows\system32\zomisula.dll c:\windows\system32\lidanufu.dll umtokf.dll C:\WINDOWS\system32\yohilite.dll mdaeta.dll c:\windows\system32\venijija.dll iqhiyk.dll C:\WINDOWS\system32\veyevida.dll c:\windows\system32\gumapoke.dll c:\windows\system32\huwiyuke.dll c:\windows\system32\hedukage.dll c:\windows\system32\seyayewi.dll c:\windows\system32\neganosu.dll c:\windows\system32\farewoka.dll c:\windows\system32\jegohami.dll c:\windows\system32\peroruvo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\neganosu.dll [2009-02-14 109637]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\neganosu.dll [2009-02-14 109637]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvUOHwW
"notification packages"=scecli
C:\WINDOWS\system32\roloropo.dll
C:\WINDOWS\system32\rarunuku.dll
C:\WINDOWS\system32\renazuvi.dll
C:\WINDOWS\system32\dobafigi.dll
C:\WINDOWS\system32\yohilite.dll
C:\WINDOWS\system32\veyevida.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"="C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe:*:Enabled:symlcsvc"
"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe:*:Enabled:ccEvtMgr"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\HPZipm12.exe"="C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Norton Ghost\Agent\VProSvc.exe"="C:\Program Files\Norton Ghost\Agent\VProSvc.exe:*:Enabled:VProSvc"
"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe"="C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe:*:Enabled:sqlservr"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Dell Support Center\bin\sprtsvc.exe"="C:\Program Files\Dell Support Center\bin\sprtsvc.exe:*:Enabled:sprtsvc"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy"
"C:\WINDOWS\system32\dwwin.exe"="C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin"
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe"="C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb7ed184-e5c9-11dd-b7c8-001676a9a773}]
shell\AutoRun\command - F:\USBAutoRun.exe
======List of files/folders created in the last 1 months======
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\sefewana.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\kipiheba.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\jukohani.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\hajutuki.dll
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\gumapoke.dll_old
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\yujitana.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\lululune.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\bawayeka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ziyewila.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zitotela.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zimuworo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zigomobo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zidoyowi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zehigipu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zefumiwu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zebelivu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zebeduwi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zafufovi.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yosohede.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yosineku.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yojonaso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yitidena.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yesukeje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yemiruje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yaruvofo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yapakati.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\woyawizi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wepejapu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wepanibe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wavoyolu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vumehijo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vosukidu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vomuganu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\veyevida.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vepineto.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tumigike.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tomuzipu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tiyupotu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tinonere.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tesifoti.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tanovivo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\takihiru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\suyetebo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sumonibe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\soziredo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\soyopuvo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sosilore.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sokodewu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\seyinese.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\seyayewi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\semasema.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\seduvumo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\robejaku.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ribemago.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\ribehige.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\remebeyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rawuyona.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rarunuku.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pulovuwi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\potibubi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\polekove.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pojavoru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pinafadi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pihuzura.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pidizowi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pewofesa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\peroruvo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nuvoyijo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\numisufe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nosadepu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nofohogo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nijopido.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nifisofo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nepivoyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nehakite.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\neganosu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mudagodu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mubohome.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mizuyoha.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mivalivo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\miliyepa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\melunule.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\matumiga.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lulakodu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lugatepo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lolanayo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lokudeti.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\logipefu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lilofati.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lekegafu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\legaweme.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lebobofu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lapujide.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kozezupo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kotafeka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kipiheba.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kilatape.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kedisuzo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\katowola.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kamideva.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kakinahu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kafimehe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\junegehu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jokilake.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jofalasa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jisaleyu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jinuyeju.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jimekaju.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jepazeje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jegohami.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\huwiyuke.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hulifeki.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hezigotu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hedukage.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\halojoge.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hajakari.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\govegomu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gomopiwe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\godisida.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gekujoni.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gavulowe.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fozehuka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fihatoye.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\feyujafi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\feviliru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fepabavi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fekidafa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fehamito.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fasapako.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\farewoka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\duweweba.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\domemaha.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dijipire.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\deyagehu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dawusere.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dakuzuso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bozuneyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bezayedo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bevukeyo.dll
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\ZOMISULA.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\YOHILITE.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\YESIGOJU.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\WOBEBUPI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\VENIJIJA.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\SAMISEDE.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\RENAZUVI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\NUVANIFI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\MALARUWO.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\LUTAYESI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\LIDANUFU.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\DOBAFIGI.DLL.del
65535-65535-31889 379:31889:443 ----A---- C:\WINDOWS\system32\DEGUKIME.DLL.del
2009-02-16 09:40:42 ----SH---- C:\WINDOWS\system32\opetagul.ini
2009-02-16 09:38:31 ----ASH---- C:\WINDOWS\system32\mdccgv.dll
2009-02-15 09:10:49 ----SH---- C:\WINDOWS\system32\ebinapew.ini
2009-02-15 09:08:42 ----SH---- C:\WINDOWS\system32\bakefuni.dll
2009-02-15 09:08:28 ----ASH---- C:\WINDOWS\system32\wonwpx.dll
2009-02-14 10:17:47 ----SH---- C:\WINDOWS\system32\emewagel.ini
2009-02-14 10:12:59 ----ASH---- C:\WINDOWS\system32\hwrlbf.dll
2009-02-13 20:43:12 ----D---- C:\rsit
2009-02-13 18:13:13 ----SH---- C:\WINDOWS\system32\osuzukad.ini
2009-02-13 18:11:34 ----ASH---- C:\WINDOWS\system32\mmnlyw.dll
2009-02-12 15:39:09 ----SH---- C:\WINDOWS\system32\obeteyus.ini
2009-02-12 15:32:32 ----SH---- C:\WINDOWS\system32\gokuteho.dll
2009-02-12 15:32:22 ----ASH---- C:\WINDOWS\system32\ehprqo.dll
2009-02-11 17:57:30 ----SH---- C:\WINDOWS\system32\udikusov.ini
2009-02-11 17:56:49 ----SH---- C:\WINDOWS\system32\boruviya.dll
2009-02-11 17:56:29 ----ASH---- C:\WINDOWS\system32\zyimod.dll
2009-02-10 15:44:50 ----SH---- C:\WINDOWS\system32\iyenuzob.ini
2009-02-10 15:43:43 ----ASH---- C:\WINDOWS\system32\efjmov.dll
2009-02-09 07:16:59 ----SH---- C:\WINDOWS\system32\romabotu.dll
2009-02-09 07:16:26 ----SH---- C:\WINDOWS\system32\ewipomog.ini
2009-02-09 07:16:20 ----ASH---- C:\WINDOWS\system32\cdogfk.dll
2009-02-08 19:19:52 ----SH---- C:\WINDOWS\system32\urukejet.ini
2009-02-08 19:16:11 ----ASH---- C:\WINDOWS\system32\bxmqhy.dll
2009-02-07 17:04:09 ----SHD---- C:\Config.Msi
2009-02-07 16:25:41 ----D---- C:\Documents and Settings\shalisa\Application Data\Malwarebytes
2009-02-07 16:25:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-07 16:25:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-07 16:23:20 ----D---- C:\Program Files\Trend Micro
2009-02-07 16:04:34 ----SH---- C:\WINDOWS\system32\eyosihon.ini
2009-02-07 16:04:25 ----A---- C:\WINDOWS\system32\enkvrn.dll
2009-02-06 16:12:25 ----SH---- C:\WINDOWS\system32\inahokuj.ini
2009-02-06 16:10:50 ----SH---- C:\WINDOWS\system32\ludoyuja.dll
2009-02-06 16:10:35 ----ASH---- C:\WINDOWS\system32\ocrxqh.dll
2009-02-05 20:24:09 ----SH---- C:\WINDOWS\system32\imudatig.ini
2009-02-05 20:23:29 ----SH---- C:\WINDOWS\system32\wuyedawa.dll
2009-02-05 20:23:07 ----ASH---- C:\WINDOWS\system32\oakczf.dll
2009-02-04 15:39:08 ----SH---- C:\WINDOWS\system32\ifajuyef.ini
2009-02-03 17:51:57 ----SH---- C:\WINDOWS\system32\odeyazeb.ini
2009-02-03 17:50:29 ----ASH---- C:\WINDOWS\system32\tzoapv.dll
2009-02-02 16:39:29 ----SH---- C:\WINDOWS\system32\avedimak.ini
2009-02-02 16:39:22 ----ASH---- C:\WINDOWS\system32\sincra.dll
2009-02-02 15:39:09 ----ASH---- C:\WINDOWS\system32\oenjzu.dll
2009-02-01 16:16:51 ----SH---- C:\WINDOWS\system32\akefatok.ini
2009-02-01 16:14:19 ----ASH---- C:\WINDOWS\system32\ekqbna.dll
2009-01-31 17:50:12 ----SH---- C:\WINDOWS\system32\upizumot.ini
2009-01-31 17:47:45 ----ASH---- C:\WINDOWS\system32\qbhfll.dll
2009-01-31 14:27:38 ----SH---- C:\WINDOWS\system32\ifodujuf.ini
2009-01-31 14:24:47 ----ASH---- C:\WINDOWS\system32\bdqngg.dll
2009-01-29 19:06:38 ----SH---- C:\WINDOWS\system32\juhiruma.dll
2009-01-29 19:04:11 ----SH---- C:\WINDOWS\system32\uwedokos.ini
2009-01-29 19:04:09 ----ASH---- C:\WINDOWS\system32\lmqndu.dll
2009-01-28 19:00:35 ----SH---- C:\WINDOWS\system32\aneditiy.ini
2009-01-28 19:00:30 ----ASH---- C:\WINDOWS\system32\iqhiyk.dll
2009-01-25 16:45:44 ----SH---- C:\WINDOWS\system32\ukajebor.ini
2009-01-25 16:45:25 ----A---- C:\WINDOWS\system32\MDAETA.DLL.del
2009-01-24 18:27:53 ----SH---- C:\WINDOWS\system32\adisidog.ini
2009-01-24 18:07:18 ----ASH---- C:\WINDOWS\system32\bhndim.dll
2009-01-23 15:30:11 ----SH---- C:\WINDOWS\system32\alowotak.ini
2009-01-23 15:29:57 ----ASH---- C:\WINDOWS\system32\jpmbkv.dll
2009-01-22 15:35:52 ----SH---- C:\WINDOWS\system32\eripijid.ini
2009-01-22 15:32:39 ----ASH---- C:\WINDOWS\system32\lzcinc.dll
2009-01-21 15:32:48 ----SH---- C:\WINDOWS\system32\ofazizer.ini
2009-01-21 15:32:23 ----ASH---- C:\WINDOWS\system32\jaxgon.dll
2009-01-20 19:07:51 ----SH---- C:\WINDOWS\system32\umogevog.ini
2009-01-20 19:07:35 ----ASH---- C:\WINDOWS\system32\qbvbju.dll
2009-01-19 12:00:38 ----ASH---- C:\WINDOWS\system32\lqrzsh.dll
2009-01-19 12:00:35 ----SH---- C:\WINDOWS\system32\ogohofon.ini
2009-01-19 11:47:21 ----A---- C:\WINDOWS\Partizan.txt
2009-01-18 22:11:50 ----D---- C:\Program Files\Common Files\Real
2009-01-18 22:10:54 ----D---- C:\Documents and Settings\shalisa\Application Data\Real
2009-01-18 22:09:21 ----D---- C:\Program Files\V CAST Music with Rhapsody
2009-01-18 19:56:45 ----D---- C:\Documents and Settings\shalisa\Application Data\Help
2009-01-18 19:37:08 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem #2.txt
2009-01-18 19:13:27 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem.txt
2009-01-18 18:45:09 ----D---- C:\Program Files\LG Electronics
2009-01-18 09:55:26 ----SH---- C:\WINDOWS\system32\avevubuf.ini
2009-01-18 09:53:11 ----A---- C:\WINDOWS\system32\UMTOKF.DLL.del
2009-01-17 08:59:11 ----SH---- C:\WINDOWS\system32\etikahen.ini
2009-01-17 08:54:14 ----ASH---- C:\WINDOWS\system32\jekrxm.dll
======List of files/folders modified in the last 1 months======
2009-02-16 11:00:11 ----D---- C:\WINDOWS\Temp
2009-02-16 10:59:30 ----D---- C:\Program Files\Mozilla Firefox
2009-02-16 10:55:00 ----RD---- C:\Program Files
2009-02-16 10:45:09 ----D---- C:\Program Files\LimeWire
2009-02-16 10:29:32 ----D---- C:\WINDOWS
2009-02-16 09:43:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-16 09:40:42 ----D---- C:\WINDOWS\system32
2009-02-16 09:38:24 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-02-15 20:41:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-15 09:10:43 ----D---- C:\WINDOWS\Prefetch
2009-02-12 16:07:19 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-07 17:06:13 ----SHD---- C:\WINDOWS\Installer
2009-02-07 17:04:44 ----D---- C:\WINDOWS\system32\drivers
2009-02-07 17:04:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-07 17:04:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-07 17:01:20 ----A---- C:\WINDOWS\wininit.ini
2009-02-07 16:19:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-07 16:04:24 ----A---- C:\WINDOWS\system32\rijilutu.dll
2009-02-07 16:04:21 ----N---- C:\WINDOWS\system32\nohisoye.dll_old
2009-02-06 16:09:55 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2009-02-05 20:25:24 ----D---- C:\Program Files\Google
2009-01-25 16:58:25 ----D---- C:\WINDOWS\WinSxS
2009-01-25 16:58:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-18 22:27:38 ----HD---- C:\WINDOWS\inf
2009-01-18 22:23:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-18 22:23:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-18 22:11:50 ----D---- C:\Program Files\Common Files
2009-01-18 19:56:45 ----D---- C:\~QTWTMP.TMP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-10 47360]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2006-03-30 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2006-03-30 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2006-03-30 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2006-03-30 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-05-25 9154560]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Information
so let me know if there are other ways to remove the remnants.
Don't worry, I'll remove them for you :)
Registry Cleaners
Re. RegCure 1.3.0.2
I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.
http://forums.whatthetech.com/Regcleaner_t42862.html
----------------------------------------------------------- -----------------------------------------------------------
Step 1
Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
----------------------------------------------------------- -----------------------------------------------------------
Step 2
Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following
Start MalwareBytes AntiMalware
Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update
When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------- -----------------------------------------------------------
Step 4
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
MalwareBytes Log
Combofix Log
How are things running now ?
----------------------------------------------------------- -----------------------------------------------------------
Additional Notes
Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java and Adobe components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u12 from http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The Java Runtime Environment (JRE) 6 update 12 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Update Adobe Acrobat Reader
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Cllick Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.
Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
Adobe Acrobat 4.0 << Unless you desperately need this, I recommend you remove it.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2
J2SE Runtime Environment 5.0 Update 6
Now close the Control Panel.
Reboot your machine.
gblgbl38, this topic has been closed due to inactivity.
As it has been five days or more since your last post, and your helper posted a response to which you did not reply, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.
Applies only to the original poster, anyone else with similar problems please start a new topic.
Thank you katana.