PDA

View Full Version : AHHHHH......i need help!!



blackdra
2009-12-19, 13:36
ok i have been racking my brain over this and i cant seem to fix it and when i think i have it fixed 2 or 3 days later it comes right back. so let me start out with this:
running : windows xp
programs: clamwin, spybot, hjt
firewall: standers windows version

ok here is what i have done so far. i ran clamwin ( anitvirus ) and it found 2 problems :

Scan Started Fri Dec 18 06:05:25 2009
-------------------------------------------------------------------------------

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a6adc2be8539f3034d5247e6dfa3267_ab562468-bd0a-4927-81f6-bddba689b279: Permission denied
C:\Documents and Settings\Janet\Local Settings\Temp\E6.tmp: Trojan.Dropper-23141 FOUND
C:\Documents and Settings\Janet\Local Settings\Temp\E6.tmp: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\E6.tmp.infected'
C:\Documents and Settings\Janet\Local Settings\Temp\F0.tmp: Trojan.Dropper-23141 FOUND
C:\Documents and Settings\Janet\Local Settings\Temp\F0.tmp: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\F0.tmp.infected'
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
C:\WINDOWS\system32\drivers\rqxtfp.sys: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 677872
Engine version: 0.95.3
Scanned directories: 12474
Scanned files: 116626
Infected files: 2
Data scanned: 23512.66 MB
Data read: 21548.48 MB (ratio 1.09:1)
Time: 13451.203 sec (224 m 11 s)

soon after i deleted them. then i ran spybot :
-- Report generated: 2009-12-18 14:25 ---

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $DC50EBD1] Executable (File, fixed)
C:\Program Files\InternetSecurity2010\IS2010.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $21695B76] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Opachki.ru: [SBI $DC5CFC0F] Autorun settings (notepad) (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad

Opachki.ru: [SBI $DC5CFC0F] Autorun settings (notepad) (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad

Opachki.ru: [SBI $8EAABB24] Library (File, fixed)
C:\Documents and Settings\Anne\Start Menu\Programs\Startup\scandisk.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Opachki.ru: [SBI $8EAABB24] Library (File, fixed)
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Opachki.ru: [SBI $B88A1213] Link (File, fixed)
C:\Documents and Settings\Anne\Start Menu\Programs\Startup\scandisk.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Opachki.ru: [SBI $B88A1213] Link (File, fixed)
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Agent.wu: [SBI $F76387AF] Autorun settings (winupdate86.exe) (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe

Win32.Agent.wu: [SBI $F76387AF] Program file (File, fixed)
C:\WINDOWS\system32\winupdate86.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde.atr: [SBI $ADF6CE3E] Configuration file (File, fixed)
C:\WINDOWS\Tasks\uyfqaaue.job
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde.dll: [SBI $2F4068FC] Library (File, fixed)
C:\WINDOWS\system32\yabutuwi.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde.dll: [SBI $AE112DD6] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs=....dll...

Virtumonde.prx: [SBI $81D8C514] Autorun settings (nejepidof) (Registry value, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nejepidof

Virtumonde.sdn: [SBI $70056CE6] Data (File, fixed)
C:\WINDOWS\system32\dufubuga
Properties.size=1744
Properties.md5=4FDF7661C37387B3865E15B7047AF2A4
Properties.filedate=1261167888
Properties.filedatetext=2009-12-18 14:24:48

BurstMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


BurstMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-12-12 unins000.exe (51.49.0.0)
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-01-26 SDShred.exe (1.0.2.5)
2009-12-17 spybotsd_includes.exe
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-26 advcheck.dll (1.6.2.15)
2009-01-26 SDHelper.dll (1.6.2.14)
2009-01-26 Tools.dll (2.1.6.10)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2009-01-22 Includes\Revision.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-15 Includes\Malware.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-10-08 Includes\Adware.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2009-12-15 Includes\DialerC.sbi (*)
2009-12-15 Includes\HijackersC.sbi (*)
2009-12-15 Includes\KeyloggersC.sbi (*)
2009-12-15 Includes\MalwareC.sbi (*)
2009-12-15 Includes\PUPSC.sbi (*)
2009-12-15 Includes\SecurityC.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-12-15 Includes\SpywareC.sbi (*)
2009-12-15 Includes\AdwareC.sbi (*)
2009-12-15 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll

i was able eto delete most problems but both Virtumonde and Opachki.ru still remain after a second scan sfter a restart

then i ran hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:58 AM, on 12/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\ctfmon.exe
C:\Program Files\PeoplePC\ISP6100\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6100\Browser\PPShared.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\hp\digital imaging\smart web printing\hpswp_clipbook.exe
c:\program files\aim\aim.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O4 - HKLM\..\Run: [ClamWin] "I:\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [MSConfig] c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [nejepidof] Rundll32.exe "c:\windows\system32\suzirowa.dll",a
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FD03FBF-A7CC-4378-81E6-472CDA2CFCE4}: NameServer = 207.69.188.167 207.69.188.166
O20 - AppInit_DLLs: fepabavi c:\windows\system32\suzirowa.dll,fepabavi.dll
O21 - SSODL: lajeyemaw - {efa2d421-1a0f-4a5c-878e-9e6de7e43ae0} - c:\windows\system32\suzirowa.dll
O22 - SharedTaskScheduler: tokatiluy - {efa2d421-1a0f-4a5c-878e-9e6de7e43ae0} - c:\windows\system32\suzirowa.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3034 bytes

after that i thought i had fix my computer but like i said 2 or 3 days later everything would come back and i have to do this all over again .... been at this for a week now and cant seem to make any head way.
also from read a few other post on her ei know that the firewall that comes with windows suck so i was thinking about downloading zonealarm form cnet is this a good firewall??
also internet explorer is not working and has been takin over by the virus as well and firefox is showing sign of it as well by being redirceted to vius infected sites

and this is a big o crap , safe mode has been disable !!!

please help .... as leelu would say from fifth element

peku006
2009-12-21, 18:02
Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006

blackdra
2009-12-22, 13:28
well im batting a thousand ....... i downloaded combofix and it wont run .......

peku006
2009-12-22, 14:23
Hi blackdra

do not worry, we can use other tools

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log


Thanks peku006

blackdra
2009-12-22, 15:03
de ja vu

same thing happen downloaded dosent run say script error or cant find script

peku006
2009-12-22, 15:36
Hi blackdra

:banghead:

Please download DDS by sUBs from one of the links below and save it to your desktop:

http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
Download DDS and save it to your desktop

Link1 (http://www.techsupportforum.com/sectools/sUBs/dds)
Link2 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link3 (http://www.forospyware.com/sUBs/dds)

Please disable any anti-malware program that will block scripts from running before running DDS.


Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:

DDS.txt
Attach.txt

A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply


Next Reply

Please reply with:
DDS.txt
Attach.txt


Thanks peku006

blackdra
2009-12-22, 23:40
1


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2006 3:53:59 PM
System Uptime: 12/22/2009 7:30:51 AM (8 hours ago)

Motherboard: First International Computer, Inc. | | VC37 Series
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Socket 478 | 2659/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 89.618 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_924F1509&REV_10\4&1A671D0C&0&18F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_924F1509&REV_10\4&1A671D0C&0&18F0
Service: RTL8023

==== System Restore Points ===================

RP1: 12/16/2009 6:20:45 AM - System Checkpoint
RP2: 12/17/2009 9:15:00 AM - System Checkpoint
RP3: 12/18/2009 10:12:30 AM - System Checkpoint
RP4: 12/20/2009 8:11:45 AM - System Checkpoint
RP5: 12/21/2009 8:34:55 AM - System Checkpoint
RP6: 12/22/2009 5:19:02 AM - Restore Operation

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.57
Action Replay Code Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Adobe Shockwave Player
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AudibleManager
AVI Movie Player
BufferChm
CIF USB Camera (2110A)
ClamWin Free Antivirus 0.95.3
CompuServe
Copy
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Destinations
DeviceDiscovery
DivX Web Player
DJ_AIO_06_F2400_SW_Min
eMachines Bay Reader
F2400
Google Talk (remove only)
GPBaseService2
GTK+ Runtime 2.14.7 rev a (remove only)
Guifications Plugin (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ICQ
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 2
Learn2 Player (Uninstall Only)
LimeWire 4.16.6
Malwarebytes' Anti-Malware
MarketResearch
McGraw-Hill's GED
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Microsoft Works 7.0
mIRC
Mozilla Firefox (3.0.16)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero OEM
PaltalkScene
PC Tools Firewall Plus 6.0
PeoplePC Online
PeoplePC: PeoplePal Toolbar 6.1
Pidgin
PowerDVD
PowerMenu 1.51
Project Pokemon Save Editor
PurePlay Poker
QuickTime
RD1021/1071 Lyra Personal Audio Player Applications
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Scan
SceneCaster
Screenshot Captor 2.30.04
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
Shoddy Battle
Shop for HP Supplies
Skype™ 3.8
SmartWebPrinting
SoftV92 Data Fax Modem with SmartCP
SolutionCenter
Spybot - Search & Destroy
Status
The Sims 2
The Sims 2 Pets
The Sims™ 2 Seasons
Toolbox
TrayApp
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Walgreens PhotoShow Express 4
WebFldrs XP
WebReg
Winamp
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Movie Maker 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

12/22/2009 5:13:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss Tcpip
12/19/2009 5:01:21 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
12/19/2009 4:58:32 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
12/19/2009 3:21:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/19/2009 3:19:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/19/2009 3:19:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:19:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:19:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:19:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:18:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/19/2009 3:18:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/18/2009 5:45:31 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/18/2009 5:45:27 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/16/2009 6:21:48 AM, error: Service Control Manager [7023] - The BtwSrv service terminated with the following error: The specified module could not be found.
12/16/2009 5:06:55 AM, error: Service Control Manager [7034] - The fastnetsrv Service service terminated unexpectedly. It has done this 1 time(s).
12/15/2009 7:08:11 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
12/15/2009 6:51:24 AM, error: Service Control Manager [7034] - The fastnetsrv Service service terminated unexpectedly. It has done this 2 time(s).
12/15/2009 3:56:14 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
12/15/2009 3:48:33 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
12/15/2009 1:47:57 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/15/2009 1:46:53 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================



and 2



DDS (Ver_09-09-29.01) - NTFSx86
Run by Eric at 15:28:56.65 on Tue 12/22/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.933 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k netsvc
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\pc tools firewall plus\firewallgui.exe
c:\windows\system32\ctfmon.exe
C:\Program Files\PeoplePC\ISP6100\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6100\Browser\PPShared.exe
c:\documents and settings\eric\desktop\dds(2).com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Page =
uInternet Settings,ProxyServer = localhost:8080
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [nejepidof] Rundll32.exe "c:\windows\system32\yobiseha.dll",a
mPolicies-system: EnableLUA = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: fepabavi.dll c:\windows\system32\yobiseha.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: rehirodup - {3c80fcc8-b88d-4740-bcec-d2d122abcbe9} - c:\windows\system32\yobiseha.dll
STS: mujuzedij: {3c80fcc8-b88d-4740-bcec-d2d122abcbe9} - c:\windows\system32\yobiseha.dll
LSA: Notification Packages = scecli rayedutu.dll kafiseri.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\5f6awe7z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yu-Gi-Oh! (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.ftp - proxy_sever
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy_sever
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy_sever
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy_sever
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy_sever
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPView22.dll
FF - plugin: c:\program files\scenecaster\version 3.11.16\NPSceneCaster.dll
FF - plugin: c:\program files\view22\version_4\NPView22.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-20 233136]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-20 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-12-20 818432]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2004-1-1 14336]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-20 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-20 70408]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-20 56512]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-20 115216]
S1 tdidis32.sys;tdidis32.sys;\??\c:\windows\system32\tdidis32.sys --> c:\windows\system32\tdidis32.sys [?]
S2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2004-1-1 14336]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2006-11-27 227200]
S4 fastnetsrv;fastnetsrv Service;c:\windows\system32\fastnetsrv.exe --> c:\windows\system32\FastNetSrv.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-15 24652]

=============== Created Last 30 ================

2009-12-22 06:59 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 06:59 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-22 06:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 06:56 <DIR> --d----- c:\docume~1\eric\applic~1\Malwarebytes
2009-12-22 06:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-22 05:19 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-12-22 05:10 <DIR> --d----- C:\32788R22FWJFW(2)
2009-12-20 11:35 2,098 ---sh--- c:\windows\system32\dajifuji.exe
2009-12-20 08:16 <DIR> --d----- c:\docume~1\eric\applic~1\PCToolsFirewallPlus
2009-12-20 08:15 <DIR> --d----- c:\program files\common files\PC Tools
2009-12-20 08:15 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-12-20 07:15 0 a--sh--- c:\windows\system32\bemevaja.dll
2009-12-20 07:14 0 a--shrot c:\windows\wininit.ini
2009-12-19 20:34 2,098 ---sh--- c:\windows\system32\bawayeka.exe
2009-12-17 16:19 0 a------- c:\windows\system32\21906.exe
2009-12-16 13:55 2,098 ---sh--- c:\windows\system32\gezibaju.exe
2009-12-15 16:55 <DIR> --d----- c:\windows\system32\cock
2009-12-14 22:52 707,072 a------- c:\windows\system32\drivers\rqxtfp.sys
2009-12-14 22:48 118 a------- c:\windows\system32\711046.BAT
2009-12-14 22:48 32,768 a------- c:\windows\system32\msilojzb.dll
2009-12-14 03:02 <DIR> --d----- c:\program files\MSXML 4.0
2009-12-14 01:10 61 a------- c:\windows\system32\urhtps.dat
2009-12-13 10:54 <DIR> --d-h--- c:\windows\PIF
2009-12-11 23:42 <DIR> --d----- c:\docume~1\eric\applic~1\.clamwin
2009-12-11 23:41 <DIR> --d----- c:\documents and settings\all users\.clamwin
2009-12-11 15:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-12-11 15:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-11 15:27 <DIR> --d----- c:\program files\Trend Micro
2009-12-10 11:08 19,456 a------- c:\windows\system32\winhelper86.dll
2009-12-10 08:31 2,098 ---sh--- c:\windows\system32\musosami.dll
2009-12-10 08:31 2,098 ---sh--- c:\windows\system32\tipezuku.dll
2009-12-10 08:31 2,098 ---sh--- c:\windows\system32\rijiraza.dll
2009-12-10 08:18 0 a------- c:\windows\system32\23811.exe
2009-12-10 07:58 0 a------- c:\windows\system32\28703.exe
2009-12-10 07:38 0 a------- c:\windows\system32\9894.exe
2009-12-10 07:18 0 a------- c:\windows\system32\17035.exe
2009-12-10 06:58 0 a------- c:\windows\system32\26299.exe
2009-12-10 06:38 0 a------- c:\windows\system32\25667.exe
2009-12-10 06:18 0 a------- c:\windows\system32\19912.exe
2009-12-10 05:58 0 a------- c:\windows\system32\1869.exe
2009-12-10 05:38 0 a------- c:\windows\system32\11538.exe
2009-12-10 05:18 0 a------- c:\windows\system32\14771.exe
2009-12-10 04:58 0 a------- c:\windows\system32\21726.exe
2009-12-10 04:38 0 a------- c:\windows\system32\5447.exe
2009-12-10 04:18 0 a------- c:\windows\system32\19895.exe
2009-12-10 03:57 0 a------- c:\windows\system32\19718.exe
2009-12-10 03:37 0 a------- c:\windows\system32\18716.exe
2009-12-10 03:17 0 a------- c:\windows\system32\17421.exe
2009-12-10 02:57 0 a------- c:\windows\system32\12382.exe
2009-12-10 02:37 0 a------- c:\windows\system32\292.exe
2009-12-10 02:17 0 a------- c:\windows\system32\153.exe
2009-12-10 01:57 0 a------- c:\windows\system32\3902.exe
2009-12-10 01:37 0 a------- c:\windows\system32\14604.exe
2009-12-10 01:17 0 a------- c:\windows\system32\32391.exe
2009-12-10 00:57 0 a------- c:\windows\system32\5436.exe
2009-12-10 00:37 0 a------- c:\windows\system32\4827.exe
2009-12-10 00:17 0 a------- c:\windows\system32\11942.exe
2009-12-09 23:57 0 a------- c:\windows\system32\2995.exe
2009-12-09 23:37 0 a------- c:\windows\system32\491.exe
2009-12-09 23:17 0 a------- c:\windows\system32\9961.exe
2009-12-09 22:57 0 a------- c:\windows\system32\16827.exe
2009-12-09 22:37 0 a------- c:\windows\system32\23281.exe
2009-12-09 22:17 0 a------- c:\windows\system32\28145.exe
2009-12-09 21:57 0 a------- c:\windows\system32\5705.exe
2009-12-09 21:36 0 a------- c:\windows\system32\24464.exe
2009-12-09 21:16 0 a------- c:\windows\system32\26962.exe
2009-12-09 20:56 0 a------- c:\windows\system32\29358.exe
2009-12-09 20:36 0 a------- c:\windows\system32\11478.exe
2009-12-09 20:16 0 a------- c:\windows\system32\15724.exe
2009-12-09 19:56 0 a------- c:\windows\system32\19169.exe
2009-12-09 19:36 0 a------- c:\windows\system32\26500.exe
2009-12-09 19:16 0 a------- c:\windows\system32\6334.exe
2009-12-09 18:56 0 a------- c:\windows\system32\18467.exe
2009-12-09 18:36 0 a------- c:\windows\system32\41.exe
2009-12-09 18:36 19,968 a--sh--- c:\windows\system32\winlogon86.exe
2009-12-09 05:06 <DIR> --d----- c:\windows\system32\lowsec
2009-12-09 04:07 9,908 ---sh--- c:\windows\system32\siyizene.dll
2009-12-04 09:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-12-04 09:17 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-12-04 09:16 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-12-04 09:16 452,408 a----r-- c:\windows\system32\hpzids01.dll
2009-12-04 09:16 123,904 a------- c:\windows\system32\hpf3l70v.dll
2009-12-04 09:16 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-12-04 09:16 712,704 a----r-- c:\windows\system32\hposwia_d02c.dll
2009-12-04 09:16 589,824 a----r-- c:\windows\system32\hpost_d02c.dll
2009-12-04 09:16 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-12-04 09:16 315,392 a----r-- c:\windows\system32\hposc_d02a.dll
2009-12-04 09:16 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-12-04 09:11 <DIR> --d----- c:\program files\common files\HP
2009-12-04 09:11 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-12-04 09:10 <DIR> --d----- c:\program files\HP
2009-12-04 09:07 160,881 a------- c:\windows\hpoins44.dat
2009-12-04 09:07 586 -------- c:\windows\hpomdl44.dat
2009-12-04 08:48 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-12-04 08:48 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-12-04 08:48 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-12-04 08:48 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-12-03 01:36 2,805 a------- c:\windows\system32\ShellFolder
2009-12-02 14:33 <DIR> --d----- c:\windows\pss
2009-12-02 12:45 156,160 a------- c:\windows\system32\leopehgqqd78o.exe
2009-12-02 12:36 112 a------- c:\windows\system32\srvblck2.tmp
2009-12-02 12:35 17 a------- c:\windows\system32\user.cfg
2009-12-02 12:35 <DIR> --d----- c:\windows\system32\xmldm
2009-12-02 12:35 <DIR> --d----- c:\windows\system32\UAs
2009-11-30 00:15 8,823 a------- c:\windows\system32\t1p0_593775141973.b1k
2009-11-30 00:03 22,831 a------- c:\windows\system32\t1p0_444989264064.b1k
2009-11-28 01:23 148,992 a------- c:\windows\system32\nsysd.ini
2009-11-28 01:23 6,414 a------- c:\windows\system32\krncode.dat
2009-11-28 01:23 994,304 a------- c:\windows\system32\nsysk.ini
2009-11-28 01:23 986,112 a------- c:\windows\system32\olsysk.dat
2009-11-28 01:23 670,208 a------- c:\windows\system32\nsysw.ini
2009-11-28 01:23 662,016 a------- c:\windows\system32\olsysw.dat
2009-11-28 01:23 23,905 a------- c:\windows\system32\wincode.dat
2009-11-28 01:23 21,504 a------- c:\windows\system32\nsysp.ini
2009-11-28 01:23 17,408 a------- c:\windows\system32\olsysp.dat
2009-11-28 01:23 1,617 a------- c:\windows\system32\pwrcode.dat
2009-11-28 01:23 47,856 a------- c:\windows\system32\shifld2.old
2009-11-28 00:17 32,768 a------- c:\windows\system32\msynldks.dll
2009-11-28 00:04 25,600 a------- c:\windows\system32\tdlcmd.dll

==================== Find3M ====================

2009-12-14 05:24 21,504 a------- c:\windows\system32\powrprof.dll
2009-12-14 05:24 29,696 a--sh--- c:\documents and settings\eric\ntload.dll
2009-12-14 05:24 670,208 a------- c:\windows\system32\wininet.dll
2009-12-14 05:18 994,304 a------- c:\windows\system32\sysk.tmp
2009-12-14 05:18 670,208 a------- c:\windows\system32\sysw.tmp
2009-12-14 05:18 21,504 a------- c:\windows\system32\sysp.tmp
2009-11-28 01:23 148,992 a------- c:\windows\system32\rsysd.tmp
2009-11-24 08:54 56,512 a------- c:\windows\system32\drivers\pctNdis.sys
2009-11-23 13:54 88,040 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-10 17:11 70,408 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-11-09 11:20 207,792 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-30 11:11 233,136 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-21 00:00 75,776 a------- c:\windows\system32\strmfilt.dll
2009-10-21 00:00 25,088 a------- c:\windows\system32\httpapi.dll
2009-10-13 04:53 266,752 a------- c:\windows\system32\oakley.dll
2009-10-12 07:54 112,128 a------- c:\windows\system32\rastls.dll
2009-10-12 07:54 69,632 a------- c:\windows\system32\raschap.dll
2009-09-24 23:56 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-15 05:49 53,248 a--sh--- c:\windows\system32\bahegope.dll
2009-09-11 17:24 35,328 a--sh--- c:\windows\system32\bebutepo.exe
2009-09-09 18:13 3 a--sh--- c:\windows\system32\bidapoyi.dll
2009-09-15 05:49 45,568 a--sh--- c:\windows\system32\bozilajo.dll
2009-09-09 18:58 3 a--sh--- c:\windows\system32\dobiyide.dll
2009-09-20 23:36 39,424 a--sh--- c:\windows\system32\dukiwava.dll
2009-09-09 18:35 19,456 a--sh--- c:\windows\system32\duyugesa.exe
2009-09-17 13:56 19,968 a--sh--- c:\windows\system32\fanesazi.exe
2009-09-09 19:21 3 a--sh--- c:\windows\system32\fejawoza.dll
2009-09-15 05:50 53,248 a--sh--- c:\windows\system32\fepabavi.dll
2009-09-15 05:49 19,968 a--sh--- c:\windows\system32\fezijepa.exe
2009-09-10 07:49 3 a--sh--- c:\windows\system32\gopeyuye.dll
2009-09-09 18:36 3 a--sh--- c:\windows\system32\guyeroso.dll
2009-09-10 08:12 3 a--sh--- c:\windows\system32\hipofahi.dll
2009-09-15 05:49 39,424 a--sh--- c:\windows\system32\hofonike.dll
2009-09-17 01:56 39,424 a--sh--- c:\windows\system32\jesoyaru.dll
2009-09-09 18:36 3 a--sh--- c:\windows\system32\jivesiye.dll
2009-09-09 19:21 3 a--sh--- c:\windows\system32\jonesuke.dll
2009-09-15 05:50 53,248 a--sh--- c:\windows\system32\kafiseri.dll
2009-09-20 23:35 61,952 a--sh--- c:\windows\system32\ladahawe.dll
2009-09-09 19:44 3 a--sh--- c:\windows\system32\lezarase.dll
2009-09-09 19:21 3 a--sh--- c:\windows\system32\lubosuve.dll
2009-09-09 18:13 3 a--sh--- c:\windows\system32\lutehibe.dll
2009-09-17 13:56 39,424 a--sh--- c:\windows\system32\muwuhare.dll
2009-09-17 13:56 45,568 a--sh--- c:\windows\system32\naruhogo.dll
2009-09-09 19:44 3 a--sh--- c:\windows\system32\navepolu.dll
2009-09-09 19:21 3 a--sh--- c:\windows\system32\nisamuva.dll
2009-09-09 18:35 3 a--sh--- c:\windows\system32\pilabuma.dll
2009-09-10 08:11 3 a--sh--- c:\windows\system32\piyidaze.dll
2009-09-11 17:24 45,568 a--sh--- c:\windows\system32\sayawoha.dll
2009-09-10 08:11 3 a--sh--- c:\windows\system32\sirodave.dll
2009-09-10 07:49 3 a--sh--- c:\windows\system32\tobigude.dll
2009-09-17 13:56 19,968 a--sh--- c:\windows\system32\winlogon86.exe
2009-09-11 17:24 39,424 a--sh--- c:\windows\system32\wopowupa.dll
2009-09-09 18:35 3 a--sh--- c:\windows\system32\yademejo.dll
2009-09-09 18:58 3 a--sh--- c:\windows\system32\yafilore.dll
2009-09-15 05:50 53,248 a--sh--- c:\windows\system32\yijeyenu.dll
2009-09-20 23:35 93,184 a--sh--- c:\windows\system32\yobiseha.dll
2009-09-09 18:13 3 a--sh--- c:\windows\system32\yuteraji.dll
2009-09-10 07:49 3 a--sh--- c:\windows\system32\zehasipe.dll
2009-09-09 18:58 3 a--sh--- c:\windows\system32\zinozobu.dll
2009-09-10 08:34 39,424 a--sh--- c:\windows\system32\zivogima.dll

============= FINISH: 15:30:32.21 ===============

peku006
2009-12-23, 11:22
Hi blackdra

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Limewire

I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


1 - Download and Run Rkill

Please download Rkill from one of the following links and save to your Desktop:

Link 1 (http://download.bleepingcomputer.com/grinler/rkill.exe)
Link 2 (http://download.bleepingcomputer.com/grinler/rkill.com)
Link 3 (http://download.bleepingcomputer.com/grinler/rkill.scr)
Link 4 (http://download.bleepingcomputer.com/grinler/rkill.pif)



Double click on Rkill.
A command window will open then disappear upon completion, this is normal.
Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

With that done, please try Combofix again

include the C:\ComboFix.txt in your next reply

Thanks peku006

blackdra
2009-12-23, 12:52
:hair::slap:

combofix did not work again :
rejection:
windows can not find 32788r22fwjfw\IEXPLORE.exe
windows can not find 32788r22fwjfw\hidec.exe
windows can not find 32788r22fwjfw\n.pif
windows can not find 32788r22fwjfw\nircmd.cfxxe

and rkill had a unknown error and shut it self down ..... i hate my computer ......i need a mac ..... but hey lime wire is not uninstalled

whats PEV?? it came with rkill and ran that it was fine

peku006
2009-12-23, 14:49
Hi blackdra


but hey lime wire is not uninstalled
why not, which is the reason that you do not remove it

Thanks peku006

blackdra
2009-12-23, 16:29
no no i did limewire has been deleted that not should had been now my bad

peku006
2009-12-23, 17:58
Hi blackdra

your computer is really dirty..........:slap:

Download and run OTS

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.

NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).


Thanks peku006

blackdra
2009-12-23, 23:59
[code]
OTS logfile created on: 12/23/2009 3:42:34 PM - Run 1
OTS by OldTimer - Version 3.1.12.0 Folder = c:\documents and settings\eric\desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 89.60 Gb Free Space | 80.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKSILVER
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
bartshel.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\BartShel.exe -> [2005/06/13 13:55:37 | 00,150,016 | ---- | M]

(PeoplePC)
ppshared.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\PPShared.exe -> [2005/06/13 13:55:37 | 00,092,672 | ---- | M]

(PeoplePC)
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
ctsvccda.exe -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative

Technology Ltd)

[Modules - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
fepabavi.dll -> C:\WINDOWS\system32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | M] ()
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-

ww_ac3f9c03\comctl32.dll -> [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(fastnetsrv) fastnetsrv Service [Disabled | Stopped] -> -> File not found
(SPService) SPService [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL ->

[2009/12/10 10:59:19 | 00,057,856 | ---- | M] ()
(PCToolsFirewallPlus) PC Tools Firewall Plus [Auto | Stopped] -> C:\Program Files\PC Tools Firewall Plus\FWService.exe ->

[2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2009/05/21

22:13:36 | 00,248,832 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll ->

[2009/05/21 22:03:06 | 00,133,120 | ---- | M] (Hewlett-Packard Co.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/12/03 20:05:42 |

00,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/12/03 20:05:32 |

00,044,544 | ---- | M] (Hewlett-Packard)
(Viewpoint Manager Service) Viewpoint Manager Service [Disabled | Stopped] -> C:\Program

Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50

| 00,065,536 | ---- | M] (America Online, Inc.)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running] -> C:\WINDOWS\system32

\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)

[Driver Services - Safe List]
(pctNDIS) PC Tools Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis.sys -> [2009/11/24

08:54:56 | 00,056,512 | ---- | M] (PC Tools)
(PCTAppEvent) PCTAppEvent Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PCTAppEvent.sys ->

[2009/11/23 13:54:20 | 00,088,040 | ---- | M] (PC Tools)
(PCTFW-PacketFilter) PCTools Firewall - Packet filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\pctNdis-PacketFilter.sys -> [2009/11/10 17:11:36 | 00,070,408 | ---- | M] (PC Tools)
(pctgntdi) pctgntdi [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pctgntdi.sys -> [2009/10/30 11:11:00 |

00,233,136 | ---- | M] (PC Tools)
(pctplfw) pctplfw [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pctplfw.sys -> [2009/10/16 16:55:00 |

00,115,216 | ---- | M] (PC Tools)
(PCTFW-DNS) PCTools Firewall - DNS driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-

DNS.sys -> [2009/08/14 13:44:18 | 00,032,552 | ---- | M] (PC Tools)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2009/04/28 14:20:06 |

00,044,944 | ---- | M] (Sonic Solutions)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys ->

[2008/10/28 04:27:07 | 00,049,920 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\HPZius12.sys -> [2008/10/28 04:27:07 | 00,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\HPZipr12.sys -> [2008/10/28 04:27:07 | 00,016,496 | R--- | M] (HP)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480

| ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] ->

C:\WINDOWS\system32\drivers\rtl8139.sys -> [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor

Corporation)
(SunkFilt39) Alcor Micro Corp - 3239 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Sunkfilt39.sys ->

[2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.)
(SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys ->

[2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] ->

C:\WINDOWS\system32\drivers\ialmsbw.sys -> [2004/01/29 20:13:06 | 00,122,110 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmnt5.sys -> [2004/01/29 20:13:06 |

00,095,579 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] ->

C:\WINDOWS\system32\drivers\ialmkchw.sys -> [2004/01/29 20:13:04 | 00,099,002 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2004/01/16 15:21:48 |

00,012,970 | ---- | M] (Conexant)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\asctrm.sys -> [2004/01/01 05:38:00 |

00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/13

19:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/13 19:17:00 |

01,042,816 | ---- | M] (Conexant Systems, Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\ALCXWDM.SYS -> [2003/08/21 02:31:52 | 00,462,940 | ---- | M] (Realtek Semiconductor Corp.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\ALCXSENS.SYS -> [2003/08/14 09:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] ->

C:\WINDOWS\system32\drivers\Rtlnic51.sys -> [2003/08/13 01:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor

Corporation )
(CCCP106) CIF USB Camera (2110A) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\cccp106.sys ->

[2003/04/28 05:03:36 | 00,227,200 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys ->

[2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys ->

[2001/09/27 13:00:26 | 00,028,396 | ---- | M] (America Online, Inc.)
(USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbio.sys -> [2001/05/07

04:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" ->

http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultURL" ->

http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: SearchURL\\"provider" -> live ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyEnable" -> 1 ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyServer" -> localhost:8080 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Eric\Application

Data\Mozilla\FireFox\Profiles\5f6awe7z.default\prefs.js ->
browser.search.defaultenginename -> "Bing" ->
browser.search.defaulturl -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Yu-Gi-Oh! (en)" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.deviantart.com/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 ->
extensions.enabledItems -> {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> smartwebprinting@hp.com:4.5 ->
extensions.enabledItems -> {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 ->
extensions.enabledItems -> {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2 ->
extensions.enabledItems -> {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
keyword.URL -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
network.proxy.ftp -> "proxy_sever" ->
network.proxy.ftp_port -> 8080 ->
network.proxy.gopher -> "proxy_sever" ->
network.proxy.gopher_port -> 8080 ->
network.proxy.http -> "proxy_sever" ->
network.proxy.http_port -> 8080 ->
network.proxy.socks -> "proxy_sever" ->
network.proxy.socks_port -> 8080 ->
network.proxy.ssl -> "proxy_sever" ->
network.proxy.ssl_port -> 8080 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\CompuServe 7.0\Extensions -> ->
HKLM\software\mozilla\CompuServe 7.0\Extensions\\ -> ->
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components -> C:\Program Files\Common

Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 |

---D | M]
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins -> C:\Program Files\Common Files\csshare\plugins0942

[C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\smart

web printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] ->

[2009/12/04 09:14:58 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components -> C:\Program Files\Mozilla Firefox\components

[C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM

FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions -> [2008/06/18 07:09:46 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions -> [2009/12/23

04:57:58 | 00,000,000 | ---D | M]
ChatZilla -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/12/13 19:53:31 |

00,000,000 | ---D | M]
MidnightFox -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} -> [2009/06/25 05:12:29

| 00,000,000 | ---D | M]
Aquatint Black Gloss -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} -> [2008/10/16 16:17:32

| 00,000,000 | ---D | M]
Aluminium Kai 2 -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c} -> [2008/05/21 19:22:55

| 00,000,000 | ---D | M]
PitchDark -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2009/07/10 07:53:06

| 00,000,000 | ---D | M]
Web Developer -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} -> [2009/07/10

07:53:11 | 00,000,000 | ---D | M]
Adblock Plus -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/12/13 19:53:32

| 00,000,000 | ---D | M]
Download Statusbar -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/05/14

07:01:09 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
bulbapedia-en.xml -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\bulbapedia-en.xml -> [2009/02/17 05:59:40 | 00,001,431 | ----

| M] ()
smogon.xml -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\smogon.xml -> [2008/11/20 06:55:13 | 00,002,321 | ---- | M] ()
yu-gi-oh-en.xml -> C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\yu-gi-oh-en.xml -> [2009/08/03 01:06:46 | 00,002,303 | ---- | M]

()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/23 04:57:58 | 00,000,000 | ---D | M]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > ->

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D424EDA1-E01F-45d6-AC89-9425DE6E710A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet

Explorer\Toolbar\ ->
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not

found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\

->
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not

found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-

1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not

found
ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not

found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"00PCTFW" -> C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall

Plus\FirewallGUI.exe" -s] -> [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools)
"nejepidof" -> C:\WINDOWS\System32\yobiseha.DLL [Rundll32.exe "c:\windows\system32\yobiseha.dll",a] -> [2009/09/20

23:35:57 | 00,093,184 | -HS- | M] ()
< Run [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-

1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> File not

found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Anne Startup Folder > -> C:\Documents and Settings\Anne\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup ->
< Janet Startup Folder > -> C:\Documents and Settings\Janet\Start Menu\Programs\Startup ->
< Shawn Startup Folder > -> C:\Documents and Settings\Shawn\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet

Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19

\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20

\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-

1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-

1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

Explorer\Extensions\ ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> c:\Program Files\aim\aim.exe [Button: AIM] -> [2006/08/01

14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital

Imaging\smart web printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/05/21 21:54:18 |

00,509,496 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> c:\Program Files\Spybot -

Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- |

M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet

Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01

14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web

printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search &

Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer

Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg

Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet

Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01

14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web

printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search &

Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer

Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg

Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-

1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01

14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web

printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search &

Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer

Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg

Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1

domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0

range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0

domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range

(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0

domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s)

found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0

domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s)

found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0

domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s)

found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-

283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
.[msn] -> My Computer ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-

283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

[Java Plug-in 1.6.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] ->

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | M] ()
c:\windows\system32\yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/01/29 20:13:24 | 00,323,584 | ---- | M] (Intel Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [rehirodup] -> [2009/09/20

23:35:57 | 00,093,184 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [mujuzedij] -> [2009/09/20

23:35:57 | 00,093,184 | -HS- | M] ()
< Domain Profile Authorized Applications List > ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Autho

rizedApplications\List ->
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common

Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital

Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 19:58:14 | 00,413,496 | ---- | M] (Hewlett-

Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe

[C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 06:22:32 | 00,016,896 | ----

| M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe

[C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 06:22:36 | 01,762,816 |

---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe

[C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 20:38:10 | 00,626,488 | --

-- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe

[C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 20:38:10 | 00,768,312 | ---- |

M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2009/05/21 18:22:54 | 00,354,616 | --

-- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | -

--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 |

00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 06:22:30 | 00,277,504 | ----

| M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 21:46:36 | 00,168,960 | ----

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 22:13:36 | 00,275,768 | ----

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 20:09:24 | 01,131,832 | ---- |

M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 20:09:24 | 01,049,400 | ----

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital

Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web

printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 21:54:18 | 00,024,632 | ---- | M] (Hewlett-

Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe

[C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 18:04:58 | 00,689,456 | ---- |

M] (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe

[C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 |

---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List ->
"C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe" -> C:\Documents and

Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe [C:\Documents and Settings\Anne\My

Documents\silverchild_24\VamPChaT\mirc.exe:*:Enabled:mIRC] -> [2003/06/01 21:40:46 | 01,790,464 | ---- | M] (mIRC Co.

Ltd.)
"C:\Program Files\aim\aim.exe" -> C:\Program Files\aim\aim.exe [C:\Program Files\aim\aim.exe:*:Enabled:AIM] ->

[2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common

Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital

Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 19:58:14 | 00,413,496 | ---- | M] (Hewlett-

Packard Co.)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe

[C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:googletalk] -> [2007/01/01 15:22:02 | 03,739,648 | ---- |

M] (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe

[C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 06:22:32 | 00,016,896 | ----

| M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe

[C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 06:22:36 | 01,762,816 |

---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe

[C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 20:38:10 | 00,626,488 | --

-- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe

[C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 20:38:10 | 00,768,312 | ---- |

M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2009/05/21 18:22:54 | 00,354,616 | --

-- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | -

--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 |

00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 06:22:30 | 00,277,504 | ----

| M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 21:46:36 | 00,168,960 | ----

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 22:13:36 | 00,275,768 | ----

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 20:09:24 | 01,131,832 | ---- |

M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe

[C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 20:09:24 | 01,049,400 | ----

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital

Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web

printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 21:54:18 | 00,024,632 | ---- | M] (Hewlett-

Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe

[C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 18:04:58 | 00,689,456 | ---- |

M] (Hewlett-Packard)
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program

Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft

Corporation)
"C:\Program Files\InternetSecurity2010\IS2010.exe" -> C:\Program Files\InternetSecurity2010\IS2010.exe [C:\Program

Files\InternetSecurity2010\IS2010.exe:*:Enabled:is2010] -> File not found
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program

Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla

Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2009/12/16 09:37:36 | 00,307,672 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe" -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe [C:\Program

Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:MSN Explorer] -> [2003/03/31 06:00:00 | 00,094,208 | ---- | M] (Microsoft

Corporation)
"C:\Program Files\Paltalk Messenger\paltalk.exe" -> C:\Program Files\Paltalk Messenger\paltalk.exe [C:\Program

Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene] -> File not found
"C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe" -> C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe

[C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe:*:Enabled:ppcolink] -> [2005/06/13 13:55:37 | 00,020,480 | ---- | M]

(PeoplePC)
"C:\Program Files\Pidgin\pidgin.exe" -> C:\Program Files\Pidgin\pidgin.exe [C:\Program

Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2009/08/19 09:03:42 | 00,045,603 | ---- | M] (The Pidgin developer community)
"C:\Program Files\PurePlay\Poker\PurePlayPoker.exe" -> C:\Program Files\PurePlay\Poker\PurePlayPoker.exe [C:\Program

Files\PurePlay\Poker\PurePlayPoker.exe:*:Enabled:PurePlay Poker] -> [2007/08/24 14:16:46 | 01,036,288 | ---- | M] (CyberArts

Licensing LLC)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program

Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:spybotsd] -> [2009/01/26 15:31:12 | 05,365,592 | RHS- |

M] (Safer Networking Limited)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe

[C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 |

---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program

Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program

Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2007/06/13

04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

[C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe:*:Enabled:msconfig] -> [2004/08/04 00:56:54 | 00,158,208 | ---- | M]

blackdra
2009-12-24, 00:00
(Microsoft Corporation)
"C:\WINDOWS\system32\lsm32.sys" -> C:\WINDOWS\System32\lsm32.sys [C:\WINDOWS\system32\lsm32.sys:*:Enabled:lsm32]

-> File not found
"C:\WINDOWS\Temp\cmd.exe" -> C:\WINDOWS\Temp\cmd.exe [C:\WINDOWS\Temp\cmd.exe:*:Enabled:cmd] -> File not

found
"C:\WINDOWS\Temp\spoolsv.exe" -> C:\WINDOWS\Temp\spoolsv.exe

[C:\WINDOWS\Temp\spoolsv.exe:*:Enabled:spoolsv] -> File not found
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom

->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/01/01 04:18:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]

\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:39:08 | 00,598,528 | ---- | C] (OldTimer Tools)
32788R22FWJFW -> C:\32788R22FWJFW -> [2009/12/23 04:44:33 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/22 06:59:42 | 00,038,224 | ---- | C]

(Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/22 06:59:40 | 00,019,160 | ---- | C] (Malwarebytes

Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/22 06:59:40 | 00,000,000 | ---D |

C]
Malwarebytes -> C:\Documents and Settings\Eric\Application Data\Malwarebytes -> [2009/12/22 06:56:22 | 00,000,000 | --

-D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/22 06:56:14 | 00,000,000

| ---D | C]
computer fix -> C:\Documents and Settings\Eric\Desktop\computer fix -> [2009/12/22 06:48:07 | 00,000,000 | ---D | C]
32788R22FWJFW(2) -> C:\32788R22FWJFW(2) -> [2009/12/22 05:10:14 | 00,000,000 | ---D | C]
PCToolsFirewallPlus -> C:\Documents and Settings\Eric\Application Data\PCToolsFirewallPlus -> [2009/12/20 08:16:51 |

00,000,000 | ---D | C]
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/12/20 08:15:31 | 00,207,792 | ---- | C] (PC Tools)
PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/12/20 08:15:31 | 00,088,040 | ---- | C] (PC

Tools)
pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/12/20 08:15:29 | 00,233,136 | ---- | C] (PC Tools)
pctNdis-PacketFilter.sys -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys -> [2009/12/20 08:15:08 | 00,070,408 | ----

| C] (PC Tools)
pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/12/20 08:15:08 | 00,056,512 | ---- | C] (PC Tools)
pctNdis-DNS.sys -> C:\WINDOWS\System32\drivers\pctNdis-DNS.sys -> [2009/12/20 08:15:08 | 00,032,552 | ---- | C] (PC Tools)
PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/12/20 08:15:08 | 00,000,000 | ---D | C]
pctplfw.sys -> C:\WINDOWS\System32\drivers\pctplfw.sys -> [2009/12/20 08:15:05 | 00,115,216 | ---- | C] (PC Tools)
PC Tools Firewall Plus -> C:\Program Files\PC Tools Firewall Plus -> [2009/12/20 08:15:03 | 00,000,000 | ---D | C]
cock -> C:\WINDOWS\System32\cock -> [2009/12/15 16:55:44 | 00,000,000 | ---D | C]
msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll -> [2009/12/14 22:48:49 | 00,032,768 | ---- | C] (USA)
AdobeUM -> C:\Documents and Settings\LocalService\Application Data\AdobeUM -> [2009/12/14 20:28:17 | 00,000,000 |

---D | M]
Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2009/12/14 20:28:17 |

00,000,000 | ---D | M]
MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2009/12/14 03:02:47 | 00,000,000 | ---D | C]
PIF -> C:\WINDOWS\PIF -> [2009/12/13 10:54:39 | 00,000,000 | -H-D | C]
.clamwin -> C:\Documents and Settings\Eric\Application Data\.clamwin -> [2009/12/11 23:42:17 | 00,000,000 | ---D | C]
.clamwin -> C:\Documents and Settings\All Users\.clamwin -> [2009/12/11 23:41:39 | 00,000,000 | ---D | C]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/12/11 15:30:36 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->

[2009/12/11 15:28:59 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/12/11 15:27:04 | 00,000,000 | ---D | C]
lowsec -> C:\WINDOWS\System32\lowsec -> [2009/12/09 05:06:02 | 00,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/12/04 22:20:57 | 00,000,000 | ---D |

M]
HPAppData -> C:\Documents and Settings\Eric\Application Data\HPAppData -> [2009/12/04 16:06:23 | 00,000,000 | ---D |

C]
WEBREG -> C:\Documents and Settings\All Users\Application Data\WEBREG -> [2009/12/04 09:18:29 | 00,000,000 | ---D | C]
HPZipr12.sys -> C:\WINDOWS\System32\drivers\HPZipr12.sys -> [2009/12/04 09:17:00 | 00,016,496 | R--- | C] (HP)
HPZid412.sys -> C:\WINDOWS\System32\drivers\HPZid412.sys -> [2009/12/04 09:16:58 | 00,049,920 | R--- | C] (HP)
hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2009/12/04 09:16:33 | 00,452,408 | R--- | C] (Hewlett-Packard)
hpf3l70v.dll -> C:\WINDOWS\System32\hpf3l70v.dll -> [2009/12/04 09:16:33 | 00,123,904 | ---- | C] (Hewlett-Packard

Company)
HPZius12.sys -> C:\WINDOWS\System32\drivers\HPZius12.sys -> [2009/12/04 09:16:24 | 00,021,568 | R--- | C] (HP)
hposwia_d02c.dll -> C:\WINDOWS\System32\hposwia_d02c.dll -> [2009/12/04 09:16:07 | 00,712,704 | R--- | C] (Hewlett-

Packard)
hpost_d02c.dll -> C:\WINDOWS\System32\hpost_d02c.dll -> [2009/12/04 09:16:07 | 00,589,824 | R--- | C] (Hewlett-Packard

Co.)
hppldcoi.dll -> C:\WINDOWS\System32\hppldcoi.dll -> [2009/12/04 09:16:07 | 00,372,736 | R--- | C] (Hewlett-Packard)
hposc_d02a.dll -> C:\WINDOWS\System32\hposc_d02a.dll -> [2009/12/04 09:16:07 | 00,315,392 | R--- | C] (Hewlett-Packard

Co.)
difxapi.dll -> C:\WINDOWS\System32\difxapi.dll -> [2009/12/04 09:16:07 | 00,309,760 | R--- | C] (Microsoft Corporation)
HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2009/12/04 09:13:17

| 00,000,000 | ---D | C]
HP -> C:\Program Files\Common Files\HP -> [2009/12/04 09:11:53 | 00,000,000 | ---D | C]
Hewlett-Packard -> C:\Program Files\Common Files\Hewlett-Packard -> [2009/12/04 09:11:25 | 00,000,000 | ---D | C]
HP -> C:\Documents and Settings\All Users\Application Data\HP -> [2009/12/04 09:11:10 | 00,000,000 | ---D | C]
HP -> C:\Program Files\HP -> [2009/12/04 09:10:05 | 00,000,000 | ---D | C]
usbscan.sys -> C:\WINDOWS\System32\dllcache\usbscan.sys -> [2009/12/04 08:48:27 | 00,015,104 | ---- | C] (Microsoft

Corporation)
usbprint.sys -> C:\WINDOWS\System32\dllcache\usbprint.sys -> [2009/12/04 08:48:24 | 00,025,856 | ---- | C] (Microsoft

Corporation)
pss -> C:\WINDOWS\pss -> [2009/12/02 14:33:53 | 00,000,000 | ---D | C]
xmldm -> C:\WINDOWS\System32\xmldm -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
UAs -> C:\WINDOWS\System32\UAs -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2009/11/29 01:14:34 | 00,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2009/11/29 00:24:21 |

00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/29 00:04:44 |

00,000,000 | ---D | M]
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | C] (Microsoft Corporation)
nsysk.ini -> C:\WINDOWS\System32\nsysk.ini -> [2009/11/28 01:23:16 | 00,994,304 | ---- | C] (Microsoft Corporation)
olsysk.dat -> C:\WINDOWS\System32\olsysk.dat -> [2009/11/28 01:23:16 | 00,986,112 | ---- | C] (Microsoft Corporation)
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/11/28 01:23:16 | 00,670,208 | ---- | C] (Microsoft Corporation)
olsysw.dat -> C:\WINDOWS\System32\olsysw.dat -> [2009/11/28 01:23:16 | 00,662,016 | ---- | C] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/11/28 01:23:16 | 00,021,504 | ---- | C] (Microsoft Corporation)
olsysp.dat -> C:\WINDOWS\System32\olsysp.dat -> [2009/11/28 01:23:16 | 00,017,408 | ---- | C] (Microsoft Corporation)
msynldks.dll -> C:\WINDOWS\System32\msynldks.dll -> [2009/11/28 00:17:09 | 00,032,768 | ---- | C] (USA)
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 |

--SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --

SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2004/01/01

04:20:36 | 00,000,000 | ---D | M]
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files/Folders - Modified Within 30 Days]
rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys -> [2009/12/23 15:44:09 | 00,707,072 | ---- | M] ()
dufubuga -> C:\WINDOWS\System32\dufubuga -> [2009/12/23 15:42:01 | 00,011,168 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job -> [2009/12/23 15:00:00 | 00,000,296 | ---- | M] ()
hosms -> C:\WINDOWS\System32\drivers\etc\hosms -> [2009/12/23 05:47:04 | 00,000,767 | ---- | M] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/12/23 04:43:00 | 05,505,024 | ---- | M] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/12/23 04:30:42 | 00,025,600 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/23 04:25:38 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/23 04:25:31 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/23 04:25:29 | 13,333,17632 | -HS- | M] ()
ntuser.ini -> C:\Documents and Settings\Eric\ntuser.ini -> [2009/12/22 17:08:49 | 00,000,178 | -HS- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/12/22 05:09:38 | 00,000,658 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/12/22 05:09:38 | 00,000,227 | ---- | M] ()
dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe -> [2009/12/20 11:35:58 | 00,002,098 | -HS- | M] ()
boot.ini -> C:\boot.ini -> [2009/12/20 07:53:15 | 00,000,211 | RHS- | M] ()
bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll -> [2009/12/20 07:15:09 | 00,000,000 | -HS- | M] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | M] ()
bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe -> [2009/12/19 20:34:54 | 00,002,098 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db -> [2009/12/18 17:07:10

| 03,285,992 | -H-- | M] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/18 14:00:17 | 00,000,000 | ---- | M] ()
21906.exe -> C:\WINDOWS\System32\21906.exe -> [2009/12/17 16:19:24 | 00,000,000 | ---- | M] ()
15724.exe -> C:\WINDOWS\System32\15724.exe -> [2009/12/17 15:41:33 | 00,000,000 | ---- | M] ()
19169.exe -> C:\WINDOWS\System32\19169.exe -> [2009/12/17 15:21:31 | 00,000,000 | ---- | M] ()
26500.exe -> C:\WINDOWS\System32\26500.exe -> [2009/12/17 15:01:30 | 00,000,000 | ---- | M] ()
6334.exe -> C:\WINDOWS\System32\6334.exe -> [2009/12/17 14:41:25 | 00,000,000 | ---- | M] ()
18467.exe -> C:\WINDOWS\System32\18467.exe -> [2009/12/17 14:21:00 | 00,000,000 | ---- | M] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/17 13:56:55 | 00,019,456 | ---- | M] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | M] ()
gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe -> [2009/12/16 13:55:27 | 00,002,098 | -HS- | M] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/16 07:00:24 | 00,000,061 | ---- | M] ()
711046.BAT -> C:\WINDOWS\System32\711046.BAT -> [2009/12/14 22:48:53 | 00,000,118 | ---- | M] ()
msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll -> [2009/12/14 22:48:49 | 00,032,768 | ---- | M] (USA)
wincode.dat -> C:\WINDOWS\System32\wincode.dat -> [2009/12/14 05:24:09 | 00,023,905 | ---- | M] ()
powrprof.dll -> C:\WINDOWS\System32\powrprof.dll -> [2009/12/14 05:24:09 | 00,021,504 | ---- | M] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/12/14 05:24:09 | 00,021,504 | ---- | M] (Microsoft Corporation)
krncode.dat -> C:\WINDOWS\System32\krncode.dat -> [2009/12/14 05:24:09 | 00,006,414 | ---- | M] ()
pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat -> [2009/12/14 05:24:09 | 00,001,617 | ---- | M] ()
nsysk.ini -> C:\WINDOWS\System32\nsysk.ini -> [2009/12/14 05:24:08 | 00,994,304 | ---- | M] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\System32\dllcache\kernel32.dll -> [2009/12/14 05:24:08 | 00,994,304 | ---- | M] (Microsoft

Corporation)
ntload.dll -> C:\Documents and Settings\Eric\ntload.dll -> [2009/12/14 05:24:08 | 00,029,696 | -HS- | M] (Microsoft)
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2009/12/14 05:24:08 | 00,000,000 | -HS- | M] ()
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft

Corporation)
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft Corporation)
shifld2.old -> C:\WINDOWS\System32\shifld2.old -> [2009/12/14 05:24:00 | 00,047,856 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/14 05:19:51 | 00,355,944 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/14 05:19:51 | 00,311,604 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/14 05:19:51 | 00,039,992 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/14 03:43:50 | 00,001,393 | ---- | M] ()
4827.exe -> C:\WINDOWS\System32\4827.exe -> [2009/12/12 17:32:07 | 00,000,000 | ---- | M] ()
11942.exe -> C:\WINDOWS\System32\11942.exe -> [2009/12/12 17:12:07 | 00,000,000 | ---- | M] ()
2995.exe -> C:\WINDOWS\System32\2995.exe -> [2009/12/12 16:52:06 | 00,000,000 | ---- | M] ()
491.exe -> C:\WINDOWS\System32\491.exe -> [2009/12/12 16:32:06 | 00,000,000 | ---- | M] ()
9961.exe -> C:\WINDOWS\System32\9961.exe -> [2009/12/12 16:12:06 | 00,000,000 | ---- | M] ()
16827.exe -> C:\WINDOWS\System32\16827.exe -> [2009/12/12 15:52:06 | 00,000,000 | ---- | M] ()
23281.exe -> C:\WINDOWS\System32\23281.exe -> [2009/12/12 15:32:06 | 00,000,000 | ---- | M] ()
28145.exe -> C:\WINDOWS\System32\28145.exe -> [2009/12/12 15:12:06 | 00,000,000 | ---- | M] ()
5705.exe -> C:\WINDOWS\System32\5705.exe -> [2009/12/12 14:52:06 | 00,000,000 | ---- | M] ()
24464.exe -> C:\WINDOWS\System32\24464.exe -> [2009/12/12 14:32:06 | 00,000,000 | ---- | M] ()
26962.exe -> C:\WINDOWS\System32\26962.exe -> [2009/12/12 14:12:06 | 00,000,000 | ---- | M] ()
29358.exe -> C:\WINDOWS\System32\29358.exe -> [2009/12/12 13:52:06 | 00,000,000 | ---- | M] ()
11478.exe -> C:\WINDOWS\System32\11478.exe -> [2009/12/12 13:32:06 | 00,000,000 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/12/12 11:25:48 | 00,000,049 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/11 15:09:55 | 00,001,158 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->

[2009/12/10 12:12:08 | 00,040,952 | ---- | M] ()
musosami.dll -> C:\WINDOWS\System32\musosami.dll -> [2009/12/10 08:31:57 | 00,002,098 | -HS- | M] ()
tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | M] ()
rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | M] ()
23811.exe -> C:\WINDOWS\System32\23811.exe -> [2009/12/10 08:18:23 | 00,000,000 | ---- | M] ()
28703.exe -> C:\WINDOWS\System32\28703.exe -> [2009/12/10 07:58:22 | 00,000,000 | ---- | M] ()
9894.exe -> C:\WINDOWS\System32\9894.exe -> [2009/12/10 07:38:21 | 00,000,000 | ---- | M] ()
17035.exe -> C:\WINDOWS\System32\17035.exe -> [2009/12/10 07:18:21 | 00,000,000 | ---- | M] ()
26299.exe -> C:\WINDOWS\System32\26299.exe -> [2009/12/10 06:58:20 | 00,000,000 | ---- | M] ()
25667.exe -> C:\WINDOWS\System32\25667.exe -> [2009/12/10 06:38:19 | 00,000,000 | ---- | M] ()
19912.exe -> C:\WINDOWS\System32\19912.exe -> [2009/12/10 06:18:18 | 00,000,000 | ---- | M] ()
1869.exe -> C:\WINDOWS\System32\1869.exe -> [2009/12/10 05:58:17 | 00,000,000 | ---- | M] ()
11538.exe -> C:\WINDOWS\System32\11538.exe -> [2009/12/10 05:38:17 | 00,000,000 | ---- | M] ()
14771.exe -> C:\WINDOWS\System32\14771.exe -> [2009/12/10 05:18:08 | 00,000,000 | ---- | M] ()
21726.exe -> C:\WINDOWS\System32\21726.exe -> [2009/12/10 04:58:07 | 00,000,000 | ---- | M] ()
5447.exe -> C:\WINDOWS\System32\5447.exe -> [2009/12/10 04:38:06 | 00,000,000 | ---- | M] ()
19895.exe -> C:\WINDOWS\System32\19895.exe -> [2009/12/10 04:18:00 | 00,000,000 | ---- | M] ()
19718.exe -> C:\WINDOWS\System32\19718.exe -> [2009/12/10 03:57:59 | 00,000,000 | ---- | M] ()
18716.exe -> C:\WINDOWS\System32\18716.exe -> [2009/12/10 03:37:57 | 00,000,000 | ---- | M] ()
17421.exe -> C:\WINDOWS\System32\17421.exe -> [2009/12/10 03:17:57 | 00,000,000 | ---- | M] ()
12382.exe -> C:\WINDOWS\System32\12382.exe -> [2009/12/10 02:57:54 | 00,000,000 | ---- | M] ()
292.exe -> C:\WINDOWS\System32\292.exe -> [2009/12/10 02:37:53 | 00,000,000 | ---- | M] ()
153.exe -> C:\WINDOWS\System32\153.exe -> [2009/12/10 02:17:52 | 00,000,000 | ---- | M] ()
3902.exe -> C:\WINDOWS\System32\3902.exe -> [2009/12/10 01:57:51 | 00,000,000 | ---- | M] ()
14604.exe -> C:\WINDOWS\System32\14604.exe -> [2009/12/10 01:37:51 | 00,000,000 | ---- | M] ()
32391.exe -> C:\WINDOWS\System32\32391.exe -> [2009/12/10 01:17:50 | 00,000,000 | ---- | M] ()
5436.exe -> C:\WINDOWS\System32\5436.exe -> [2009/12/10 00:57:45 | 00,000,000 | ---- | M] ()
siyizene.dll -> C:\WINDOWS\System32\siyizene.dll -> [2009/12/09 04:07:20 | 00,009,908 | -HS- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/08 18:25:03 | 00,153,176 | ---- | M] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:18:17 | 00,160,881 | ---- | M] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 |

00,001,018 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M]

(Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes

Corporation)
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | M] ()
leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe -> [2009/12/02 12:45:24 | 00,156,160 | ---- | M] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | M] ()
t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k -> [2009/11/30 00:15:28 | 00,008,823 | ---- | M] ()
t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k -> [2009/11/30 00:11:53 | 00,022,831 | ---- | M] ()
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
dnsapi.dll -> C:\WINDOWS\System32\dllcache\dnsapi.dll -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft

Corporation)
msynldks.dll -> C:\WINDOWS\System32\msynldks.dll -> [2009/11/28 00:17:09 | 00,032,768 | ---- | M] (USA)
pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools)
mylist.m3u -> C:\Documents and Settings\Eric\My Documents\mylist.m3u -> [2009/11/23 16:02:10 | 00,008,546 | ---- | M] ()
42 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
42 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local

Settings\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local

Settings\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local

Settings\Temp\*.tmp ->
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/22 05:21:42 | 13,333,17632 | -HS- | C] ()
dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job -> [2009/12/21 20:37:51 | 00,000,296 | ---- | C] ()
dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe -> [2009/12/20 11:35:58 | 00,002,098 | -HS- | C] ()
PCTAppEvent.cat -> C:\WINDOWS\System32\drivers\PCTAppEvent.cat -> [2009/12/20 08:15:31 | 00,007,412 | ---- | C] ()
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/12/20 08:15:31 | 00,007,383 | ---- | C] ()
pctgntdi.cat -> C:\WINDOWS\System32\drivers\pctgntdi.cat -> [2009/12/20 08:15:29 | 00,007,387 | ---- | C] ()
pctNdis-PacketFilter.cat -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat -> [2009/12/20 08:15:08 | 00,007,435 | --

-- | C] ()
pctNdis-DNS.cat -> C:\WINDOWS\System32\drivers\pctNdis-DNS.cat -> [2009/12/20 08:15:08 | 00,007,399 | ---- | C] ()
pctplfw.cat -> C:\WINDOWS\System32\drivers\pctplfw.cat -> [2009/12/20 08:15:05 | 00,007,383 | ---- | C] ()
bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll -> [2009/12/20 07:15:09 | 00,000,000 | -HS- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | C] ()
bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe -> [2009/12/19 20:34:54 | 00,002,098 | -HS- | C] ()
21906.exe -> C:\WINDOWS\System32\21906.exe -> [2009/12/17 16:19:24 | 00,000,000 | ---- | C] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | C] ()
gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe -> [2009/12/16 13:55:27 | 00,002,098 | -HS- | C] ()
rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys -> [2009/12/14 22:52:51 | 00,707,072 | ---- | C] ()
711046.BAT -> C:\WINDOWS\System32\711046.BAT -> [2009/12/14 22:48:53 | 00,000,118 | ---- | C] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/14 01:10:01 | 00,000,061 | ---- | C] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/10 11:08:52 | 00,019,456 | ---- | C] ()
musosami.dll -> C:\WINDOWS\System32\musosami.dll -> [2009/12/10 08:31:57 | 00,002,098 | -HS- | C] ()
tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | C] ()
rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | C] ()
23811.exe -> C:\WINDOWS\System32\23811.exe -> [2009/12/10 08:18:23 | 00,000,000 | ---- | C] ()
28703.exe -> C:\WINDOWS\System32\28703.exe -> [2009/12/10 07:58:22 | 00,000,000 | ---- | C] ()
9894.exe -> C:\WINDOWS\System32\9894.exe -> [2009/12/10 07:38:21 | 00,000,000 | ---- | C] ()
17035.exe -> C:\WINDOWS\System32\17035.exe -> [2009/12/10 07:18:21 | 00,000,000 | ---- | C] ()
26299.exe -> C:\WINDOWS\System32\26299.exe -> [2009/12/10 06:58:20 | 00,000,000 | ---- | C] ()
25667.exe -> C:\WINDOWS\System32\25667.exe -> [2009/12/10 06:38:19 | 00,000,000 | ---- | C] ()
19912.exe -> C:\WINDOWS\System32\19912.exe -> [2009/12/10 06:18:18 | 00,000,000 | ---- | C] ()
1869.exe -> C:\WINDOWS\System32\1869.exe -> [2009/12/10 05:58:17 | 00,000,000 | ---- | C] ()
11538.exe -> C:\WINDOWS\System32\11538.exe -> [2009/12/10 05:38:17 | 00,000,000 | ---- | C] ()
14771.exe -> C:\WINDOWS\System32\14771.exe -> [2009/12/10 05:18:08 | 00,000,000 | ---- | C] ()
21726.exe -> C:\WINDOWS\System32\21726.exe -> [2009/12/10 04:58:07 | 00,000,000 | ---- | C] ()
5447.exe -> C:\WINDOWS\System32\5447.exe -> [2009/12/10 04:38:06 | 00,000,000 | ---- | C] ()
19895.exe -> C:\WINDOWS\System32\19895.exe -> [2009/12/10 04:18:00 | 00,000,000 | ---- | C] ()
19718.exe -> C:\WINDOWS\System32\19718.exe -> [2009/12/10 03:57:59 | 00,000,000 | ---- | C] ()
18716.exe -> C:\WINDOWS\System32\18716.exe -> [2009/12/10 03:37:57 | 00,000,000 | ---- | C] ()
17421.exe -> C:\WINDOWS\System32\17421.exe -> [2009/12/10 03:17:57 | 00,000,000 | ---- | C] ()
12382.exe -> C:\WINDOWS\System32\12382.exe -> [2009/12/10 02:57:54 | 00,000,000 | ---- | C] ()
292.exe -> C:\WINDOWS\System32\292.exe -> [2009/12/10 02:37:53 | 00,000,000 | ---- | C] ()
153.exe -> C:\WINDOWS\System32\153.exe -> [2009/12/10 02:17:52 | 00,000,000 | ---- | C] ()
3902.exe -> C:\WINDOWS\System32\3902.exe -> [2009/12/10 01:57:51 | 00,000,000 | ---- | C] ()
14604.exe -> C:\WINDOWS\System32\14604.exe -> [2009/12/10 01:37:51 | 00,000,000 | ---- | C] ()
32391.exe -> C:\WINDOWS\System32\32391.exe -> [2009/12/10 01:17:50 | 00,000,000 | ---- | C] ()
5436.exe -> C:\WINDOWS\System32\5436.exe -> [2009/12/10 00:57:45 | 00,000,000 | ---- | C] ()
4827.exe -> C:\WINDOWS\System32\4827.exe -> [2009/12/10 00:37:45 | 00,000,000 | ---- | C] ()
11942.exe -> C:\WINDOWS\System32\11942.exe -> [2009/12/10 00:17:44 | 00,000,000 | ---- | C] ()
2995.exe -> C:\WINDOWS\System32\2995.exe -> [2009/12/09 23:57:43 | 00,000,000 | ---- | C] ()
491.exe -> C:\WINDOWS\System32\491.exe -> [2009/12/09 23:37:42 | 00,000,000 | ---- | C] ()
9961.exe -> C:\WINDOWS\System32\9961.exe -> [2009/12/09 23:17:35 | 00,000,000 | ---- | C] ()
16827.exe -> C:\WINDOWS\System32\16827.exe -> [2009/12/09 22:57:18 | 00,000,000 | ---- | C] ()
23281.exe -> C:\WINDOWS\System32\23281.exe -> [2009/12/09 22:37:14 | 00,000,000 | ---- | C] ()
28145.exe -> C:\WINDOWS\System32\28145.exe -> [2009/12/09 22:17:13 | 00,000,000 | ---- | C] ()
5705.exe -> C:\WINDOWS\System32\5705.exe -> [2009/12/09 21:57:13 | 00,000,000 | ---- | C] ()
24464.exe -> C:\WINDOWS\System32\24464.exe -> [2009/12/09 21:36:58 | 00,000,000 | ---- | C] ()
26962.exe -> C:\WINDOWS\System32\26962.exe -> [2009/12/09 21:16:56 | 00,000,000 | ---- | C] ()
29358.exe -> C:\WINDOWS\System32\29358.exe -> [2009/12/09 20:56:55 | 00,000,000 | ---- | C] ()
11478.exe -> C:\WINDOWS\System32\11478.exe -> [2009/12/09 20:36:54 | 00,000,000 | ---- | C] ()
15724.exe -> C:\WINDOWS\System32\15724.exe -> [2009/12/09 20:16:53 | 00,000,000 | ---- | C] ()
19169.exe -> C:\WINDOWS\System32\19169.exe -> [2009/12/09 19:56:52 | 00,000,000 | ---- | C] ()
26500.exe -> C:\WINDOWS\System32\26500.exe -> [2009/12/09 19:36:51 | 00,000,000 | ---- | C] ()
6334.exe -> C:\WINDOWS\System32\6334.exe -> [2009/12/09 19:16:46 | 00,000,000 | ---- | C] ()
18467.exe -> C:\WINDOWS\System32\18467.exe -> [2009/12/09 18:56:45 | 00,000,000 | ---- | C] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/09 18:36:38 | 00,000,000 | ---- | C] ()
winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe -> [2009/12/09 18:36:08 | 00,019,968 | -HS- | C] ()
siyizene.dll -> C:\WINDOWS\System32\siyizene.dll -> [2009/12/09 04:07:20 | 00,009,908 | -HS- | C] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 |

00,001,018 | ---- | C] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:07:54 | 00,160,881 | ---- | C] ()
hpomdl44.dat -> C:\WINDOWS\hpomdl44.dat -> [2009/12/04 09:07:53 | 00,000,586 | ---- | C] ()
hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/12/04 08:45:19 | 00,001,043 |

---- | C] ()
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | C] ()
leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe -> [2009/12/02 12:45:24 | 00,156,160 | ---- | C] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | C] ()
t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k -> [2009/11/30 00:15:25 | 00,008,823 | ---- | C] ()
t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k -> [2009/11/30 00:03:29 | 00,022,831 | ---- | C] ()
krncode.dat -> C:\WINDOWS\System32\krncode.dat -> [2009/11/28 01:23:17 | 00,006,414 | ---- | C] ()
wincode.dat -> C:\WINDOWS\System32\wincode.dat -> [2009/11/28 01:23:16 | 00,023,905 | ---- | C] ()
pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat -> [2009/11/28 01:23:16 | 00,001,617 | ---- | C] ()
shifld2.old -> C:\WINDOWS\System32\shifld2.old -> [2009/11/28 01:23:11 | 00,047,856 | ---- | C] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/11/28 00:04:17 | 00,025,600 | ---- | C] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/11/24 00:26:38 | 05,505,024 | ---- | C] ()
dukiwava.dll -> C:\WINDOWS\System32\dukiwava.dll -> [2009/09/20 23:36:20 | 00,039,424 | -HS- | C] ()
yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | C] ()
ladahawe.dll -> C:\WINDOWS\System32\ladahawe.dll -> [2009/09/20 23:35:56 | 00,061,952 | -HS- | C] ()
naruhogo.dll -> C:\WINDOWS\System32\naruhogo.dll -> [2009/09/17 13:56:27 | 00,045,568 | -HS- | C] ()
muwuhare.dll -> C:\WINDOWS\System32\muwuhare.dll -> [2009/09/17 13:56:04 | 00,039,424 | -HS- | C] ()
jesoyaru.dll -> C:\WINDOWS\System32\jesoyaru.dll -> [2009/09/17 01:56:01 | 00,039,424 | -HS- | C] ()
yijeyenu.dll -> C:\WINDOWS\System32\yijeyenu.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
kafiseri.dll -> C:\WINDOWS\System32\kafiseri.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
bahegope.dll -> C:\WINDOWS\System32\bahegope.dll -> [2009/09/15 05:49:47 | 00,053,248 | -HS- | C] ()
bozilajo.dll -> C:\WINDOWS\System32\bozilajo.dll -> [2009/09/15 05:49:33 | 00,045,568 | -HS- | C] ()
hofonike.dll -> C:\WINDOWS\System32\hofonike.dll -> [2009/09/15 05:49:08 | 00,039,424 | -HS- | C] ()
sayawoha.dll -> C:\WINDOWS\System32\sayawoha.dll -> [2009/09/11 17:24:07 | 00,045,568 | -HS- | C] ()
wopowupa.dll -> C:\WINDOWS\System32\wopowupa.dll -> [2009/09/11 17:24:06 | 00,039,424 | -HS- | C] ()
zivogima.dll -> C:\WINDOWS\System32\zivogima.dll -> [2009/09/10 08:34:33 | 00,039,424 | -HS- | C] ()
hipofahi.dll -> C:\WINDOWS\System32\hipofahi.dll -> [2009/09/10 08:12:00 | 00,000,003 | -HS- | C] ()
sirodave.dll -> C:\WINDOWS\System32\sirodave.dll -> [2009/09/10 08:11:59 | 00,000,003 | -HS- | C] ()
piyidaze.dll -> C:\WINDOWS\System32\piyidaze.dll -> [2009/09/10 08:11:59 | 00,000,003 | -HS- | C] ()
zehasipe.dll -> C:\WINDOWS\System32\zehasipe.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
tobigude.dll -> C:\WINDOWS\System32\tobigude.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
gopeyuye.dll -> C:\WINDOWS\System32\gopeyuye.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
navepolu.dll -> C:\WINDOWS\System32\navepolu.dll -> [2009/09/09 19:44:05 | 00,000,003 | -HS- | C] ()
lezarase.dll -> C:\WINDOWS\System32\lezarase.dll -> [2009/09/09 19:44:05 | 00,000,003 | -HS- | C] ()
jonesuke.dll -> C:\WINDOWS\System32\jonesuke.dll -> [2009/09/09 19:21:18 | 00,000,003 | -HS- | C] ()
fejawoza.dll -> C:\WINDOWS\System32\fejawoza.dll -> [2009/09/09 19:21:18 | 00,000,003 | -HS- | C] ()
nisamuva.dll -> C:\WINDOWS\System32\nisamuva.dll -> [2009/09/09 19:21:17 | 00,000,003 | -HS- | C] ()
lubosuve.dll -> C:\WINDOWS\System32\lubosuve.dll -> [2009/09/09 19:21:17 | 00,000,003 | -HS- | C] ()
dobiyide.dll -> C:\WINDOWS\System32\dobiyide.dll -> [2009/09/09 18:58:41 | 00,000,003 | -HS- | C] ()
zinozobu.dll -> C:\WINDOWS\System32\zinozobu.dll -> [2009/09/09 18:58:40 | 00,000,003 | -HS- | C] ()
yafilore.dll -> C:\WINDOWS\System32\yafilore.dll -> [2009/09/09 18:58:40 | 00,000,003 | -HS- | C] ()
jivesiye.dll -> C:\WINDOWS\System32\jivesiye.dll -> [2009/09/09 18:36:03 | 00,000,003 | -HS- | C] ()
guyeroso.dll -> C:\WINDOWS\System32\guyeroso.dll -> [2009/09/09 18:36:03 | 00,000,003 | -HS- | C] ()
yademejo.dll -> C:\WINDOWS\System32\yademejo.dll -> [2009/09/09 18:35:57 | 00,000,003 | -HS- | C] ()
pilabuma.dll -> C:\WINDOWS\System32\pilabuma.dll -> [2009/09/09 18:35:57 | 00,000,003 | -HS- | C] ()
bidapoyi.dll -> C:\WINDOWS\System32\bidapoyi.dll -> [2009/09/09 18:13:13 | 00,000,003 | -HS- | C] ()
yuteraji.dll -> C:\WINDOWS\System32\yuteraji.dll -> [2009/09/09 18:13:12 | 00,000,003 | -HS- | C] ()
lutehibe.dll -> C:\WINDOWS\System32\lutehibe.dll -> [2009/09/09 18:13:11 | 00,000,003 | -HS- | C] ()
GMudSVgw.INI -> C:\WINDOWS\GMudSVgw.INI -> [2007/09/25 22:31:52 | 00,000,876 | ---- | C] ()
ALBUM.INI -> C:\WINDOWS\ALBUM.INI -> [2006/12/07 17:28:03 | 00,000,086 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2006/12/02 15:37:38 | 00,363,520 | ---- | C] ()
DC2110a.ini -> C:\WINDOWS\DC2110a.ini -> [2006/11/27 16:06:06 | 00,000,321 | R--- | C] ()
dcccp106.dll -> C:\WINDOWS\System32\dcccp106.dll -> [2006/11/27 16:06:05 | 00,061,440 | R--- | C] ()
cccp106.ini -> C:\WINDOWS\cccp106.ini -> [2006/11/27 16:06:05 | 00,015,542 | R--- | C] ()
vcccp106.dll -> C:\WINDOWS\System32\vcccp106.dll -> [2006/11/27 16:06:04 | 00,045,056 | R--- | C] ()
cccp106.sys -> C:\WINDOWS\System32\drivers\cccp106.sys -> [2006/11/27 16:06:03 | 00,227,200 | R--- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2006/11/11 22:01:59 | 00,000,029 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2006/11/11 20:13:22 | 00,000,049 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/11/11 16:31:39 | 00,000,002 | ---- | C] ()
DIV_IYUV.DLL -> C:\WINDOWS\DIV_IYUV.DLL -> [2006/11/11 16:27:34 | 00,032,768 | ---- | C] ()
JPGL.DLL -> C:\WINDOWS\JPGL.DLL -> [2006/11/11 16:27:33 | 00,036,864 | ---- | C] ()
videoimp.ini -> C:\WINDOWS\videoimp.ini -> [2006/11/11 16:26:37 | 00,000,746 | ---- | C] ()
vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/11/11 16:26:20 | 00,010,240 | ---- | C] ()
IECodecPlg.dll -> C:\WINDOWS\IECodecPlg.dll -> [2005/12/01 17:39:22 | 00,113,152 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2004/12/19 07:29:40 | 00,106,496 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2004/12/19 07:17:10 | 00,614,400 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/01/03 21:00:49 | 00,000,061 | ---- | C] ()
winamp.ini -> C:\WINDOWS\winamp.ini -> [2004/01/01 05:46:42 | 00,000,132 | ---- | C] ()
net2fone.ini -> C:\WINDOWS\net2fone.ini -> [2004/01/01 05:46:08 | 00,000,310 | ---- | C] ()
avrack.ini -> C:\WINDOWS\avrack.ini -> [2004/01/01 04:55:12 | 00,000,164 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/01/01 03:06:58 | 00,001,094 | ---- | C] ()
emver.ini -> C:\WINDOWS\System32\emver.ini -> [2004/01/01 03:06:58 | 00,000,467 | ---- | C] ()
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2004/01/01 03:06:26 | 00,000,000 | -HS- | C] ()
FInstall.sys -> C:\WINDOWS\System32\FInstall.sys -> [2003/03/31 06:00:00 | 00,000,004 | ---- | C] ()
OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 12:42:56 | 00,237,568 | ---- | C] ()
VorbisEnc.dll -> C:\WINDOWS\System32\VorbisEnc.dll -> [2002/10/04 17:04:24 | 00,921,600 | ---- | C] ()
vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/10/04 17:04:24 | 00,188,416 | ---- | C] ()
ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/10/04 17:04:16 | 00,045,056 | ---- | C] ()
mp4fil32.dll -> C:\WINDOWS\System32\mp4fil32.dll -> [2002/05/15 17:38:40 | 00,091,136 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 2956 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >
[/code]

blackdra
2009-12-24, 03:19
computer is to a dirty hooker as stds are computer viruses....... damn that mean were fighting computer herpes ... you think its gone but it comes right back

peku006
2009-12-24, 11:23
Hi blackdra

you missed this :Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Turn Off WordWrap

Click Start
All Programs
Accessories
Notepad
On the menu bar in Notepad select Format
Click on WordWrap so it appears unchecked

With that done, please post OTS log again

Thanks peku006

blackdra
2009-12-24, 12:27
my bad

[code]
OTS logfile created on: 12/23/2009 3:42:34 PM - Run 1
OTS by OldTimer - Version 3.1.12.0 Folder = c:\documents and settings\eric\desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 89.60 Gb Free Space | 80.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKSILVER
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
bartshel.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\BartShel.exe -> [2005/06/13 13:55:37 | 00,150,016 | ---- | M] (PeoplePC)
ppshared.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\PPShared.exe -> [2005/06/13 13:55:37 | 00,092,672 | ---- | M] (PeoplePC)
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
ctsvccda.exe -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)

[Modules - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
fepabavi.dll -> C:\WINDOWS\system32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | M] ()
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -> [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(fastnetsrv) fastnetsrv Service [Disabled | Stopped] -> -> File not found
(SPService) SPService [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL -> [2009/12/10 10:59:19 | 00,057,856 | ---- | M] ()
(PCToolsFirewallPlus) PC Tools Firewall Plus [Auto | Stopped] -> C:\Program Files\PC Tools Firewall Plus\FWService.exe -> [2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2009/05/21 22:13:36 | 00,248,832 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2009/05/21 22:03:06 | 00,133,120 | ---- | M] (Hewlett-Packard Co.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/12/03 20:05:42 | 00,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/12/03 20:05:32 | 00,044,544 | ---- | M] (Hewlett-Packard)
(Viewpoint Manager Service) Viewpoint Manager Service [Disabled | Stopped] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running] -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)

[Driver Services - Safe List]
(pctNDIS) PC Tools Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis.sys -> [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools)
(PCTAppEvent) PCTAppEvent Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PCTAppEvent.sys -> [2009/11/23 13:54:20 | 00,088,040 | ---- | M] (PC Tools)
(PCTFW-PacketFilter) PCTools Firewall - Packet filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -> [2009/11/10 17:11:36 | 00,070,408 | ---- | M] (PC Tools)
(pctgntdi) pctgntdi [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pctgntdi.sys -> [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools)
(pctplfw) pctplfw [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pctplfw.sys -> [2009/10/16 16:55:00 | 00,115,216 | ---- | M] (PC Tools)
(PCTFW-DNS) PCTools Firewall - DNS driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -> [2009/08/14 13:44:18 | 00,032,552 | ---- | M] (PC Tools)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2009/04/28 14:20:06 | 00,044,944 | ---- | M] (Sonic Solutions)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2008/10/28 04:27:07 | 00,049,920 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2008/10/28 04:27:07 | 00,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2008/10/28 04:27:07 | 00,016,496 | R--- | M] (HP)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rtl8139.sys -> [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(SunkFilt39) Alcor Micro Corp - 3239 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Sunkfilt39.sys -> [2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.)
(SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys -> [2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmsbw.sys -> [2004/01/29 20:13:06 | 00,122,110 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmnt5.sys -> [2004/01/29 20:13:06 | 00,095,579 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmkchw.sys -> [2004/01/29 20:13:04 | 00,099,002 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2004/01/16 15:21:48 | 00,012,970 | ---- | M] (Conexant)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\asctrm.sys -> [2004/01/01 05:38:00 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/13 19:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/13 19:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/08/21 02:31:52 | 00,462,940 | ---- | M] (Realtek Semiconductor Corp.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2003/08/14 09:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Rtlnic51.sys -> [2003/08/13 01:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation )
(CCCP106) CIF USB Camera (2110A) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\cccp106.sys -> [2003/04/28 05:03:36 | 00,227,200 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2001/09/27 13:00:26 | 00,028,396 | ---- | M] (America Online, Inc.)
(USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbio.sys -> [2001/05/07 04:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: SearchURL\\"provider" -> live ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyEnable" -> 1 ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyServer" -> localhost:8080 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Eric\Application Data\Mozilla\FireFox\Profiles\5f6awe7z.default\prefs.js ->
browser.search.defaultenginename -> "Bing" ->
browser.search.defaulturl -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Yu-Gi-Oh! (en)" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.deviantart.com/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 ->
extensions.enabledItems -> {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> smartwebprinting@hp.com:4.5 ->
extensions.enabledItems -> {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 ->
extensions.enabledItems -> {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2 ->
extensions.enabledItems -> {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
keyword.URL -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
network.proxy.ftp -> "proxy_sever" ->
network.proxy.ftp_port -> 8080 ->
network.proxy.gopher -> "proxy_sever" ->
network.proxy.gopher_port -> 8080 ->
network.proxy.http -> "proxy_sever" ->
network.proxy.http_port -> 8080 ->
network.proxy.socks -> "proxy_sever" ->
network.proxy.socks_port -> 8080 ->
network.proxy.ssl -> "proxy_sever" ->
network.proxy.ssl_port -> 8080 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\CompuServe 7.0\Extensions -> ->
HKLM\software\mozilla\CompuServe 7.0\Extensions\\ -> ->
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2009/12/04 09:14:58 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions -> [2008/06/18 07:09:46 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions -> [2009/12/23 04:57:58 | 00,000,000 | ---D | M]
ChatZilla -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/12/13 19:53:31 | 00,000,000 | ---D | M]
MidnightFox -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} -> [2009/06/25 05:12:29 | 00,000,000 | ---D | M]
Aquatint Black Gloss -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} -> [2008/10/16 16:17:32 | 00,000,000 | ---D | M]
Aluminium Kai 2 -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c} -> [2008/05/21 19:22:55 | 00,000,000 | ---D | M]
PitchDark -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2009/07/10 07:53:06 | 00,000,000 | ---D | M]
Web Developer -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} -> [2009/07/10 07:53:11 | 00,000,000 | ---D | M]
Adblock Plus -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/12/13 19:53:32 | 00,000,000 | ---D | M]
Download Statusbar -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/05/14 07:01:09 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
bulbapedia-en.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\bulbapedia-en.xml -> [2009/02/17 05:59:40 | 00,001,431 | ---- | M] ()
smogon.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\smogon.xml -> [2008/11/20 06:55:13 | 00,002,321 | ---- | M] ()
yu-gi-oh-en.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\yu-gi-oh-en.xml -> [2009/08/03 01:06:46 | 00,002,303 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/23 04:57:58 | 00,000,000 | ---D | M]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D424EDA1-E01F-45d6-AC89-9425DE6E710A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"00PCTFW" -> C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools)
"nejepidof" -> C:\WINDOWS\System32\yobiseha.DLL [Rundll32.exe "c:\windows\system32\yobiseha.dll",a] -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
< Run [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Anne Startup Folder > -> C:\Documents and Settings\Anne\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup ->
< Janet Startup Folder > -> C:\Documents and Settings\Janet\Start Menu\Programs\Startup ->
< Shawn Startup Folder > -> C:\Documents and Settings\Shawn\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> c:\Program Files\aim\aim.exe [Button: AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
.[msn] -> My Computer ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | M] ()
c:\windows\system32\yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/01/29 20:13:24 | 00,323,584 | ---- | M] (Intel Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [rehirodup] -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [mujuzedij] -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 19:58:14 | 00,413,496 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 06:22:32 | 00,016,896 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 06:22:36 | 01,762,816 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 20:38:10 | 00,626,488 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 20:38:10 | 00,768,312 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2009/05/21 18:22:54 | 00,354,616 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 06:22:30 | 00,277,504 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 21:46:36 | 00,168,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 22:13:36 | 00,275,768 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 20:09:24 | 01,131,832 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 20:09:24 | 01,049,400 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 21:54:18 | 00,024,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 18:04:58 | 00,689,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe" -> C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe [C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe:*:Enabled:mIRC] -> [2003/06/01 21:40:46 | 01,790,464 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\aim\aim.exe" -> C:\Program Files\aim\aim.exe [C:\Program Files\aim\aim.exe:*:Enabled:AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 19:58:14 | 00,413,496 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:googletalk] -> [2007/01/01 15:22:02 | 03,739,648 | ---- | M] (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 06:22:32 | 00,016,896 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 06:22:36 | 01,762,816 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 20:38:10 | 00,626,488 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 20:38:10 | 00,768,312 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2009/05/21 18:22:54 | 00,354,616 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 06:22:30 | 00,277,504 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 21:46:36 | 00,168,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 22:13:36 | 00,275,768 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 20:09:24 | 01,131,832 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 20:09:24 | 01,049,400 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 21:54:18 | 00,024,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 18:04:58 | 00,689,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\InternetSecurity2010\IS2010.exe" -> C:\Program Files\InternetSecurity2010\IS2010.exe [C:\Program Files\InternetSecurity2010\IS2010.exe:*:Enabled:is2010] -> File not found
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2009/12/16 09:37:36 | 00,307,672 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe" -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe [C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:MSN Explorer] -> [2003/03/31 06:00:00 | 00,094,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Paltalk Messenger\paltalk.exe" -> C:\Program Files\Paltalk Messenger\paltalk.exe [C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene] -> File not found
"C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe" -> C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe [C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe:*:Enabled:ppcolink] -> [2005/06/13 13:55:37 | 00,020,480 | ---- | M] (PeoplePC)
"C:\Program Files\Pidgin\pidgin.exe" -> C:\Program Files\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2009/08/19 09:03:42 | 00,045,603 | ---- | M] (The Pidgin developer community)
"C:\Program Files\PurePlay\Poker\PurePlayPoker.exe" -> C:\Program Files\PurePlay\Poker\PurePlayPoker.exe [C:\Program Files\PurePlay\Poker\PurePlayPoker.exe:*:Enabled:PurePlay Poker] -> [2007/08/24 14:16:46 | 01,036,288 | ---- | M] (CyberArts Licensing LLC)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:spybotsd] -> [2009/01/26 15:31:12 | 05,365,592 | RHS- | M] (Safer Networking Limited)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe:*:Enabled:msconfig] -> [2004/08/04 00:56:54 | 00,158,208 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\lsm32.sys" -> C:\WINDOWS\System32\lsm32.sys [C:\WINDOWS\system32\lsm32.sys:*:Enabled:lsm32] -> File not found
"C:\WINDOWS\Temp\cmd.exe" -> C:\WINDOWS\Temp\cmd.exe [C:\WINDOWS\Temp\cmd.exe:*:Enabled:cmd] -> File not found
"C:\WINDOWS\Temp\spoolsv.exe" -> C:\WINDOWS\Temp\spoolsv.exe [C:\WINDOWS\Temp\spoolsv.exe:*:Enabled:spoolsv] -> File not found
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/01/01 04:18:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:39:08 | 00,598,528 | ---- | C] (OldTimer Tools)
32788R22FWJFW -> C:\32788R22FWJFW -> [2009/12/23 04:44:33 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/22 06:59:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/22 06:59:40 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/22 06:59:40 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Eric\Application Data\Malwarebytes -> [2009/12/22 06:56:22 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/22 06:56:14 | 00,000,000 | ---D | C]
computer fix -> C:\Documents and Settings\Eric\Desktop\computer fix -> [2009/12/22 06:48:07 | 00,000,000 | ---D | C]
32788R22FWJFW(2) -> C:\32788R22FWJFW(2) -> [2009/12/22 05:10:14 | 00,000,000 | ---D | C]
PCToolsFirewallPlus -> C:\Documents and Settings\Eric\Application Data\PCToolsFirewallPlus -> [2009/12/20 08:16:51 | 00,000,000 | ---D | C]
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/12/20 08:15:31 | 00,207,792 | ---- | C] (PC Tools)
PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/12/20 08:15:31 | 00,088,040 | ---- | C] (PC Tools)
pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/12/20 08:15:29 | 00,233,136 | ---- | C] (PC Tools)
pctNdis-PacketFilter.sys -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys -> [2009/12/20 08:15:08 | 00,070,408 | ---- | C] (PC Tools)
pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/12/20 08:15:08 | 00,056,512 | ---- | C] (PC Tools)
pctNdis-DNS.sys -> C:\WINDOWS\System32\drivers\pctNdis-DNS.sys -> [2009/12/20 08:15:08 | 00,032,552 | ---- | C] (PC Tools)
PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/12/20 08:15:08 | 00,000,000 | ---D | C]
pctplfw.sys -> C:\WINDOWS\System32\drivers\pctplfw.sys -> [2009/12/20 08:15:05 | 00,115,216 | ---- | C] (PC Tools)
PC Tools Firewall Plus -> C:\Program Files\PC Tools Firewall Plus -> [2009/12/20 08:15:03 | 00,000,000 | ---D | C]
cock -> C:\WINDOWS\System32\cock -> [2009/12/15 16:55:44 | 00,000,000 | ---D | C]
msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll -> [2009/12/14 22:48:49 | 00,032,768 | ---- | C] (USA)
AdobeUM -> C:\Documents and Settings\LocalService\Application Data\AdobeUM -> [2009/12/14 20:28:17 | 00,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2009/12/14 20:28:17 | 00,000,000 | ---D | M]
MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2009/12/14 03:02:47 | 00,000,000 | ---D | C]
PIF -> C:\WINDOWS\PIF -> [2009/12/13 10:54:39 | 00,000,000 | -H-D | C]
.clamwin -> C:\Documents and Settings\Eric\Application Data\.clamwin -> [2009/12/11 23:42:17 | 00,000,000 | ---D | C]
.clamwin -> C:\Documents and Settings\All Users\.clamwin -> [2009/12/11 23:41:39 | 00,000,000 | ---D | C]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/12/11 15:30:36 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/12/11 15:27:04 | 00,000,000 | ---D | C]
lowsec -> C:\WINDOWS\System32\lowsec -> [2009/12/09 05:06:02 | 00,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/12/04 22:20:57 | 00,000,000 | ---D | M]
HPAppData -> C:\Documents and Settings\Eric\Application Data\HPAppData -> [2009/12/04 16:06:23 | 00,000,000 | ---D | C]
WEBREG -> C:\Documents and Settings\All Users\Application Data\WEBREG -> [2009/12/04 09:18:29 | 00,000,000 | ---D | C]
HPZipr12.sys -> C:\WINDOWS\System32\drivers\HPZipr12.sys -> [2009/12/04 09:17:00 | 00,016,496 | R--- | C] (HP)
HPZid412.sys -> C:\WINDOWS\System32\drivers\HPZid412.sys -> [2009/12/04 09:16:58 | 00,049,920 | R--- | C] (HP)
hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2009/12/04 09:16:33 | 00,452,408 | R--- | C] (Hewlett-Packard)
hpf3l70v.dll -> C:\WINDOWS\System32\hpf3l70v.dll -> [2009/12/04 09:16:33 | 00,123,904 | ---- | C] (Hewlett-Packard Company)
HPZius12.sys -> C:\WINDOWS\System32\drivers\HPZius12.sys -> [2009/12/04 09:16:24 | 00,021,568 | R--- | C] (HP)
hposwia_d02c.dll -> C:\WINDOWS\System32\hposwia_d02c.dll -> [2009/12/04 09:16:07 | 00,712,704 | R--- | C] (Hewlett-Packard)
hpost_d02c.dll -> C:\WINDOWS\System32\hpost_d02c.dll -> [2009/12/04 09:16:07 | 00,589,824 | R--- | C] (Hewlett-Packard Co.)
hppldcoi.dll -> C:\WINDOWS\System32\hppldcoi.dll -> [2009/12/04 09:16:07 | 00,372,736 | R--- | C] (Hewlett-Packard)
hposc_d02a.dll -> C:\WINDOWS\System32\hposc_d02a.dll -> [2009/12/04 09:16:07 | 00,315,392 | R--- | C] (Hewlett-Packard Co.)
difxapi.dll -> C:\WINDOWS\System32\difxapi.dll -> [2009/12/04 09:16:07 | 00,309,760 | R--- | C] (Microsoft Corporation)
HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2009/12/04 09:13:17 | 00,000,000 | ---D | C]
HP -> C:\Program Files\Common Files\HP -> [2009/12/04 09:11:53 | 00,000,000 | ---D | C]
Hewlett-Packard -> C:\Program Files\Common Files\Hewlett-Packard -> [2009/12/04 09:11:25 | 00,000,000 | ---D | C]
HP -> C:\Documents and Settings\All Users\Application Data\HP -> [2009/12/04 09:11:10 | 00,000,000 | ---D | C]
HP -> C:\Program Files\HP -> [2009/12/04 09:10:05 | 00,000,000 | ---D | C]
usbscan.sys -> C:\WINDOWS\System32\dllcache\usbscan.sys -> [2009/12/04 08:48:27 | 00,015,104 | ---- | C] (Microsoft Corporation)
usbprint.sys -> C:\WINDOWS\System32\dllcache\usbprint.sys -> [2009/12/04 08:48:24 | 00,025,856 | ---- | C] (Microsoft Corporation)
pss -> C:\WINDOWS\pss -> [2009/12/02 14:33:53 | 00,000,000 | ---D | C]
xmldm -> C:\WINDOWS\System32\xmldm -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
UAs -> C:\WINDOWS\System32\UAs -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2009/11/29 01:14:34 | 00,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2009/11/29 00:24:21 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/29 00:04:44 | 00,000,000 | ---D | M]
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | C] (Microsoft Corporation)
nsysk.ini -> C:\WINDOWS\System32\nsysk.ini -> [2009/11/28 01:23:16 | 00,994,304 | ---- | C] (Microsoft Corporation)
olsysk.dat -> C:\WINDOWS\System32\olsysk.dat -> [2009/11/28 01:23:16 | 00,986,112 | ---- | C] (Microsoft Corporation)
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/11/28 01:23:16 | 00,670,208 | ---- | C] (Microsoft Corporation)
olsysw.dat -> C:\WINDOWS\System32\olsysw.dat -> [2009/11/28 01:23:16 | 00,662,016 | ---- | C] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/11/28 01:23:16 | 00,021,504 | ---- | C] (Microsoft Corporation)
olsysp.dat -> C:\WINDOWS\System32\olsysp.dat -> [2009/11/28 01:23:16 | 00,017,408 | ---- | C] (Microsoft Corporation)
msynldks.dll -> C:\WINDOWS\System32\msynldks.dll -> [2009/11/28 00:17:09 | 00,032,768 | ---- | C] (USA)
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | ---D | M]
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

blackdra
2009-12-24, 12:29
[Files/Folders - Modified Within 30 Days]
rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys -> [2009/12/23 15:44:09 | 00,707,072 | ---- | M] ()
dufubuga -> C:\WINDOWS\System32\dufubuga -> [2009/12/23 15:42:01 | 00,011,168 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job -> [2009/12/23 15:00:00 | 00,000,296 | ---- | M] ()
hosms -> C:\WINDOWS\System32\drivers\etc\hosms -> [2009/12/23 05:47:04 | 00,000,767 | ---- | M] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/12/23 04:43:00 | 05,505,024 | ---- | M] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/12/23 04:30:42 | 00,025,600 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/23 04:25:38 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/23 04:25:31 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/23 04:25:29 | 13,333,17632 | -HS- | M] ()
ntuser.ini -> C:\Documents and Settings\Eric\ntuser.ini -> [2009/12/22 17:08:49 | 00,000,178 | -HS- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/12/22 05:09:38 | 00,000,658 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/12/22 05:09:38 | 00,000,227 | ---- | M] ()
dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe -> [2009/12/20 11:35:58 | 00,002,098 | -HS- | M] ()
boot.ini -> C:\boot.ini -> [2009/12/20 07:53:15 | 00,000,211 | RHS- | M] ()
bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll -> [2009/12/20 07:15:09 | 00,000,000 | -HS- | M] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | M] ()
bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe -> [2009/12/19 20:34:54 | 00,002,098 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db -> [2009/12/18 17:07:10 | 03,285,992 | -H-- | M] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/18 14:00:17 | 00,000,000 | ---- | M] ()
21906.exe -> C:\WINDOWS\System32\21906.exe -> [2009/12/17 16:19:24 | 00,000,000 | ---- | M] ()
15724.exe -> C:\WINDOWS\System32\15724.exe -> [2009/12/17 15:41:33 | 00,000,000 | ---- | M] ()
19169.exe -> C:\WINDOWS\System32\19169.exe -> [2009/12/17 15:21:31 | 00,000,000 | ---- | M] ()
26500.exe -> C:\WINDOWS\System32\26500.exe -> [2009/12/17 15:01:30 | 00,000,000 | ---- | M] ()
6334.exe -> C:\WINDOWS\System32\6334.exe -> [2009/12/17 14:41:25 | 00,000,000 | ---- | M] ()
18467.exe -> C:\WINDOWS\System32\18467.exe -> [2009/12/17 14:21:00 | 00,000,000 | ---- | M] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/17 13:56:55 | 00,019,456 | ---- | M] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | M] ()
gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe -> [2009/12/16 13:55:27 | 00,002,098 | -HS- | M] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/16 07:00:24 | 00,000,061 | ---- | M] ()
711046.BAT -> C:\WINDOWS\System32\711046.BAT -> [2009/12/14 22:48:53 | 00,000,118 | ---- | M] ()
msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll -> [2009/12/14 22:48:49 | 00,032,768 | ---- | M] (USA)
wincode.dat -> C:\WINDOWS\System32\wincode.dat -> [2009/12/14 05:24:09 | 00,023,905 | ---- | M] ()
powrprof.dll -> C:\WINDOWS\System32\powrprof.dll -> [2009/12/14 05:24:09 | 00,021,504 | ---- | M] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/12/14 05:24:09 | 00,021,504 | ---- | M] (Microsoft Corporation)
krncode.dat -> C:\WINDOWS\System32\krncode.dat -> [2009/12/14 05:24:09 | 00,006,414 | ---- | M] ()
pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat -> [2009/12/14 05:24:09 | 00,001,617 | ---- | M] ()
nsysk.ini -> C:\WINDOWS\System32\nsysk.ini -> [2009/12/14 05:24:08 | 00,994,304 | ---- | M] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\System32\dllcache\kernel32.dll -> [2009/12/14 05:24:08 | 00,994,304 | ---- | M] (Microsoft Corporation)
ntload.dll -> C:\Documents and Settings\Eric\ntload.dll -> [2009/12/14 05:24:08 | 00,029,696 | -HS- | M] (Microsoft)
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2009/12/14 05:24:08 | 00,000,000 | -HS- | M] ()
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft Corporation)
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft Corporation)
shifld2.old -> C:\WINDOWS\System32\shifld2.old -> [2009/12/14 05:24:00 | 00,047,856 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/14 05:19:51 | 00,355,944 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/14 05:19:51 | 00,311,604 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/14 05:19:51 | 00,039,992 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/14 03:43:50 | 00,001,393 | ---- | M] ()
4827.exe -> C:\WINDOWS\System32\4827.exe -> [2009/12/12 17:32:07 | 00,000,000 | ---- | M] ()
11942.exe -> C:\WINDOWS\System32\11942.exe -> [2009/12/12 17:12:07 | 00,000,000 | ---- | M] ()
2995.exe -> C:\WINDOWS\System32\2995.exe -> [2009/12/12 16:52:06 | 00,000,000 | ---- | M] ()
491.exe -> C:\WINDOWS\System32\491.exe -> [2009/12/12 16:32:06 | 00,000,000 | ---- | M] ()
9961.exe -> C:\WINDOWS\System32\9961.exe -> [2009/12/12 16:12:06 | 00,000,000 | ---- | M] ()
16827.exe -> C:\WINDOWS\System32\16827.exe -> [2009/12/12 15:52:06 | 00,000,000 | ---- | M] ()
23281.exe -> C:\WINDOWS\System32\23281.exe -> [2009/12/12 15:32:06 | 00,000,000 | ---- | M] ()
28145.exe -> C:\WINDOWS\System32\28145.exe -> [2009/12/12 15:12:06 | 00,000,000 | ---- | M] ()
5705.exe -> C:\WINDOWS\System32\5705.exe -> [2009/12/12 14:52:06 | 00,000,000 | ---- | M] ()
24464.exe -> C:\WINDOWS\System32\24464.exe -> [2009/12/12 14:32:06 | 00,000,000 | ---- | M] ()
26962.exe -> C:\WINDOWS\System32\26962.exe -> [2009/12/12 14:12:06 | 00,000,000 | ---- | M] ()
29358.exe -> C:\WINDOWS\System32\29358.exe -> [2009/12/12 13:52:06 | 00,000,000 | ---- | M] ()
11478.exe -> C:\WINDOWS\System32\11478.exe -> [2009/12/12 13:32:06 | 00,000,000 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/12/12 11:25:48 | 00,000,049 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/11 15:09:55 | 00,001,158 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/12/10 12:12:08 | 00,040,952 | ---- | M] ()
musosami.dll -> C:\WINDOWS\System32\musosami.dll -> [2009/12/10 08:31:57 | 00,002,098 | -HS- | M] ()
tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | M] ()
rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | M] ()
23811.exe -> C:\WINDOWS\System32\23811.exe -> [2009/12/10 08:18:23 | 00,000,000 | ---- | M] ()
28703.exe -> C:\WINDOWS\System32\28703.exe -> [2009/12/10 07:58:22 | 00,000,000 | ---- | M] ()
9894.exe -> C:\WINDOWS\System32\9894.exe -> [2009/12/10 07:38:21 | 00,000,000 | ---- | M] ()
17035.exe -> C:\WINDOWS\System32\17035.exe -> [2009/12/10 07:18:21 | 00,000,000 | ---- | M] ()
26299.exe -> C:\WINDOWS\System32\26299.exe -> [2009/12/10 06:58:20 | 00,000,000 | ---- | M] ()
25667.exe -> C:\WINDOWS\System32\25667.exe -> [2009/12/10 06:38:19 | 00,000,000 | ---- | M] ()
19912.exe -> C:\WINDOWS\System32\19912.exe -> [2009/12/10 06:18:18 | 00,000,000 | ---- | M] ()
1869.exe -> C:\WINDOWS\System32\1869.exe -> [2009/12/10 05:58:17 | 00,000,000 | ---- | M] ()
11538.exe -> C:\WINDOWS\System32\11538.exe -> [2009/12/10 05:38:17 | 00,000,000 | ---- | M] ()
14771.exe -> C:\WINDOWS\System32\14771.exe -> [2009/12/10 05:18:08 | 00,000,000 | ---- | M] ()
21726.exe -> C:\WINDOWS\System32\21726.exe -> [2009/12/10 04:58:07 | 00,000,000 | ---- | M] ()
5447.exe -> C:\WINDOWS\System32\5447.exe -> [2009/12/10 04:38:06 | 00,000,000 | ---- | M] ()
19895.exe -> C:\WINDOWS\System32\19895.exe -> [2009/12/10 04:18:00 | 00,000,000 | ---- | M] ()
19718.exe -> C:\WINDOWS\System32\19718.exe -> [2009/12/10 03:57:59 | 00,000,000 | ---- | M] ()
18716.exe -> C:\WINDOWS\System32\18716.exe -> [2009/12/10 03:37:57 | 00,000,000 | ---- | M] ()
17421.exe -> C:\WINDOWS\System32\17421.exe -> [2009/12/10 03:17:57 | 00,000,000 | ---- | M] ()
12382.exe -> C:\WINDOWS\System32\12382.exe -> [2009/12/10 02:57:54 | 00,000,000 | ---- | M] ()
292.exe -> C:\WINDOWS\System32\292.exe -> [2009/12/10 02:37:53 | 00,000,000 | ---- | M] ()
153.exe -> C:\WINDOWS\System32\153.exe -> [2009/12/10 02:17:52 | 00,000,000 | ---- | M] ()
3902.exe -> C:\WINDOWS\System32\3902.exe -> [2009/12/10 01:57:51 | 00,000,000 | ---- | M] ()
14604.exe -> C:\WINDOWS\System32\14604.exe -> [2009/12/10 01:37:51 | 00,000,000 | ---- | M] ()
32391.exe -> C:\WINDOWS\System32\32391.exe -> [2009/12/10 01:17:50 | 00,000,000 | ---- | M] ()
5436.exe -> C:\WINDOWS\System32\5436.exe -> [2009/12/10 00:57:45 | 00,000,000 | ---- | M] ()
siyizene.dll -> C:\WINDOWS\System32\siyizene.dll -> [2009/12/09 04:07:20 | 00,009,908 | -HS- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/08 18:25:03 | 00,153,176 | ---- | M] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:18:17 | 00,160,881 | ---- | M] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 | 00,001,018 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | M] ()
leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe -> [2009/12/02 12:45:24 | 00,156,160 | ---- | M] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | M] ()
t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k -> [2009/11/30 00:15:28 | 00,008,823 | ---- | M] ()
t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k -> [2009/11/30 00:11:53 | 00,022,831 | ---- | M] ()
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
dnsapi.dll -> C:\WINDOWS\System32\dllcache\dnsapi.dll -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
msynldks.dll -> C:\WINDOWS\System32\msynldks.dll -> [2009/11/28 00:17:09 | 00,032,768 | ---- | M] (USA)
pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools)
mylist.m3u -> C:\Documents and Settings\Eric\My Documents\mylist.m3u -> [2009/11/23 16:02:10 | 00,008,546 | ---- | M] ()
42 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
42 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp ->
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/22 05:21:42 | 13,333,17632 | -HS- | C] ()
dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job -> [2009/12/21 20:37:51 | 00,000,296 | ---- | C] ()
dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe -> [2009/12/20 11:35:58 | 00,002,098 | -HS- | C] ()
PCTAppEvent.cat -> C:\WINDOWS\System32\drivers\PCTAppEvent.cat -> [2009/12/20 08:15:31 | 00,007,412 | ---- | C] ()
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/12/20 08:15:31 | 00,007,383 | ---- | C] ()
pctgntdi.cat -> C:\WINDOWS\System32\drivers\pctgntdi.cat -> [2009/12/20 08:15:29 | 00,007,387 | ---- | C] ()
pctNdis-PacketFilter.cat -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat -> [2009/12/20 08:15:08 | 00,007,435 | ---- | C] ()
pctNdis-DNS.cat -> C:\WINDOWS\System32\drivers\pctNdis-DNS.cat -> [2009/12/20 08:15:08 | 00,007,399 | ---- | C] ()
pctplfw.cat -> C:\WINDOWS\System32\drivers\pctplfw.cat -> [2009/12/20 08:15:05 | 00,007,383 | ---- | C] ()
bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll -> [2009/12/20 07:15:09 | 00,000,000 | -HS- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | C] ()
bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe -> [2009/12/19 20:34:54 | 00,002,098 | -HS- | C] ()
21906.exe -> C:\WINDOWS\System32\21906.exe -> [2009/12/17 16:19:24 | 00,000,000 | ---- | C] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | C] ()
gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe -> [2009/12/16 13:55:27 | 00,002,098 | -HS- | C] ()
rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys -> [2009/12/14 22:52:51 | 00,707,072 | ---- | C] ()
711046.BAT -> C:\WINDOWS\System32\711046.BAT -> [2009/12/14 22:48:53 | 00,000,118 | ---- | C] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/14 01:10:01 | 00,000,061 | ---- | C] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/10 11:08:52 | 00,019,456 | ---- | C] ()
musosami.dll -> C:\WINDOWS\System32\musosami.dll -> [2009/12/10 08:31:57 | 00,002,098 | -HS- | C] ()
tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | C] ()
rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | C] ()
23811.exe -> C:\WINDOWS\System32\23811.exe -> [2009/12/10 08:18:23 | 00,000,000 | ---- | C] ()
28703.exe -> C:\WINDOWS\System32\28703.exe -> [2009/12/10 07:58:22 | 00,000,000 | ---- | C] ()
9894.exe -> C:\WINDOWS\System32\9894.exe -> [2009/12/10 07:38:21 | 00,000,000 | ---- | C] ()
17035.exe -> C:\WINDOWS\System32\17035.exe -> [2009/12/10 07:18:21 | 00,000,000 | ---- | C] ()
26299.exe -> C:\WINDOWS\System32\26299.exe -> [2009/12/10 06:58:20 | 00,000,000 | ---- | C] ()
25667.exe -> C:\WINDOWS\System32\25667.exe -> [2009/12/10 06:38:19 | 00,000,000 | ---- | C] ()
19912.exe -> C:\WINDOWS\System32\19912.exe -> [2009/12/10 06:18:18 | 00,000,000 | ---- | C] ()
1869.exe -> C:\WINDOWS\System32\1869.exe -> [2009/12/10 05:58:17 | 00,000,000 | ---- | C] ()
11538.exe -> C:\WINDOWS\System32\11538.exe -> [2009/12/10 05:38:17 | 00,000,000 | ---- | C] ()
14771.exe -> C:\WINDOWS\System32\14771.exe -> [2009/12/10 05:18:08 | 00,000,000 | ---- | C] ()
21726.exe -> C:\WINDOWS\System32\21726.exe -> [2009/12/10 04:58:07 | 00,000,000 | ---- | C] ()
5447.exe -> C:\WINDOWS\System32\5447.exe -> [2009/12/10 04:38:06 | 00,000,000 | ---- | C] ()
19895.exe -> C:\WINDOWS\System32\19895.exe -> [2009/12/10 04:18:00 | 00,000,000 | ---- | C] ()
19718.exe -> C:\WINDOWS\System32\19718.exe -> [2009/12/10 03:57:59 | 00,000,000 | ---- | C] ()
18716.exe -> C:\WINDOWS\System32\18716.exe -> [2009/12/10 03:37:57 | 00,000,000 | ---- | C] ()
17421.exe -> C:\WINDOWS\System32\17421.exe -> [2009/12/10 03:17:57 | 00,000,000 | ---- | C] ()
12382.exe -> C:\WINDOWS\System32\12382.exe -> [2009/12/10 02:57:54 | 00,000,000 | ---- | C] ()
292.exe -> C:\WINDOWS\System32\292.exe -> [2009/12/10 02:37:53 | 00,000,000 | ---- | C] ()
153.exe -> C:\WINDOWS\System32\153.exe -> [2009/12/10 02:17:52 | 00,000,000 | ---- | C] ()
3902.exe -> C:\WINDOWS\System32\3902.exe -> [2009/12/10 01:57:51 | 00,000,000 | ---- | C] ()
14604.exe -> C:\WINDOWS\System32\14604.exe -> [2009/12/10 01:37:51 | 00,000,000 | ---- | C] ()
32391.exe -> C:\WINDOWS\System32\32391.exe -> [2009/12/10 01:17:50 | 00,000,000 | ---- | C] ()
5436.exe -> C:\WINDOWS\System32\5436.exe -> [2009/12/10 00:57:45 | 00,000,000 | ---- | C] ()
4827.exe -> C:\WINDOWS\System32\4827.exe -> [2009/12/10 00:37:45 | 00,000,000 | ---- | C] ()
11942.exe -> C:\WINDOWS\System32\11942.exe -> [2009/12/10 00:17:44 | 00,000,000 | ---- | C] ()
2995.exe -> C:\WINDOWS\System32\2995.exe -> [2009/12/09 23:57:43 | 00,000,000 | ---- | C] ()
491.exe -> C:\WINDOWS\System32\491.exe -> [2009/12/09 23:37:42 | 00,000,000 | ---- | C] ()
9961.exe -> C:\WINDOWS\System32\9961.exe -> [2009/12/09 23:17:35 | 00,000,000 | ---- | C] ()
16827.exe -> C:\WINDOWS\System32\16827.exe -> [2009/12/09 22:57:18 | 00,000,000 | ---- | C] ()
23281.exe -> C:\WINDOWS\System32\23281.exe -> [2009/12/09 22:37:14 | 00,000,000 | ---- | C] ()
28145.exe -> C:\WINDOWS\System32\28145.exe -> [2009/12/09 22:17:13 | 00,000,000 | ---- | C] ()
5705.exe -> C:\WINDOWS\System32\5705.exe -> [2009/12/09 21:57:13 | 00,000,000 | ---- | C] ()
24464.exe -> C:\WINDOWS\System32\24464.exe -> [2009/12/09 21:36:58 | 00,000,000 | ---- | C] ()
26962.exe -> C:\WINDOWS\System32\26962.exe -> [2009/12/09 21:16:56 | 00,000,000 | ---- | C] ()
29358.exe -> C:\WINDOWS\System32\29358.exe -> [2009/12/09 20:56:55 | 00,000,000 | ---- | C] ()
11478.exe -> C:\WINDOWS\System32\11478.exe -> [2009/12/09 20:36:54 | 00,000,000 | ---- | C] ()
15724.exe -> C:\WINDOWS\System32\15724.exe -> [2009/12/09 20:16:53 | 00,000,000 | ---- | C] ()
19169.exe -> C:\WINDOWS\System32\19169.exe -> [2009/12/09 19:56:52 | 00,000,000 | ---- | C] ()
26500.exe -> C:\WINDOWS\System32\26500.exe -> [2009/12/09 19:36:51 | 00,000,000 | ---- | C] ()
6334.exe -> C:\WINDOWS\System32\6334.exe -> [2009/12/09 19:16:46 | 00,000,000 | ---- | C] ()
18467.exe -> C:\WINDOWS\System32\18467.exe -> [2009/12/09 18:56:45 | 00,000,000 | ---- | C] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/09 18:36:38 | 00,000,000 | ---- | C] ()
winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe -> [2009/12/09 18:36:08 | 00,019,968 | -HS- | C] ()
siyizene.dll -> C:\WINDOWS\System32\siyizene.dll -> [2009/12/09 04:07:20 | 00,009,908 | -HS- | C] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 | 00,001,018 | ---- | C] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:07:54 | 00,160,881 | ---- | C] ()
hpomdl44.dat -> C:\WINDOWS\hpomdl44.dat -> [2009/12/04 09:07:53 | 00,000,586 | ---- | C] ()
hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/12/04 08:45:19 | 00,001,043 | ---- | C] ()
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | C] ()
leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe -> [2009/12/02 12:45:24 | 00,156,160 | ---- | C] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | C] ()
t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k -> [2009/11/30 00:15:25 | 00,008,823 | ---- | C] ()
t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k -> [2009/11/30 00:03:29 | 00,022,831 | ---- | C] ()
krncode.dat -> C:\WINDOWS\System32\krncode.dat -> [2009/11/28 01:23:17 | 00,006,414 | ---- | C] ()
wincode.dat -> C:\WINDOWS\System32\wincode.dat -> [2009/11/28 01:23:16 | 00,023,905 | ---- | C] ()
pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat -> [2009/11/28 01:23:16 | 00,001,617 | ---- | C] ()
shifld2.old -> C:\WINDOWS\System32\shifld2.old -> [2009/11/28 01:23:11 | 00,047,856 | ---- | C] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/11/28 00:04:17 | 00,025,600 | ---- | C] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/11/24 00:26:38 | 05,505,024 | ---- | C] ()
dukiwava.dll -> C:\WINDOWS\System32\dukiwava.dll -> [2009/09/20 23:36:20 | 00,039,424 | -HS- | C] ()
yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | C] ()
ladahawe.dll -> C:\WINDOWS\System32\ladahawe.dll -> [2009/09/20 23:35:56 | 00,061,952 | -HS- | C] ()
naruhogo.dll -> C:\WINDOWS\System32\naruhogo.dll -> [2009/09/17 13:56:27 | 00,045,568 | -HS- | C] ()
muwuhare.dll -> C:\WINDOWS\System32\muwuhare.dll -> [2009/09/17 13:56:04 | 00,039,424 | -HS- | C] ()
jesoyaru.dll -> C:\WINDOWS\System32\jesoyaru.dll -> [2009/09/17 01:56:01 | 00,039,424 | -HS- | C] ()
yijeyenu.dll -> C:\WINDOWS\System32\yijeyenu.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
kafiseri.dll -> C:\WINDOWS\System32\kafiseri.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
bahegope.dll -> C:\WINDOWS\System32\bahegope.dll -> [2009/09/15 05:49:47 | 00,053,248 | -HS- | C] ()
bozilajo.dll -> C:\WINDOWS\System32\bozilajo.dll -> [2009/09/15 05:49:33 | 00,045,568 | -HS- | C] ()
hofonike.dll -> C:\WINDOWS\System32\hofonike.dll -> [2009/09/15 05:49:08 | 00,039,424 | -HS- | C] ()
sayawoha.dll -> C:\WINDOWS\System32\sayawoha.dll -> [2009/09/11 17:24:07 | 00,045,568 | -HS- | C] ()
wopowupa.dll -> C:\WINDOWS\System32\wopowupa.dll -> [2009/09/11 17:24:06 | 00,039,424 | -HS- | C] ()
zivogima.dll -> C:\WINDOWS\System32\zivogima.dll -> [2009/09/10 08:34:33 | 00,039,424 | -HS- | C] ()
hipofahi.dll -> C:\WINDOWS\System32\hipofahi.dll -> [2009/09/10 08:12:00 | 00,000,003 | -HS- | C] ()
sirodave.dll -> C:\WINDOWS\System32\sirodave.dll -> [2009/09/10 08:11:59 | 00,000,003 | -HS- | C] ()
piyidaze.dll -> C:\WINDOWS\System32\piyidaze.dll -> [2009/09/10 08:11:59 | 00,000,003 | -HS- | C] ()
zehasipe.dll -> C:\WINDOWS\System32\zehasipe.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
tobigude.dll -> C:\WINDOWS\System32\tobigude.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
gopeyuye.dll -> C:\WINDOWS\System32\gopeyuye.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
navepolu.dll -> C:\WINDOWS\System32\navepolu.dll -> [2009/09/09 19:44:05 | 00,000,003 | -HS- | C] ()
lezarase.dll -> C:\WINDOWS\System32\lezarase.dll -> [2009/09/09 19:44:05 | 00,000,003 | -HS- | C] ()
jonesuke.dll -> C:\WINDOWS\System32\jonesuke.dll -> [2009/09/09 19:21:18 | 00,000,003 | -HS- | C] ()
fejawoza.dll -> C:\WINDOWS\System32\fejawoza.dll -> [2009/09/09 19:21:18 | 00,000,003 | -HS- | C] ()
nisamuva.dll -> C:\WINDOWS\System32\nisamuva.dll -> [2009/09/09 19:21:17 | 00,000,003 | -HS- | C] ()
lubosuve.dll -> C:\WINDOWS\System32\lubosuve.dll -> [2009/09/09 19:21:17 | 00,000,003 | -HS- | C] ()
dobiyide.dll -> C:\WINDOWS\System32\dobiyide.dll -> [2009/09/09 18:58:41 | 00,000,003 | -HS- | C] ()
zinozobu.dll -> C:\WINDOWS\System32\zinozobu.dll -> [2009/09/09 18:58:40 | 00,000,003 | -HS- | C] ()
yafilore.dll -> C:\WINDOWS\System32\yafilore.dll -> [2009/09/09 18:58:40 | 00,000,003 | -HS- | C] ()
jivesiye.dll -> C:\WINDOWS\System32\jivesiye.dll -> [2009/09/09 18:36:03 | 00,000,003 | -HS- | C] ()
guyeroso.dll -> C:\WINDOWS\System32\guyeroso.dll -> [2009/09/09 18:36:03 | 00,000,003 | -HS- | C] ()
yademejo.dll -> C:\WINDOWS\System32\yademejo.dll -> [2009/09/09 18:35:57 | 00,000,003 | -HS- | C] ()
pilabuma.dll -> C:\WINDOWS\System32\pilabuma.dll -> [2009/09/09 18:35:57 | 00,000,003 | -HS- | C] ()
bidapoyi.dll -> C:\WINDOWS\System32\bidapoyi.dll -> [2009/09/09 18:13:13 | 00,000,003 | -HS- | C] ()
yuteraji.dll -> C:\WINDOWS\System32\yuteraji.dll -> [2009/09/09 18:13:12 | 00,000,003 | -HS- | C] ()
lutehibe.dll -> C:\WINDOWS\System32\lutehibe.dll -> [2009/09/09 18:13:11 | 00,000,003 | -HS- | C] ()
GMudSVgw.INI -> C:\WINDOWS\GMudSVgw.INI -> [2007/09/25 22:31:52 | 00,000,876 | ---- | C] ()
ALBUM.INI -> C:\WINDOWS\ALBUM.INI -> [2006/12/07 17:28:03 | 00,000,086 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2006/12/02 15:37:38 | 00,363,520 | ---- | C] ()
DC2110a.ini -> C:\WINDOWS\DC2110a.ini -> [2006/11/27 16:06:06 | 00,000,321 | R--- | C] ()
dcccp106.dll -> C:\WINDOWS\System32\dcccp106.dll -> [2006/11/27 16:06:05 | 00,061,440 | R--- | C] ()
cccp106.ini -> C:\WINDOWS\cccp106.ini -> [2006/11/27 16:06:05 | 00,015,542 | R--- | C] ()
vcccp106.dll -> C:\WINDOWS\System32\vcccp106.dll -> [2006/11/27 16:06:04 | 00,045,056 | R--- | C] ()
cccp106.sys -> C:\WINDOWS\System32\drivers\cccp106.sys -> [2006/11/27 16:06:03 | 00,227,200 | R--- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2006/11/11 22:01:59 | 00,000,029 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2006/11/11 20:13:22 | 00,000,049 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/11/11 16:31:39 | 00,000,002 | ---- | C] ()
DIV_IYUV.DLL -> C:\WINDOWS\DIV_IYUV.DLL -> [2006/11/11 16:27:34 | 00,032,768 | ---- | C] ()
JPGL.DLL -> C:\WINDOWS\JPGL.DLL -> [2006/11/11 16:27:33 | 00,036,864 | ---- | C] ()
videoimp.ini -> C:\WINDOWS\videoimp.ini -> [2006/11/11 16:26:37 | 00,000,746 | ---- | C] ()
vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/11/11 16:26:20 | 00,010,240 | ---- | C] ()
IECodecPlg.dll -> C:\WINDOWS\IECodecPlg.dll -> [2005/12/01 17:39:22 | 00,113,152 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2004/12/19 07:29:40 | 00,106,496 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2004/12/19 07:17:10 | 00,614,400 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/01/03 21:00:49 | 00,000,061 | ---- | C] ()
winamp.ini -> C:\WINDOWS\winamp.ini -> [2004/01/01 05:46:42 | 00,000,132 | ---- | C] ()
net2fone.ini -> C:\WINDOWS\net2fone.ini -> [2004/01/01 05:46:08 | 00,000,310 | ---- | C] ()
avrack.ini -> C:\WINDOWS\avrack.ini -> [2004/01/01 04:55:12 | 00,000,164 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/01/01 03:06:58 | 00,001,094 | ---- | C] ()
emver.ini -> C:\WINDOWS\System32\emver.ini -> [2004/01/01 03:06:58 | 00,000,467 | ---- | C] ()
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2004/01/01 03:06:26 | 00,000,000 | -HS- | C] ()
FInstall.sys -> C:\WINDOWS\System32\FInstall.sys -> [2003/03/31 06:00:00 | 00,000,004 | ---- | C] ()
OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 12:42:56 | 00,237,568 | ---- | C] ()
VorbisEnc.dll -> C:\WINDOWS\System32\VorbisEnc.dll -> [2002/10/04 17:04:24 | 00,921,600 | ---- | C] ()
vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/10/04 17:04:24 | 00,188,416 | ---- | C] ()
ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/10/04 17:04:16 | 00,045,056 | ---- | C] ()
mp4fil32.dll -> C:\WINDOWS\System32\mp4fil32.dll -> [2002/05/15 17:38:40 | 00,091,136 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 2956 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >
[/code]

peku006
2009-12-24, 13:33
Hi blackdra

Start OTS. Copy/Paste the information in the Code box below into the panel where it says Paste fix here and then click the Run Fix button.


[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "nejepidof" -> C:\WINDOWS\System32\yobiseha.DLL [Rundll32.exe "c:\windows\system32\yobiseha.dll",a]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll
YY -> c:\windows\system32\yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [rehirodup]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [mujuzedij]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
NY -> "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe]
NY -> "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe]
NY -> "C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire]
YN -> "C:\WINDOWS\system32\lsm32.sys" -> C:\WINDOWS\System32\lsm32.sys [C:\WINDOWS\system32\lsm32.sys:*:Enabled:lsm32]
YN -> "C:\WINDOWS\Temp\cmd.exe" -> C:\WINDOWS\Temp\cmd.exe [C:\WINDOWS\Temp\cmd.exe:*:Enabled:cmd]
YN -> "C:\WINDOWS\Temp\spoolsv.exe" -> C:\WINDOWS\Temp\spoolsv.exe [C:\WINDOWS\Temp\spoolsv.exe:*:Enabled:spoolsv]
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom
YN -> "DisplayName" -> CD-ROM Driver
YN -> "ImagePath" -> [System32\DRIVERS\cdrom.sys]
[Files/Folders - Created Within 30 Days]
NY -> 32788R22FWJFW -> C:\32788R22FWJFW
NY -> 32788R22FWJFW(2) -> C:\32788R22FWJFW(2)
NY -> cock -> C:\WINDOWS\System32\cock
NY -> msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll
NY -> lowsec -> C:\WINDOWS\System32\lowsec
NY -> xmldm -> C:\WINDOWS\System32\xmldm
NY -> msynldks.dll -> C:\WINDOWS\System32\msynldks.dll
[Files/Folders - Modified Within 30 Days]
NY -> rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys
NY -> dufubuga -> C:\WINDOWS\System32\dufubuga
NY -> dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job
NY -> tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll
NY -> dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe
NY -> bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll
NY -> bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> 21906.exe -> C:\WINDOWS\System32\21906.exe
NY -> 15724.exe -> C:\WINDOWS\System32\15724.exe
NY -> 19169.exe -> C:\WINDOWS\System32\19169.exe
NY -> 26500.exe -> C:\WINDOWS\System32\26500.exe
NY -> 6334.exe -> C:\WINDOWS\System32\6334.exe
NY -> 18467.exe -> C:\WINDOWS\System32\18467.exe
NY -> winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll
NY -> gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe
NY -> urhtps.dat -> C:\WINDOWS\System32\urhtps.dat
NY -> 711046.BAT -> C:\WINDOWS\System32\711046.BAT
NY -> msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll
NY -> wincode.dat -> C:\WINDOWS\System32\wincode.dat
NY -> krncode.dat -> C:\WINDOWS\System32\krncode.dat
NY -> pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat
NY -> nsysk.ini -> C:\WINDOWS\System32\nsysk.ini
NY -> ntload.dll -> C:\Documents and Settings\Eric\ntload.dll
NY -> notepad.dll -> C:\WINDOWS\System32\notepad.dll
NY -> shifld2.old -> C:\WINDOWS\System32\shifld2.old
NY -> 4827.exe -> C:\WINDOWS\System32\4827.exe
NY -> 11942.exe -> C:\WINDOWS\System32\11942.exe
NY -> 2995.exe -> C:\WINDOWS\System32\2995.exe
NY -> 491.exe -> C:\WINDOWS\System32\491.exe
NY -> 9961.exe -> C:\WINDOWS\System32\9961.exe
NY -> 16827.exe -> C:\WINDOWS\System32\16827.exe
NY -> 23281.exe -> C:\WINDOWS\System32\23281.exe
NY -> 28145.exe -> C:\WINDOWS\System32\28145.exe
NY -> 5705.exe -> C:\WINDOWS\System32\5705.exe
NY -> 24464.exe -> C:\WINDOWS\System32\24464.exe
NY -> 26962.exe -> C:\WINDOWS\System32\26962.exe
NY -> 29358.exe -> C:\WINDOWS\System32\29358.exe
NY -> 11478.exe -> C:\WINDOWS\System32\11478.exe
NY -> musosami.dll -> C:\WINDOWS\System32\musosami.dll
NY -> tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll
NY -> rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll
NY -> 23811.exe -> C:\WINDOWS\System32\23811.exe
NY -> 28703.exe -> C:\WINDOWS\System32\28703.exe
NY -> 9894.exe -> C:\WINDOWS\System32\9894.exe
NY -> 17035.exe -> C:\WINDOWS\System32\17035.exe
NY -> 26299.exe -> C:\WINDOWS\System32\26299.exe
NY -> 25667.exe -> C:\WINDOWS\System32\25667.exe
NY -> 19912.exe -> C:\WINDOWS\System32\19912.exe
NY -> 1869.exe -> C:\WINDOWS\System32\1869.exe
NY -> 11538.exe -> C:\WINDOWS\System32\11538.exe
NY -> 14771.exe -> C:\WINDOWS\System32\14771.exe
NY -> 21726.exe -> C:\WINDOWS\System32\21726.exe
NY -> 5447.exe -> C:\WINDOWS\System32\5447.exe
NY -> 19895.exe -> C:\WINDOWS\System32\19895.exe
NY -> 19718.exe -> C:\WINDOWS\System32\19718.exe
NY -> 18716.exe -> C:\WINDOWS\System32\18716.exe
NY -> 17421.exe -> C:\WINDOWS\System32\17421.exe
NY -> 12382.exe -> C:\WINDOWS\System32\12382.exe
NY -> 292.exe -> C:\WINDOWS\System32\292.exe
NY -> 153.exe -> C:\WINDOWS\System32\153.exe
NY -> 3902.exe -> C:\WINDOWS\System32\3902.exe
NY -> 14604.exe -> C:\WINDOWS\System32\14604.exe
NY -> 32391.exe -> C:\WINDOWS\System32\32391.exe
NY -> 5436.exe -> C:\WINDOWS\System32\5436.exe
NY -> siyizene.dll -> C:\WINDOWS\System32\siyizene.dll
NY -> leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe
NY -> t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k
NY -> t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k
NY -> msynldks.dll -> C:\WINDOWS\System32\msynldks.dll
[Files - No Company Name]
NY -> dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job
NY -> dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe
NY -> bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll
NY -> bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe
NY -> 21906.exe -> C:\WINDOWS\System32\21906.exe
NY -> gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe
NY -> rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys
NY -> 711046.BAT -> C:\WINDOWS\System32\711046.BAT
NY -> urhtps.dat -> C:\WINDOWS\System32\urhtps.dat
NY -> winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll
NY -> musosami.dll -> C:\WINDOWS\System32\musosami.dll
NY -> tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll
NY -> rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll
NY -> 23811.exe -> C:\WINDOWS\System32\23811.exe
NY -> 28703.exe -> C:\WINDOWS\System32\28703.exe
NY -> 9894.exe -> C:\WINDOWS\System32\9894.exe
NY -> 17035.exe -> C:\WINDOWS\System32\17035.exe
NY -> 26299.exe -> C:\WINDOWS\System32\26299.exe
NY -> 25667.exe -> C:\WINDOWS\System32\25667.exe
NY -> 19912.exe -> C:\WINDOWS\System32\19912.exe
NY -> 1869.exe -> C:\WINDOWS\System32\1869.exe
NY -> 11538.exe -> C:\WINDOWS\System32\11538.exe
NY -> 14771.exe -> C:\WINDOWS\System32\14771.exe
NY -> 21726.exe -> C:\WINDOWS\System32\21726.exe
NY -> 5447.exe -> C:\WINDOWS\System32\5447.exe
NY -> 19895.exe -> C:\WINDOWS\System32\19895.exe
NY -> 19718.exe -> C:\WINDOWS\System32\19718.exe
NY -> 18716.exe -> C:\WINDOWS\System32\18716.exe
NY -> 17421.exe -> C:\WINDOWS\System32\17421.exe
NY -> 12382.exe -> C:\WINDOWS\System32\12382.exe
NY -> 292.exe -> C:\WINDOWS\System32\292.exe
NY -> 153.exe -> C:\WINDOWS\System32\153.exe
NY -> 3902.exe -> C:\WINDOWS\System32\3902.exe
NY -> 14604.exe -> C:\WINDOWS\System32\14604.exe
NY -> 32391.exe -> C:\WINDOWS\System32\32391.exe
NY -> 5436.exe -> C:\WINDOWS\System32\5436.exe
NY -> 4827.exe -> C:\WINDOWS\System32\4827.exe
NY -> 11942.exe -> C:\WINDOWS\System32\11942.exe
NY -> 2995.exe -> C:\WINDOWS\System32\2995.exe
NY -> 491.exe -> C:\WINDOWS\System32\491.exe
NY -> 9961.exe -> C:\WINDOWS\System32\9961.exe
NY -> 16827.exe -> C:\WINDOWS\System32\16827.exe
NY -> 23281.exe -> C:\WINDOWS\System32\23281.exe
NY -> 28145.exe -> C:\WINDOWS\System32\28145.exe
NY -> 5705.exe -> C:\WINDOWS\System32\5705.exe
NY -> 24464.exe -> C:\WINDOWS\System32\24464.exe
NY -> 26962.exe -> C:\WINDOWS\System32\26962.exe
NY -> 29358.exe -> C:\WINDOWS\System32\29358.exe
NY -> 11478.exe -> C:\WINDOWS\System32\11478.exe
NY -> 15724.exe -> C:\WINDOWS\System32\15724.exe
NY -> 19169.exe -> C:\WINDOWS\System32\19169.exe
NY -> 26500.exe -> C:\WINDOWS\System32\26500.exe
NY -> 6334.exe -> C:\WINDOWS\System32\6334.exe
NY -> 18467.exe -> C:\WINDOWS\System32\18467.exe
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe
NY -> siyizene.dll -> C:\WINDOWS\System32\siyizene.dll
NY -> leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe
NY -> t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k
NY -> t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k
NY -> krncode.dat -> C:\WINDOWS\System32\krncode.dat
NY -> wincode.dat -> C:\WINDOWS\System32\wincode.dat
NY -> pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat
NY -> shifld2.old -> C:\WINDOWS\System32\shifld2.old
NY -> tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll
NY -> dukiwava.dll -> C:\WINDOWS\System32\dukiwava.dll
NY -> yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll
NY -> ladahawe.dll -> C:\WINDOWS\System32\ladahawe.dll
NY -> naruhogo.dll -> C:\WINDOWS\System32\naruhogo.dll
NY -> muwuhare.dll -> C:\WINDOWS\System32\muwuhare.dll
NY -> jesoyaru.dll -> C:\WINDOWS\System32\jesoyaru.dll
NY -> yijeyenu.dll -> C:\WINDOWS\System32\yijeyenu.dll
NY -> kafiseri.dll -> C:\WINDOWS\System32\kafiseri.dll
NY -> fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll
NY -> bahegope.dll -> C:\WINDOWS\System32\bahegope.dll
NY -> bozilajo.dll -> C:\WINDOWS\System32\bozilajo.dll
NY -> hofonike.dll -> C:\WINDOWS\System32\hofonike.dll
NY -> sayawoha.dll -> C:\WINDOWS\System32\sayawoha.dll
NY -> wopowupa.dll -> C:\WINDOWS\System32\wopowupa.dll
NY -> zivogima.dll -> C:\WINDOWS\System32\zivogima.dll
NY -> hipofahi.dll -> C:\WINDOWS\System32\hipofahi.dll
NY -> sirodave.dll -> C:\WINDOWS\System32\sirodave.dll
NY -> piyidaze.dll -> C:\WINDOWS\System32\piyidaze.dll
NY -> zehasipe.dll -> C:\WINDOWS\System32\zehasipe.dll
NY -> tobigude.dll -> C:\WINDOWS\System32\tobigude.dll
NY -> gopeyuye.dll -> C:\WINDOWS\System32\gopeyuye.dll
NY -> navepolu.dll -> C:\WINDOWS\System32\navepolu.dll
NY -> lezarase.dll -> C:\WINDOWS\System32\lezarase.dll
NY -> jonesuke.dll -> C:\WINDOWS\System32\jonesuke.dll
NY -> fejawoza.dll -> C:\WINDOWS\System32\fejawoza.dll
NY -> nisamuva.dll -> C:\WINDOWS\System32\nisamuva.dll
NY -> lubosuve.dll -> C:\WINDOWS\System32\lubosuve.dll
NY -> dobiyide.dll -> C:\WINDOWS\System32\dobiyide.dll
NY -> zinozobu.dll -> C:\WINDOWS\System32\zinozobu.dll
NY -> yafilore.dll -> C:\WINDOWS\System32\yafilore.dll
NY -> jivesiye.dll -> C:\WINDOWS\System32\jivesiye.dll
NY -> guyeroso.dll -> C:\WINDOWS\System32\guyeroso.dll
NY -> yademejo.dll -> C:\WINDOWS\System32\yademejo.dll
NY -> pilabuma.dll -> C:\WINDOWS\System32\pilabuma.dll
NY -> bidapoyi.dll -> C:\WINDOWS\System32\bidapoyi.dll
NY -> yuteraji.dll -> C:\WINDOWS\System32\yuteraji.dll
NY -> lutehibe.dll -> C:\WINDOWS\System32\lutehibe.dll
NY -> GMudSVgw.INI -> C:\WINDOWS\GMudSVgw.INI

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here.

peku006

blackdra
2009-12-24, 13:42
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nejepidof deleted successfully.
C:\WINDOWS\System32\yobiseha.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:fepabavi.dll deleted successfully.
C:\WINDOWS\System32\fepabavi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yobiseha.dll deleted successfully.
File C:\WINDOWS\system32\yobiseha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\rehirodup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}\ deleted successfully.
File C:\WINDOWS\system32\yobiseha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3c80fcc8-b88d-4740-bcec-d2d122abcbe9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}\ deleted successfully.
File C:\WINDOWS\system32\yobiseha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe deleted successfully.
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\HP Software Update\HPWUCli.exe deleted successfully.
C:\Program Files\HP\HP Software Update\HPWUCli.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\lsm32.sys deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\cmd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\spoolsv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
C:\32788R22FWJFW(2)\License(2) folder moved successfully.
C:\32788R22FWJFW(2) folder moved successfully.
C:\WINDOWS\System32\cock folder moved successfully.
C:\WINDOWS\System32\msilojzb.dll moved successfully.
C:\WINDOWS\System32\lowsec folder moved successfully.
C:\WINDOWS\System32\xmldm folder moved successfully.
C:\WINDOWS\System32\msynldks.dll moved successfully.
[Files/Folders - Modified Within 30 Days]
File move failed. C:\WINDOWS\System32\drivers\rqxtfp.sys scheduled to be moved on reboot.
C:\WINDOWS\System32\dufubuga moved successfully.
C:\WINDOWS\tasks\dossywtx.job moved successfully.
C:\WINDOWS\System32\tdlcmd.dll moved successfully.
C:\WINDOWS\System32\dajifuji.exe moved successfully.
C:\WINDOWS\System32\bemevaja.dll moved successfully.
C:\WINDOWS\System32\bawayeka.exe moved successfully.
C:\WINDOWS\System32\41.exe moved successfully.
C:\WINDOWS\System32\21906.exe moved successfully.
C:\WINDOWS\System32\15724.exe moved successfully.
C:\WINDOWS\System32\19169.exe moved successfully.
C:\WINDOWS\System32\26500.exe moved successfully.
C:\WINDOWS\System32\6334.exe moved successfully.
C:\WINDOWS\System32\18467.exe moved successfully.
C:\WINDOWS\System32\winhelper86.dll moved successfully.
C:\WINDOWS\System32\gezibaju.exe moved successfully.
C:\WINDOWS\System32\urhtps.dat moved successfully.
C:\WINDOWS\System32\711046.BAT moved successfully.
File C:\WINDOWS\System32\msilojzb.dll not found!
C:\WINDOWS\System32\wincode.dat moved successfully.
C:\WINDOWS\System32\krncode.dat moved successfully.
C:\WINDOWS\System32\pwrcode.dat moved successfully.
C:\WINDOWS\System32\nsysk.ini moved successfully.
C:\Documents and Settings\Eric\ntload.dll moved successfully.
C:\WINDOWS\System32\notepad.dll moved successfully.
C:\WINDOWS\System32\shifld2.old moved successfully.
C:\WINDOWS\System32\4827.exe moved successfully.
C:\WINDOWS\System32\11942.exe moved successfully.
C:\WINDOWS\System32\2995.exe moved successfully.
C:\WINDOWS\System32\491.exe moved successfully.
C:\WINDOWS\System32\9961.exe moved successfully.
C:\WINDOWS\System32\16827.exe moved successfully.
C:\WINDOWS\System32\23281.exe moved successfully.
C:\WINDOWS\System32\28145.exe moved successfully.
C:\WINDOWS\System32\5705.exe moved successfully.
C:\WINDOWS\System32\24464.exe moved successfully.
C:\WINDOWS\System32\26962.exe moved successfully.
C:\WINDOWS\System32\29358.exe moved successfully.
C:\WINDOWS\System32\11478.exe moved successfully.
C:\WINDOWS\System32\musosami.dll moved successfully.
C:\WINDOWS\System32\tipezuku.dll moved successfully.
C:\WINDOWS\System32\rijiraza.dll moved successfully.
C:\WINDOWS\System32\23811.exe moved successfully.
C:\WINDOWS\System32\28703.exe moved successfully.
C:\WINDOWS\System32\9894.exe moved successfully.
C:\WINDOWS\System32\17035.exe moved successfully.
C:\WINDOWS\System32\26299.exe moved successfully.
C:\WINDOWS\System32\25667.exe moved successfully.
C:\WINDOWS\System32\19912.exe moved successfully.
C:\WINDOWS\System32\1869.exe moved successfully.
C:\WINDOWS\System32\11538.exe moved successfully.
C:\WINDOWS\System32\14771.exe moved successfully.
C:\WINDOWS\System32\21726.exe moved successfully.
C:\WINDOWS\System32\5447.exe moved successfully.
C:\WINDOWS\System32\19895.exe moved successfully.
C:\WINDOWS\System32\19718.exe moved successfully.
C:\WINDOWS\System32\18716.exe moved successfully.
C:\WINDOWS\System32\17421.exe moved successfully.
C:\WINDOWS\System32\12382.exe moved successfully.
C:\WINDOWS\System32\292.exe moved successfully.
C:\WINDOWS\System32\153.exe moved successfully.
C:\WINDOWS\System32\3902.exe moved successfully.
C:\WINDOWS\System32\14604.exe moved successfully.
C:\WINDOWS\System32\32391.exe moved successfully.
C:\WINDOWS\System32\5436.exe moved successfully.
C:\WINDOWS\System32\siyizene.dll moved successfully.
C:\WINDOWS\System32\leopehgqqd78o.exe moved successfully.
C:\WINDOWS\System32\t1p0_593775141973.b1k moved successfully.
C:\WINDOWS\System32\t1p0_444989264064.b1k moved successfully.
File C:\WINDOWS\System32\msynldks.dll not found!
[Files - No Company Name]
File C:\WINDOWS\tasks\dossywtx.job not found!
File C:\WINDOWS\System32\dajifuji.exe not found!
File C:\WINDOWS\System32\bemevaja.dll not found!
File C:\WINDOWS\System32\bawayeka.exe not found!
File C:\WINDOWS\System32\21906.exe not found!
File C:\WINDOWS\System32\gezibaju.exe not found!
File move failed. C:\WINDOWS\System32\drivers\rqxtfp.sys scheduled to be moved on reboot.
File C:\WINDOWS\System32\711046.BAT not found!
File C:\WINDOWS\System32\urhtps.dat not found!
File C:\WINDOWS\System32\winhelper86.dll not found!
File C:\WINDOWS\System32\musosami.dll not found!
File C:\WINDOWS\System32\tipezuku.dll not found!
File C:\WINDOWS\System32\rijiraza.dll not found!
File C:\WINDOWS\System32\23811.exe not found!
File C:\WINDOWS\System32\28703.exe not found!
File C:\WINDOWS\System32\9894.exe not found!
File C:\WINDOWS\System32\17035.exe not found!
File C:\WINDOWS\System32\26299.exe not found!
File C:\WINDOWS\System32\25667.exe not found!
File C:\WINDOWS\System32\19912.exe not found!
File C:\WINDOWS\System32\1869.exe not found!
File C:\WINDOWS\System32\11538.exe not found!
File C:\WINDOWS\System32\14771.exe not found!
File C:\WINDOWS\System32\21726.exe not found!
File C:\WINDOWS\System32\5447.exe not found!
File C:\WINDOWS\System32\19895.exe not found!
File C:\WINDOWS\System32\19718.exe not found!
File C:\WINDOWS\System32\18716.exe not found!
File C:\WINDOWS\System32\17421.exe not found!
File C:\WINDOWS\System32\12382.exe not found!
File C:\WINDOWS\System32\292.exe not found!
File C:\WINDOWS\System32\153.exe not found!
File C:\WINDOWS\System32\3902.exe not found!
File C:\WINDOWS\System32\14604.exe not found!
File C:\WINDOWS\System32\32391.exe not found!
File C:\WINDOWS\System32\5436.exe not found!
File C:\WINDOWS\System32\4827.exe not found!
File C:\WINDOWS\System32\11942.exe not found!
File C:\WINDOWS\System32\2995.exe not found!
File C:\WINDOWS\System32\491.exe not found!
File C:\WINDOWS\System32\9961.exe not found!
File C:\WINDOWS\System32\16827.exe not found!
File C:\WINDOWS\System32\23281.exe not found!
File C:\WINDOWS\System32\28145.exe not found!
File C:\WINDOWS\System32\5705.exe not found!
File C:\WINDOWS\System32\24464.exe not found!
File C:\WINDOWS\System32\26962.exe not found!
File C:\WINDOWS\System32\29358.exe not found!
File C:\WINDOWS\System32\11478.exe not found!
File C:\WINDOWS\System32\15724.exe not found!
File C:\WINDOWS\System32\19169.exe not found!
File C:\WINDOWS\System32\26500.exe not found!
File C:\WINDOWS\System32\6334.exe not found!
File C:\WINDOWS\System32\18467.exe not found!
File C:\WINDOWS\System32\41.exe not found!
C:\WINDOWS\System32\winlogon86.exe moved successfully.
File C:\WINDOWS\System32\siyizene.dll not found!
File C:\WINDOWS\System32\leopehgqqd78o.exe not found!
File C:\WINDOWS\System32\t1p0_593775141973.b1k not found!
File C:\WINDOWS\System32\t1p0_444989264064.b1k not found!
File C:\WINDOWS\System32\krncode.dat not found!
File C:\WINDOWS\System32\wincode.dat not found!
File C:\WINDOWS\System32\pwrcode.dat not found!
File C:\WINDOWS\System32\shifld2.old not found!
File C:\WINDOWS\System32\tdlcmd.dll not found!
C:\WINDOWS\System32\dukiwava.dll moved successfully.
File C:\WINDOWS\System32\yobiseha.dll not found!
C:\WINDOWS\System32\ladahawe.dll moved successfully.
C:\WINDOWS\System32\naruhogo.dll moved successfully.
C:\WINDOWS\System32\muwuhare.dll moved successfully.
C:\WINDOWS\System32\jesoyaru.dll moved successfully.
C:\WINDOWS\System32\yijeyenu.dll moved successfully.
C:\WINDOWS\System32\kafiseri.dll moved successfully.
File C:\WINDOWS\System32\fepabavi.dll not found!
C:\WINDOWS\System32\bahegope.dll moved successfully.
C:\WINDOWS\System32\bozilajo.dll moved successfully.
C:\WINDOWS\System32\hofonike.dll moved successfully.
C:\WINDOWS\System32\sayawoha.dll moved successfully.
C:\WINDOWS\System32\wopowupa.dll moved successfully.
C:\WINDOWS\System32\zivogima.dll moved successfully.
C:\WINDOWS\System32\hipofahi.dll moved successfully.
C:\WINDOWS\System32\sirodave.dll moved successfully.
C:\WINDOWS\System32\piyidaze.dll moved successfully.
C:\WINDOWS\System32\zehasipe.dll moved successfully.
C:\WINDOWS\System32\tobigude.dll moved successfully.
C:\WINDOWS\System32\gopeyuye.dll moved successfully.
C:\WINDOWS\System32\navepolu.dll moved successfully.
C:\WINDOWS\System32\lezarase.dll moved successfully.
C:\WINDOWS\System32\jonesuke.dll moved successfully.
C:\WINDOWS\System32\fejawoza.dll moved successfully.
C:\WINDOWS\System32\nisamuva.dll moved successfully.
C:\WINDOWS\System32\lubosuve.dll moved successfully.
C:\WINDOWS\System32\dobiyide.dll moved successfully.
C:\WINDOWS\System32\zinozobu.dll moved successfully.
C:\WINDOWS\System32\yafilore.dll moved successfully.
C:\WINDOWS\System32\jivesiye.dll moved successfully.
C:\WINDOWS\System32\guyeroso.dll moved successfully.
C:\WINDOWS\System32\yademejo.dll moved successfully.
C:\WINDOWS\System32\pilabuma.dll moved successfully.
C:\WINDOWS\System32\bidapoyi.dll moved successfully.
C:\WINDOWS\System32\yuteraji.dll moved successfully.
C:\WINDOWS\System32\lutehibe.dll moved successfully.
C:\WINDOWS\GMudSVgw.INI moved successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.12.0 fix logfile created on 12242009_054046

blackdra
2009-12-24, 13:49
i restarted the computer and when i loged on i got an error message saying it could not find yobiseha.dll is that normal or dont have to worry about it now

blackdra
2009-12-24, 14:00
omg what ever that program just did brought out or w/e all types of virus in like one show from runadll.exe to project1.exe to like 5 or 6 other in one virus bombardment

peku006
2009-12-24, 14:38
Hi blackdra

i restarted the computer and when i loged on i got an error message saying it could not find yobiseha.dll is that normal
do not worry it is normal,yobiseha.dll is a "bad guy", it is good that it is missing :D:

Please try run combofix now

Please include the C:\ComboFix.txt in your next reply

Thanks peku006

blackdra
2009-12-24, 14:40
ok because of the bombardment i had to open taskmgr and shut down all those viruses that poped up because my computer started to lag very very very badly as soon as i did that wow my computer start going faster then it has had gone in months woo hooo finaly on the right path

blackdra
2009-12-24, 14:48
rejection:
windows can not find 32788r22fwjfw\IEXPLORE.exe
windows can not find 32788r22fwjfw\hidec.exe
:banghead::banghead:

peku006
2009-12-24, 14:59
Hi blackdra

Let´s try Malwarebytes' Anti-Malware

go to C:\Program Files\Malwarebytes' Anti-Malware and find the file mbam.exe, right-click on the file and select Rename. Rename the file to blackdra.exe and double-click on it to see if it will run.

Thanks peku006

blackdra
2009-12-24, 15:59
ok i get mbam running but 6 second in and after finding 6 infected files i get a run time script error 9 and then the program shuts down

peku006
2009-12-24, 18:58
Hi blackdra

Try run it in “Safe Mode”

blackdra
2009-12-24, 23:15
same problem it gets to 6 infected files then it give me a run error 9 then shuts down should i run s/b first then mbam ?

peku006
2009-12-25, 11:14
Hi blackdra
nothing works :hair:

Download RootRepeal from the following location and save it to your desktop.

Link 1 (http://rootrepeal.googlepages.com/RootRepeal.zip)
Link 2 (http://ad13.geekstogo.com/RootRepeal.zip)
Link 3 (http://rootrepeal.psikotick.com/RootRepeal.zip)

Unzip it to your Desktop
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT

Click the OK button
Check the box for your main system drive (Usually C:), and Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running

When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

Thanks peku006

blackdra
2009-12-26, 05:57
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/12/25 19:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1CD3000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF799D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0BCF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\rqxtfp.sys
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a107068 Size: 2392

Hidden Services
-------------------
Service Name: rqxtfp
Image Path: C:\WINDOWS\system32\drivers\rqxtfp.sys

==EOF==

peku006
2009-12-26, 09:51
Hi blackdra

Download OTM (http://oldtimer.geekstogo.com/OTM.exe) by Old Timer and save it to your Desktop.

Double-click OTM.exe to run it.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area. Do not include the word Code.

:Services
rqxtfp

:Files
C:\WINDOWS\system32\drivers\rqxtfp.sys
:Commands
[emptytemp]


Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thanks peku006

blackdra
2009-12-26, 12:48
lol got freaked out for a sec there the computer gave me the blue screen of death and i was like o sh*t thankfully it was nothing and i tryed the program again (with out and programs running ) and it worked find


All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named rqxtfp was found to stop!
Unable to stop service rqxtfp!
========== FILES ==========
File move failed. C:\WINDOWS\system32\drivers\rqxtfp.sys scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 103304 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Anne
->Temp folder emptied: 625373217 bytes
->Temporary Internet Files folder emptied: 5805964 bytes
->Java cache emptied: 49108207 bytes
->FireFox cache emptied: 99261081 bytes

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 0 bytes

User: Eric
->Temp folder emptied: 5415896 bytes
->Temporary Internet Files folder emptied: 7309724 bytes
->Java cache emptied: 77765384 bytes
->FireFox cache emptied: 86257007 bytes

User: Janet
->Temp folder emptied: 769222025 bytes
->Temporary Internet Files folder emptied: 13196500 bytes
->Java cache emptied: 647383 bytes
->FireFox cache emptied: 171454399 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 6284582 bytes
->Java cache emptied: 193467 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65938 bytes

User: Shawn
->Temp folder emptied: 1236184 bytes
->Temporary Internet Files folder emptied: 4120943 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40319845 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 5411457 bytes
Windows Temp folder emptied: 10937286 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 660595 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,889.00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 12262009_043525

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\rqxtfp.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

blackdra
2009-12-26, 13:37
should i run spy bot now cause i tryed mbam after still got the same runtime error

peku006
2009-12-26, 14:54
Hi blackdra

should i run spy bot now cause i tryed mbam after still got the same runtime error
not yet.......

Download Avenger (http://swandog46.geekstogo.com/avenger2/download.php) by Swandog and unzip it to your Desktop.

Note: This programme must be run from an account with Administrator priviledges.


Open the Avenger folder and double click Avenger.exe to launch the programme.
Copy the text in the code box below and Paste it into the Input script here: box.



Drivers to delete:
rqxtfp

Files to delete:
C:\WINDOWS\system32\drivers\rqxtfp.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Ensure the following:

Scan for Rootkits is checked.
Automatically disable any rootkits found is Unchecked.

Press the Execute key.
Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
Post the log back here please. (it can also be found at C:\avenger.txt)


Thanks peku006

blackdra
2009-12-26, 15:18
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "rqxtfp" deleted successfully.
File "C:\WINDOWS\system32\drivers\rqxtfp.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

peku006
2009-12-26, 15:29
Hi blackdra

good job :bigthumb:

Run OTS

NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).


Thanks peku006

blackdra
2009-12-26, 15:47
[code]
OTS logfile created on: 12/26/2009 7:38:05 AM - Run 2
OTS by OldTimer - Version 3.1.12.0 Folder = c:\documents and settings\eric\desktop\computer fix
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 91.71 Gb Free Space | 82.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKSILVER
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\computer fix\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
bartshel.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\BartShel.exe -> [2005/06/13 13:55:37 | 00,150,016 | ---- | M] (PeoplePC)
ppshared.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\PPShared.exe -> [2005/06/13 13:55:37 | 00,092,672 | ---- | M] (PeoplePC)
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
ctsvccda.exe -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)

[Modules - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\computer fix\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
vuzofafu.dll -> C:\WINDOWS\system32\vuzofafu.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | M] ()
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -> [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(fastnetsrv) fastnetsrv Service [Disabled | Stopped] -> -> File not found
(SPService) SPService [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL -> [2009/12/10 10:59:19 | 00,057,856 | ---- | M] ()
(PCToolsFirewallPlus) PC Tools Firewall Plus [Auto | Stopped] -> C:\Program Files\PC Tools Firewall Plus\FWService.exe -> [2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2009/05/21 22:13:36 | 00,248,832 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2009/05/21 22:03:06 | 00,133,120 | ---- | M] (Hewlett-Packard Co.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/12/03 20:05:42 | 00,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/12/03 20:05:32 | 00,044,544 | ---- | M] (Hewlett-Packard)
(Viewpoint Manager Service) Viewpoint Manager Service [Disabled | Stopped] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(6to4) Network Security [Auto | Running] -> C:\WINDOWS\system32\6to4v32.dll -> [2004/08/04 00:56:44 | 00,061,440 | ---- | M] ()
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running] -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)

[Driver Services - Safe List]
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
(pctNDIS) PC Tools Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis.sys -> [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools)
(PCTAppEvent) PCTAppEvent Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PCTAppEvent.sys -> [2009/11/23 13:54:20 | 00,088,040 | ---- | M] (PC Tools)
(PCTFW-PacketFilter) PCTools Firewall - Packet filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -> [2009/11/10 17:11:36 | 00,070,408 | ---- | M] (PC Tools)
(pctgntdi) pctgntdi [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pctgntdi.sys -> [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools)
(pctplfw) pctplfw [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pctplfw.sys -> [2009/10/16 16:55:00 | 00,115,216 | ---- | M] (PC Tools)
(PCTFW-DNS) PCTools Firewall - DNS driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -> [2009/08/14 13:44:18 | 00,032,552 | ---- | M] (PC Tools)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2009/04/28 14:20:06 | 00,044,944 | ---- | M] (Sonic Solutions)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2008/10/28 04:27:07 | 00,049,920 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2008/10/28 04:27:07 | 00,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2008/10/28 04:27:07 | 00,016,496 | R--- | M] (HP)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(winsts) winsts [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\winsts.sys -> [2004/08/04 00:56:44 | 00,002,304 | ---- | M] ()
(ndisdrv) ndisdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\ndisdrv.sys -> [2004/08/04 00:56:44 | 00,002,304 | ---- | M] ()
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rtl8139.sys -> [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(SunkFilt39) Alcor Micro Corp - 3239 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Sunkfilt39.sys -> [2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.)
(SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys -> [2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmsbw.sys -> [2004/01/29 20:13:06 | 00,122,110 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmnt5.sys -> [2004/01/29 20:13:06 | 00,095,579 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmkchw.sys -> [2004/01/29 20:13:04 | 00,099,002 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2004/01/16 15:21:48 | 00,012,970 | ---- | M] (Conexant)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\asctrm.sys -> [2004/01/01 05:38:00 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/13 19:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/13 19:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/08/21 02:31:52 | 00,462,940 | ---- | M] (Realtek Semiconductor Corp.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2003/08/14 09:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Rtlnic51.sys -> [2003/08/13 01:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation )
(CCCP106) CIF USB Camera (2110A) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\cccp106.sys -> [2003/04/28 05:03:36 | 00,227,200 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2001/09/27 13:00:26 | 00,028,396 | ---- | M] (America Online, Inc.)
(USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbio.sys -> [2001/05/07 04:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.emachines.com ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: SearchURL\\"provider" -> live ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyEnable" -> 1 ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyServer" -> localhost:8080 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Eric\Application Data\Mozilla\FireFox\Profiles\5f6awe7z.default\prefs.js ->
browser.search.defaultenginename -> "Bing" ->
browser.search.defaulturl -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Yu-Gi-Oh! (en)" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.deviantart.com/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 ->
extensions.enabledItems -> {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> smartwebprinting@hp.com:4.5 ->
extensions.enabledItems -> {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 ->
extensions.enabledItems -> {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2 ->
extensions.enabledItems -> {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
keyword.URL -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
network.proxy.ftp -> "proxy_sever" ->
network.proxy.ftp_port -> 8080 ->
network.proxy.gopher -> "proxy_sever" ->
network.proxy.gopher_port -> 8080 ->
network.proxy.http -> "proxy_sever" ->
network.proxy.http_port -> 8080 ->
network.proxy.socks -> "proxy_sever" ->
network.proxy.socks_port -> 8080 ->
network.proxy.ssl -> "proxy_sever" ->
network.proxy.ssl_port -> 8080 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\CompuServe 7.0\Extensions -> ->
HKLM\software\mozilla\CompuServe 7.0\Extensions\\ -> ->
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2009/12/04 09:14:58 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions -> [2008/06/18 07:09:46 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions -> [2009/12/25 18:57:19 | 00,000,000 | ---D | M]
ChatZilla -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/12/13 19:53:31 | 00,000,000 | ---D | M]
MidnightFox -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} -> [2009/06/25 05:12:29 | 00,000,000 | ---D | M]
Aquatint Black Gloss -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} -> [2008/10/16 16:17:32 | 00,000,000 | ---D | M]
Aluminium Kai 2 -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c} -> [2008/05/21 19:22:55 | 00,000,000 | ---D | M]
PitchDark -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2009/07/10 07:53:06 | 00,000,000 | ---D | M]
Web Developer -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} -> [2009/07/10 07:53:11 | 00,000,000 | ---D | M]
Adblock Plus -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/12/13 19:53:32 | 00,000,000 | ---D | M]
Download Statusbar -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/05/14 07:01:09 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
bulbapedia-en.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\bulbapedia-en.xml -> [2009/02/17 05:59:40 | 00,001,431 | ---- | M] ()
smogon.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\smogon.xml -> [2008/11/20 06:55:13 | 00,002,321 | ---- | M] ()
yu-gi-oh-en.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\yu-gi-oh-en.xml -> [2009/08/03 01:06:46 | 00,002,303 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/25 18:57:19 | 00,000,000 | ---D | M]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"00PCTFW" -> C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools)
"MSConfig" -> c:\windows\pchealth\helpctr\binaries\msconfig.exe [c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto] -> [2004/08/04 00:56:54 | 00,158,208 | ---- | M] (Microsoft Corporation)
"winupdate86.exe" -> C:\WINDOWS\system32\winupdate86.exe [C:\WINDOWS\system32\winupdate86.exe] -> [2009/09/26 05:16:37 | 00,022,016 | -HS- | M] (SWUsVvhddARXbqA)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"asg984jgkfmgasi8ug98jgkfgfb" -> C:\WINDOWS\TEMP\smss.exe [C:\WINDOWS\TEMP\smss.exe] -> File not found
"notepad" -> C:\WINDOWS\system32\config\systemprofile\ntload.dll [rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0] -> [2009/12/24 04:29:43 | 00,027,136 | -HS- | M] (Microsoft)
"ygua8e7yhuiesfha876yfauy8fe" -> C:\WINDOWS\TEMP\vvhhaul1od.exe [C:\WINDOWS\TEMP\vvhhaul1od.exe] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"asg984jgkfmgasi8ug98jgkfgfb" -> C:\WINDOWS\TEMP\smss.exe [C:\WINDOWS\TEMP\smss.exe] -> File not found
"notepad" -> C:\WINDOWS\system32\config\systemprofile\ntload.dll [rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0] -> [2009/12/24 04:29:43 | 00,027,136 | -HS- | M] (Microsoft)
"ygua8e7yhuiesfha876yfauy8fe" -> C:\WINDOWS\TEMP\vvhhaul1od.exe [C:\WINDOWS\TEMP\vvhhaul1od.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Anne Startup Folder > -> C:\Documents and Settings\Anne\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup ->
< Janet Startup Folder > -> C:\Documents and Settings\Janet\Start Menu\Programs\Startup ->
< Shawn Startup Folder > -> C:\Documents and Settings\Shawn\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"NoFolderOptions" -> [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableTaskMgr" -> [1] -> File not found
\\"DisableRegistryTools" -> [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"NoFolderOptions" -> [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableTaskMgr" -> [1] -> File not found
\\"DisableRegistryTools" -> [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> c:\Program Files\aim\aim.exe [Button: AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
.[msn] -> My Computer ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
c:\windows\system32\yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll -> File not found
fepabavi.dll -> -> File not found
vuzofafu.dll -> C:\WINDOWS\System32\vuzofafu.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | M] ()
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\winlogon86.exe -> C:\WINDOWS\system32\winlogon86.exe -> [2009/09/26 05:16:37 | 00,022,016 | -HS- | M] (SWUsVvhddARXbqA)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/01/29 20:13:24 | 00,323,584 | ---- | M] (Intel Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\System32\yobiseha.dll [rehirodup] -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\System32\yobiseha.dll [mujuzedij] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe" -> C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe [C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe:*:Enabled:mIRC] -> [2003/06/01 21:40:46 | 01,790,464 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\aim\aim.exe" -> C:\Program Files\aim\aim.exe [C:\Program Files\aim\aim.exe:*:Enabled:AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:googletalk] -> [2007/01/01 15:22:02 | 03,739,648 | ---- | M] (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> File not found
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\InternetSecurity2010\IS2010.exe" -> C:\Program Files\InternetSecurity2010\IS2010.exe [C:\Program Files\InternetSecurity2010\IS2010.exe:*:Enabled:is2010] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2009/12/16 09:37:36 | 00,307,672 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe" -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe [C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:MSN Explorer] -> [2003/03/31 06:00:00 | 00,094,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Paltalk Messenger\paltalk.exe" -> C:\Program Files\Paltalk Messenger\paltalk.exe [C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene] -> File not found
"C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -> C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe:*:Enabled:firewallgui] -> [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools)
"C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe" -> C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe [C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe:*:Enabled:ppcolink] -> [2005/06/13 13:55:37 | 00,020,480 | ---- | M] (PeoplePC)
"C:\Program Files\Pidgin\pidgin.exe" -> C:\Program Files\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2009/08/19 09:03:42 | 00,045,603 | ---- | M] (The Pidgin developer community)
"C:\Program Files\PurePlay\Poker\PurePlayPoker.exe" -> C:\Program Files\PurePlay\Poker\PurePlayPoker.exe [C:\Program Files\PurePlay\Poker\PurePlayPoker.exe:*:Enabled:PurePlay Poker] -> [2007/08/24 14:16:46 | 01,036,288 | ---- | M] (CyberArts Licensing LLC)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:spybotsd] -> [2009/01/26 15:31:12 | 05,365,592 | RHS- | M] (Safer Networking Limited)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe:*:Enabled:msconfig] -> [2004/08/04 00:56:54 | 00,158,208 | ---- | M] (Microsoft Corporation)
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/01/01 04:18:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
Avenger -> C:\Avenger -> [2009/12/26 07:10:24 | 00,000,000 | ---D | C]
_OTM -> C:\_OTM -> [2009/12/26 04:27:02 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/24 07:49:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/24 07:49:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
32788R22FWJFW -> C:\32788R22FWJFW -> [2009/12/24 06:44:42 | 00,000,000 | ---D | C]
Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2009/12/24 06:27:11 | 00,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2009/12/24 06:14:04 | 00,000,000 | ---D | M]
msaouahn.dll -> C:\WINDOWS\System32\msaouahn.dll -> [2009/12/24 05:54:37 | 00,032,768 | ---- | C] (USA)
winupdate86.exe -> C:\WINDOWS\System32\winupdate86.exe -> [2009/12/24 05:54:08 | 00,022,016 | -HS- | C] (SWUsVvhddARXbqA)
winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe -> [2009/12/24 05:54:08 | 00,022,016 | -HS- | C] (SWUsVvhddARXbqA)
srwq.exe -> C:\srwq.exe -> [2009/12/24 05:54:03 | 00,155,648 | ---- | C] (Microsoft Corporation)
waxfhosk.exe -> C:\waxfhosk.exe -> [2009/12/24 05:53:58 | 00,031,232 | ---- | C] (EaGgfFYBq)
cock -> C:\WINDOWS\System32\cock -> [2009/12/24 05:44:47 | 00,000,000 | ---D | C]
xmldm -> C:\WINDOWS\System32\xmldm -> [2009/12/24 05:42:44 | 00,000,000 | ---D | C]
_OTS -> C:\_OTS -> [2009/12/24 05:40:46 | 00,000,000 | ---D | C]
nsysw.dat -> C:\WINDOWS\System32\nsysw.dat -> [2009/12/24 04:29:43 | 00,670,208 | ---- | C] (Microsoft Corporation)
AcroIEHelpe.dll -> C:\WINDOWS\System32\AcroIEHelpe.dll -> [2009/12/24 04:29:34 | 00,191,768 | ---- | C] (Adobe Systems, Incorporated)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/22 06:59:40 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Eric\Application Data\Malwarebytes -> [2009/12/22 06:56:22 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/22 06:56:14 | 00,000,000 | ---D | C]
computer fix -> C:\Documents and Settings\Eric\Desktop\computer fix -> [2009/12/22 06:48:07 | 00,000,000 | ---D | C]
PCToolsFirewallPlus -> C:\Documents and Settings\Eric\Application Data\PCToolsFirewallPlus -> [2009/12/20 08:16:51 | 00,000,000 | ---D | C]
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/12/20 08:15:31 | 00,207,792 | ---- | C] (PC Tools)
PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/12/20 08:15:31 | 00,088,040 | ---- | C] (PC Tools)
pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/12/20 08:15:29 | 00,233,136 | ---- | C] (PC Tools)
pctNdis-PacketFilter.sys -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys -> [2009/12/20 08:15:08 | 00,070,408 | ---- | C] (PC Tools)
pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/12/20 08:15:08 | 00,056,512 | ---- | C] (PC Tools)
pctNdis-DNS.sys -> C:\WINDOWS\System32\drivers\pctNdis-DNS.sys -> [2009/12/20 08:15:08 | 00,032,552 | ---- | C] (PC Tools)
PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/12/20 08:15:08 | 00,000,000 | ---D | C]
pctplfw.sys -> C:\WINDOWS\System32\drivers\pctplfw.sys -> [2009/12/20 08:15:05 | 00,115,216 | ---- | C] (PC Tools)
PC Tools Firewall Plus -> C:\Program Files\PC Tools Firewall Plus -> [2009/12/20 08:15:03 | 00,000,000 | ---D | C]
AdobeUM -> C:\Documents and Settings\LocalService\Application Data\AdobeUM -> [2009/12/14 20:28:17 | 00,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2009/12/14 20:28:17 | 00,000,000 | ---D | M]
MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2009/12/14 03:02:47 | 00,000,000 | ---D | C]
PIF -> C:\WINDOWS\PIF -> [2009/12/13 10:54:39 | 00,000,000 | -H-D | C]
.clamwin -> C:\Documents and Settings\Eric\Application Data\.clamwin -> [2009/12/11 23:42:17 | 00,000,000 | ---D | C]
.clamwin -> C:\Documents and Settings\All Users\.clamwin -> [2009/12/11 23:41:39 | 00,000,000 | ---D | C]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/12/11 15:30:36 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/12/11 15:27:04 | 00,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/12/04 22:20:57 | 00,000,000 | ---D | M]
HPAppData -> C:\Documents and Settings\Eric\Application Data\HPAppData -> [2009/12/04 16:06:23 | 00,000,000 | ---D | C]
WEBREG -> C:\Documents and Settings\All Users\Application Data\WEBREG -> [2009/12/04 09:18:29 | 00,000,000 | ---D | C]
HPZipr12.sys -> C:\WINDOWS\System32\drivers\HPZipr12.sys -> [2009/12/04 09:17:00 | 00,016,496 | R--- | C] (HP)
HPZid412.sys -> C:\WINDOWS\System32\drivers\HPZid412.sys -> [2009/12/04 09:16:58 | 00,049,920 | R--- | C] (HP)
hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2009/12/04 09:16:33 | 00,452,408 | R--- | C] (Hewlett-Packard)
hpf3l70v.dll -> C:\WINDOWS\System32\hpf3l70v.dll -> [2009/12/04 09:16:33 | 00,123,904 | ---- | C] (Hewlett-Packard Company)
HPZius12.sys -> C:\WINDOWS\System32\drivers\HPZius12.sys -> [2009/12/04 09:16:24 | 00,021,568 | R--- | C] (HP)
hposwia_d02c.dll -> C:\WINDOWS\System32\hposwia_d02c.dll -> [2009/12/04 09:16:07 | 00,712,704 | R--- | C] (Hewlett-Packard)
hpost_d02c.dll -> C:\WINDOWS\System32\hpost_d02c.dll -> [2009/12/04 09:16:07 | 00,589,824 | R--- | C] (Hewlett-Packard Co.)
hppldcoi.dll -> C:\WINDOWS\System32\hppldcoi.dll -> [2009/12/04 09:16:07 | 00,372,736 | R--- | C] (Hewlett-Packard)
hposc_d02a.dll -> C:\WINDOWS\System32\hposc_d02a.dll -> [2009/12/04 09:16:07 | 00,315,392 | R--- | C] (Hewlett-Packard Co.)
difxapi.dll -> C:\WINDOWS\System32\difxapi.dll -> [2009/12/04 09:16:07 | 00,309,760 | R--- | C] (Microsoft Corporation)
HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2009/12/04 09:13:17 | 00,000,000 | ---D | C]
HP -> C:\Program Files\Common Files\HP -> [2009/12/04 09:11:53 | 00,000,000 | ---D | C]
Hewlett-Packard -> C:\Program Files\Common Files\Hewlett-Packard -> [2009/12/04 09:11:25 | 00,000,000 | ---D | C]
HP -> C:\Documents and Settings\All Users\Application Data\HP -> [2009/12/04 09:11:10 | 00,000,000 | ---D | C]
HP -> C:\Program Files\HP -> [2009/12/04 09:10:05 | 00,000,000 | ---D | C]
usbscan.sys -> C:\WINDOWS\System32\dllcache\usbscan.sys -> [2009/12/04 08:48:27 | 00,015,104 | ---- | C] (Microsoft Corporation)
usbprint.sys -> C:\WINDOWS\System32\dllcache\usbprint.sys -> [2009/12/04 08:48:24 | 00,025,856 | ---- | C] (Microsoft Corporation)
pss -> C:\WINDOWS\pss -> [2009/12/02 14:33:53 | 00,000,000 | ---D | C]
UAs -> C:\WINDOWS\System32\UAs -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2009/11/29 01:14:34 | 00,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2009/11/29 00:24:21 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/29 00:04:44 | 00,000,000 | ---D | M]
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | C] (Microsoft Corporation)
olsysk.dat -> C:\WINDOWS\System32\olsysk.dat -> [2009/11/28 01:23:16 | 00,986,112 | ---- | C] (Microsoft Corporation)
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/11/28 01:23:16 | 00,670,208 | ---- | C] (Microsoft Corporation)
olsysw.dat -> C:\WINDOWS\System32\olsysw.dat -> [2009/11/28 01:23:16 | 00,662,016 | ---- | C] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/11/28 01:23:16 | 00,021,504 | ---- | C] (Microsoft Corporation)
olsysp.dat -> C:\WINDOWS\System32\olsysp.dat -> [2009/11/28 01:23:16 | 00,017,408 | ---- | C] (Microsoft Corporation)
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | ---D | M]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files/Folders - Modified Within 30 Days]
dufubuga -> C:\WINDOWS\System32\dufubuga -> [2009/12/26 07:39:39 | 00,011,168 | -H-- | M] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/12/26 07:38:00 | 05,505,024 | ---- | M] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/26 07:11:39 | 00,000,000 | ---- | M] ()
AVR10.exe -> C:\WINDOWS\System32\AVR10.exe -> [2009/12/26 07:11:39 | 00,000,000 | ---- | M] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/26 07:11:39 | 00,000,000 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/26 07:10:49 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/26 07:10:43 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/26 07:10:41 | 13,333,17632 | -HS- | M] ()
ntuser.ini -> C:\Documents and Settings\Eric\ntuser.ini -> [2009/12/26 07:08:58 | 00,000,178 | -HS- | M] ()
wushskrw.job -> C:\WINDOWS\tasks\wushskrw.job -> [2009/12/26 07:00:00 | 00,000,296 | ---- | M] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/26 06:48:11 | 00,000,029 | ---- | M] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/12/26 06:46:58 | 00,025,600 | ---- | M] ()
pufikere.dll -> C:\WINDOWS\System32\pufikere.dll -> [2009/12/26 05:19:07 | 00,024,225 | -HS- | M] ()
rurirovi.dll -> C:\WINDOWS\System32\rurirovi.dll -> [2009/12/26 05:19:07 | 00,017,426 | -HS- | M] ()
critical_warning.html -> C:\WINDOWS\System32\critical_warning.html -> [2009/12/26 04:42:16 | 00,002,854 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/12/26 04:16:39 | 00,000,658 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/12/26 04:16:39 | 00,000,227 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/12/26 04:16:39 | 00,000,211 | RHS- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/25 18:38:37 | 00,001,158 | ---- | M] ()
uwlwfa.exe -> C:\uwlwfa.exe -> [2009/12/24 05:55:02 | 00,052,736 | ---- | M] ()
srwq.exe -> C:\srwq.exe -> [2009/12/24 05:54:47 | 00,155,648 | ---- | M] (Microsoft Corporation)
msaouahn.dll -> C:\WINDOWS\System32\msaouahn.dll -> [2009/12/24 05:54:37 | 00,032,768 | ---- | M] (USA)
haypsixd.exe -> C:\haypsixd.exe -> [2009/12/24 05:54:36 | 00,050,688 | ---- | M] ()
ezdr3.dll -> C:\WINDOWS\System32\ezdr3.dll -> [2009/12/24 05:54:19 | 00,015,000 | ---- | M] ()
waxfhosk.exe -> C:\waxfhosk.exe -> [2009/12/24 05:54:05 | 00,031,232 | ---- | M] (EaGgfFYBq)
tuwatoba.exe -> C:\WINDOWS\System32\tuwatoba.exe -> [2009/12/24 04:29:50 | 00,002,098 | -HS- | M] ()
ragutali.dll -> C:\WINDOWS\System32\ragutali.dll -> [2009/12/24 04:29:50 | 00,002,098 | -HS- | M] ()
kernel32.dll -> C:\WINDOWS\System32\dllcache\kernel32.dll -> [2009/12/24 04:29:43 | 00,994,304 | ---- | M] (Microsoft Corporation)
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2009/12/24 04:29:43 | 00,670,208 | ---- | M] (Microsoft Corporation)
nsysw.dat -> C:\WINDOWS\System32\nsysw.dat -> [2009/12/24 04:29:43 | 00,670,208 | ---- | M] (Microsoft Corporation)
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2009/12/24 04:29:43 | 00,027,136 | -HS- | M] (Microsoft)
wincode.res -> C:\WINDOWS\System32\wincode.res -> [2009/12/24 04:29:43 | 00,023,920 | ---- | M] ()
powrprof.dll -> C:\WINDOWS\System32\powrprof.dll -> [2009/12/24 04:29:43 | 00,021,504 | ---- | M] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/12/24 04:29:43 | 00,021,504 | ---- | M] (Microsoft Corporation)
krnkode.res -> C:\WINDOWS\System32\krnkode.res -> [2009/12/24 04:29:43 | 00,006,474 | ---- | M] ()
pwrcode.res -> C:\WINDOWS\System32\pwrcode.res -> [2009/12/24 04:29:43 | 00,001,617 | ---- | M] ()
AcroIEHelpe.dll -> C:\WINDOWS\System32\AcroIEHelpe.dll -> [2009/12/24 04:29:34 | 00,191,768 | ---- | M] (Adobe Systems, Incorporated)
hosms -> C:\WINDOWS\System32\drivers\etc\hosms -> [2009/12/24 04:29:09 | 00,000,767 | ---- | M] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | M] ()
IconCache.db -> C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db -> [2009/12/18 17:07:10 | 03,285,992 | -H-- | M] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | M] ()
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft Corporation)
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/14 05:19:51 | 00,355,944 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/14 05:19:51 | 00,311,604 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/14 05:19:51 | 00,039,992 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/14 03:43:50 | 00,001,393 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/12/12 11:25:48 | 00,000,049 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/12/10 12:12:08 | 00,040,952 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/08 18:25:03 | 00,153,176 | ---- | M] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:18:17 | 00,160,881 | ---- | M] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 | 00,001,018 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | M] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | M] ()
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
dnsapi.dll -> C:\WINDOWS\System32\dllcache\dnsapi.dll -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

blackdra
2009-12-26, 15:49
part 2

[Files - No Company Name]
pufikere.dll -> C:\WINDOWS\System32\pufikere.dll -> [2009/12/26 05:19:07 | 00,024,225 | -HS- | C] ()
rurirovi.dll -> C:\WINDOWS\System32\rurirovi.dll -> [2009/12/26 05:19:07 | 00,017,426 | -HS- | C] ()
wushskrw.job -> C:\WINDOWS\tasks\wushskrw.job -> [2009/12/26 05:18:50 | 00,000,296 | ---- | C] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/26 05:17:31 | 00,000,000 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/24 15:08:10 | 13,333,17632 | -HS- | C] ()
AVR10.exe -> C:\WINDOWS\System32\AVR10.exe -> [2009/12/24 05:56:50 | 00,000,000 | ---- | C] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/24 05:56:40 | 00,000,000 | ---- | C] ()
uwlwfa.exe -> C:\uwlwfa.exe -> [2009/12/24 05:54:50 | 00,052,736 | ---- | C] ()
haypsixd.exe -> C:\haypsixd.exe -> [2009/12/24 05:54:22 | 00,050,688 | ---- | C] ()
ezdr3.dll -> C:\WINDOWS\System32\ezdr3.dll -> [2009/12/24 05:54:19 | 00,015,000 | ---- | C] ()
critical_warning.html -> C:\WINDOWS\System32\critical_warning.html -> [2009/12/24 05:54:09 | 00,002,854 | ---- | C] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/12/24 05:49:41 | 00,025,600 | ---- | C] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/24 05:49:32 | 00,000,029 | ---- | C] ()
tuwatoba.exe -> C:\WINDOWS\System32\tuwatoba.exe -> [2009/12/24 04:29:50 | 00,002,098 | -HS- | C] ()
ragutali.dll -> C:\WINDOWS\System32\ragutali.dll -> [2009/12/24 04:29:50 | 00,002,098 | -HS- | C] ()
wincode.res -> C:\WINDOWS\System32\wincode.res -> [2009/12/24 04:29:43 | 00,023,920 | ---- | C] ()
krnkode.res -> C:\WINDOWS\System32\krnkode.res -> [2009/12/24 04:29:43 | 00,006,474 | ---- | C] ()
pwrcode.res -> C:\WINDOWS\System32\pwrcode.res -> [2009/12/24 04:29:43 | 00,001,617 | ---- | C] ()
PCTAppEvent.cat -> C:\WINDOWS\System32\drivers\PCTAppEvent.cat -> [2009/12/20 08:15:31 | 00,007,412 | ---- | C] ()
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/12/20 08:15:31 | 00,007,383 | ---- | C] ()
pctgntdi.cat -> C:\WINDOWS\System32\drivers\pctgntdi.cat -> [2009/12/20 08:15:29 | 00,007,387 | ---- | C] ()
pctNdis-PacketFilter.cat -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat -> [2009/12/20 08:15:08 | 00,007,435 | ---- | C] ()
pctNdis-DNS.cat -> C:\WINDOWS\System32\drivers\pctNdis-DNS.cat -> [2009/12/20 08:15:08 | 00,007,399 | ---- | C] ()
pctplfw.cat -> C:\WINDOWS\System32\drivers\pctplfw.cat -> [2009/12/20 08:15:05 | 00,007,383 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | C] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | C] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 | 00,001,018 | ---- | C] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:07:54 | 00,160,881 | ---- | C] ()
hpomdl44.dat -> C:\WINDOWS\hpomdl44.dat -> [2009/12/04 09:07:53 | 00,000,586 | ---- | C] ()
hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/12/04 08:45:19 | 00,001,043 | ---- | C] ()
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | C] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | C] ()
timinebe.dll -> C:\WINDOWS\System32\timinebe.dll -> [2009/09/26 05:16:59 | 00,045,568 | -HS- | C] ()
sehameyi.dll -> C:\WINDOWS\System32\sehameyi.dll -> [2009/09/26 05:16:37 | 00,039,424 | -HS- | C] ()
lidanufu.dll -> C:\WINDOWS\System32\lidanufu.dll -> [2009/09/26 05:16:36 | 00,061,440 | -HS- | C] ()
vuzofafu.dll -> C:\WINDOWS\System32\vuzofafu.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | C] ()
nefavega.dll -> C:\WINDOWS\System32\nefavega.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | C] ()
hidumule.dll -> C:\WINDOWS\System32\hidumule.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | C] ()
ALBUM.INI -> C:\WINDOWS\ALBUM.INI -> [2006/12/07 17:28:03 | 00,000,086 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2006/12/02 15:37:38 | 00,363,520 | ---- | C] ()
DC2110a.ini -> C:\WINDOWS\DC2110a.ini -> [2006/11/27 16:06:06 | 00,000,321 | R--- | C] ()
dcccp106.dll -> C:\WINDOWS\System32\dcccp106.dll -> [2006/11/27 16:06:05 | 00,061,440 | R--- | C] ()
cccp106.ini -> C:\WINDOWS\cccp106.ini -> [2006/11/27 16:06:05 | 00,015,542 | R--- | C] ()
vcccp106.dll -> C:\WINDOWS\System32\vcccp106.dll -> [2006/11/27 16:06:04 | 00,045,056 | R--- | C] ()
cccp106.sys -> C:\WINDOWS\System32\drivers\cccp106.sys -> [2006/11/27 16:06:03 | 00,227,200 | R--- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2006/11/11 22:01:59 | 00,000,029 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2006/11/11 20:13:22 | 00,000,049 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/11/11 16:31:39 | 00,000,002 | ---- | C] ()
DIV_IYUV.DLL -> C:\WINDOWS\DIV_IYUV.DLL -> [2006/11/11 16:27:34 | 00,032,768 | ---- | C] ()
JPGL.DLL -> C:\WINDOWS\JPGL.DLL -> [2006/11/11 16:27:33 | 00,036,864 | ---- | C] ()
videoimp.ini -> C:\WINDOWS\videoimp.ini -> [2006/11/11 16:26:37 | 00,000,746 | ---- | C] ()
vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/11/11 16:26:20 | 00,010,240 | ---- | C] ()
IECodecPlg.dll -> C:\WINDOWS\IECodecPlg.dll -> [2005/12/01 17:39:22 | 00,113,152 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2004/12/19 07:29:40 | 00,106,496 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2004/12/19 07:17:10 | 00,614,400 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/01/03 21:00:49 | 00,000,061 | ---- | C] ()
winamp.ini -> C:\WINDOWS\winamp.ini -> [2004/01/01 05:46:42 | 00,000,132 | ---- | C] ()
net2fone.ini -> C:\WINDOWS\net2fone.ini -> [2004/01/01 05:46:08 | 00,000,310 | ---- | C] ()
avrack.ini -> C:\WINDOWS\avrack.ini -> [2004/01/01 04:55:12 | 00,000,164 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/01/01 03:06:58 | 00,001,094 | ---- | C] ()
emver.ini -> C:\WINDOWS\System32\emver.ini -> [2004/01/01 03:06:58 | 00,000,467 | ---- | C] ()
Iasv32.dll -> C:\WINDOWS\System32\Iasv32.dll -> [2004/01/01 03:06:27 | 00,061,440 | ---- | C] ()
6to4v32.dll -> C:\WINDOWS\System32\6to4v32.dll -> [2004/01/01 03:06:27 | 00,061,440 | ---- | C] ()
winsts.sys -> C:\WINDOWS\System32\winsts.sys -> [2004/01/01 03:06:27 | 00,002,304 | ---- | C] ()
ndisdrv.sys -> C:\WINDOWS\System32\ndisdrv.sys -> [2004/01/01 03:06:27 | 00,002,304 | ---- | C] ()
FInstall.sys -> C:\WINDOWS\System32\FInstall.sys -> [2003/03/31 06:00:00 | 00,000,004 | ---- | C] ()
OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 12:42:56 | 00,237,568 | ---- | C] ()
VorbisEnc.dll -> C:\WINDOWS\System32\VorbisEnc.dll -> [2002/10/04 17:04:24 | 00,921,600 | ---- | C] ()
vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/10/04 17:04:24 | 00,188,416 | ---- | C] ()
ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/10/04 17:04:16 | 00,045,056 | ---- | C] ()
mp4fil32.dll -> C:\WINDOWS\System32\mp4fil32.dll -> [2002/05/15 17:38:40 | 00,091,136 | ---- | C] ()


[Alternate Data Streams]
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 2956 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >
[/code]

peku006
2009-12-26, 16:16
Hi blackdra

Start OTS. Copy/Paste the information in the Code box below into the panel where it says Paste fix here and then click the Run Fix button.


[Win32 Services - Safe List]
YY -> (6to4) Network Security [Auto | Running] -> C:\WINDOWS\system32\6to4v32.dll
[Driver Services - Safe List]
YY -> (winsts) winsts [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\winsts.sys
YY -> (ndisdrv) ndisdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\ndisdrv.sys
[Registry - Safe List]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "asg984jgkfmgasi8ug98jgkfgfb" -> C:\WINDOWS\TEMP\smss.exe [C:\WINDOWS\TEMP\smss.exe]
YN -> "ygua8e7yhuiesfha876yfauy8fe" -> C:\WINDOWS\TEMP\vvhhaul1od.exe [C:\WINDOWS\TEMP\vvhhaul1od.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "asg984jgkfmgasi8ug98jgkfgfb" -> C:\WINDOWS\TEMP\smss.exe [C:\WINDOWS\TEMP\smss.exe]
YN -> "ygua8e7yhuiesfha876yfauy8fe" -> C:\WINDOWS\TEMP\vvhhaul1od.exe [C:\WINDOWS\TEMP\vvhhaul1od.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> c:\windows\system32\yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll
YN -> fepabavi.dll ->
YY -> vuzofafu.dll -> C:\WINDOWS\System32\vuzofafu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\winlogon86.exe -> C:\WINDOWS\system32\winlogon86.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> "{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\System32\yobiseha.dll [mujuzedij]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\InternetSecurity2010\IS2010.exe" -> C:\Program Files\InternetSecurity2010\IS2010.exe [C:\Program Files\InternetSecurity2010\IS2010.exe:*:Enabled:is2010]
[Files/Folders - Created Within 30 Days]
NY -> msaouahn.dll -> C:\WINDOWS\System32\msaouahn.dll
NY -> winupdate86.exe -> C:\WINDOWS\System32\winupdate86.exe
NY -> winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe
NY -> waxfhosk.exe -> C:\waxfhosk.exe
NY -> cock -> C:\WINDOWS\System32\cock
NY -> nsysd.ini -> C:\WINDOWS\System32\nsysd.ini
NY -> olsysk.dat -> C:\WINDOWS\System32\olsysk.dat
NY -> nsysw.ini -> C:\WINDOWS\System32\nsysw.ini
NY -> olsysw.dat -> C:\WINDOWS\System32\olsysw.dat
NY -> nsysp.ini -> C:\WINDOWS\System32\nsysp.ini
NY -> olsysp.dat -> C:\WINDOWS\System32\olsysp.dat
[Files/Folders - Modified Within 30 Days]
NY -> dufubuga -> C:\WINDOWS\System32\dufubuga
NY -> winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll
NY -> AVR10.exe -> C:\WINDOWS\System32\AVR10.exe
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> wushskrw.job -> C:\WINDOWS\tasks\wushskrw.job
NY -> tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll
NY -> pufikere.dll -> C:\WINDOWS\System32\pufikere.dll
NY -> rurirovi.dll -> C:\WINDOWS\System32\rurirovi.dll
NY -> uwlwfa.exe -> C:\uwlwfa.exe
NY -> msaouahn.dll -> C:\WINDOWS\System32\msaouahn.dll
NY -> haypsixd.exe -> C:\haypsixd.exe
NY -> ezdr3.dll -> C:\WINDOWS\System32\ezdr3.dll
NY -> waxfhosk.exe -> C:\waxfhosk.exe
NY -> tuwatoba.exe -> C:\WINDOWS\System32\tuwatoba.exe
NY -> ragutali.dll -> C:\WINDOWS\System32\ragutali.dll
NY -> wincode.res -> C:\WINDOWS\System32\wincode.res
NY -> krnkode.res -> C:\WINDOWS\System32\krnkode.res
NY -> pwrcode.res -> C:\WINDOWS\System32\pwrcode.res
[Files - No Company Name]
NY -> pufikere.dll -> C:\WINDOWS\System32\pufikere.dll
NY -> rurirovi.dll -> C:\WINDOWS\System32\rurirovi.dll
NY -> wushskrw.job -> C:\WINDOWS\tasks\wushskrw.job
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> AVR10.exe -> C:\WINDOWS\System32\AVR10.exe
NY -> winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll
NY -> uwlwfa.exe -> C:\uwlwfa.exe
NY -> haypsixd.exe -> C:\haypsixd.exe
NY -> ezdr3.dll -> C:\WINDOWS\System32\ezdr3.dll
NY -> tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll
NY -> urhtps.dat -> C:\WINDOWS\System32\urhtps.dat
NY -> tuwatoba.exe -> C:\WINDOWS\System32\tuwatoba.exe
NY -> ragutali.dll -> C:\WINDOWS\System32\ragutali.dll
NY -> wincode.res -> C:\WINDOWS\System32\wincode.res
NY -> krnkode.res -> C:\WINDOWS\System32\krnkode.res
NY -> pwrcode.res -> C:\WINDOWS\System32\pwrcode.res
NY -> user.cfg -> C:\WINDOWS\System32\user.cfg
NY -> timinebe.dll -> C:\WINDOWS\System32\timinebe.dll
NY -> sehameyi.dll -> C:\WINDOWS\System32\sehameyi.dll
NY -> lidanufu.dll -> C:\WINDOWS\System32\lidanufu.dll
NY -> vuzofafu.dll -> C:\WINDOWS\System32\vuzofafu.dll
NY -> nefavega.dll -> C:\WINDOWS\System32\nefavega.dll
NY -> hidumule.dll -> C:\WINDOWS\System32\hidumule.dll
NY -> psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll
NY -> DC2110a.ini -> C:\WINDOWS\DC2110a.ini
NY -> atid.ini -> C:\WINDOWS\atid.ini

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here.

peku006

blackdra
2009-12-26, 16:18
wow did y ou type all that out?

blackdra
2009-12-26, 16:24
[Win32 Services - Safe List]
Service 6to4 stopped successfully!
Service 6to4 deleted successfully!
C:\WINDOWS\system32\6to4v32.dll moved successfully.
[Driver Services - Safe List]
Service winsts stopped successfully!
Service winsts deleted successfully!
C:\WINDOWS\system32\winsts.sys moved successfully.
Service ndisdrv stopped successfully!
Service ndisdrv deleted successfully!
C:\WINDOWS\system32\ndisdrv.sys moved successfully.
[Registry - Safe List]
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ygua8e7yhuiesfha876yfauy8fe deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ygua8e7yhuiesfha876yfauy8fe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yobiseha.dll deleted successfully.
File C:\WINDOWS\System32\yobiseha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:fepabavi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:vuzofafu.dll deleted successfully.
C:\WINDOWS\System32\vuzofafu.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\winlogon86.exe deleted successfully.
C:\WINDOWS\system32\winlogon86.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3c80fcc8-b88d-4740-bcec-d2d122abcbe9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\InternetSecurity2010\IS2010.exe deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\msaouahn.dll moved successfully.
C:\WINDOWS\System32\winupdate86.exe moved successfully.
File C:\WINDOWS\System32\winlogon86.exe not found!
C:\waxfhosk.exe moved successfully.
C:\WINDOWS\System32\cock folder moved successfully.
C:\WINDOWS\System32\nsysd.ini moved successfully.
C:\WINDOWS\System32\olsysk.dat moved successfully.
C:\WINDOWS\System32\nsysw.ini moved successfully.
C:\WINDOWS\System32\olsysw.dat moved successfully.
C:\WINDOWS\System32\nsysp.ini moved successfully.
C:\WINDOWS\System32\olsysp.dat moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\System32\dufubuga moved successfully.
C:\WINDOWS\System32\winhelper86.dll moved successfully.
C:\WINDOWS\System32\AVR10.exe moved successfully.
C:\WINDOWS\System32\41.exe moved successfully.
C:\WINDOWS\tasks\wushskrw.job moved successfully.
C:\WINDOWS\System32\tdlcmd.dll moved successfully.
C:\WINDOWS\System32\pufikere.dll moved successfully.
C:\WINDOWS\System32\rurirovi.dll moved successfully.
C:\uwlwfa.exe moved successfully.
File C:\WINDOWS\System32\msaouahn.dll not found!
C:\haypsixd.exe moved successfully.
C:\WINDOWS\System32\ezdr3.dll moved successfully.
File C:\waxfhosk.exe not found!
C:\WINDOWS\System32\tuwatoba.exe moved successfully.
C:\WINDOWS\System32\ragutali.dll moved successfully.
C:\WINDOWS\System32\wincode.res moved successfully.
C:\WINDOWS\System32\krnkode.res moved successfully.
C:\WINDOWS\System32\pwrcode.res moved successfully.
[Files - No Company Name]
File C:\WINDOWS\System32\pufikere.dll not found!
File C:\WINDOWS\System32\rurirovi.dll not found!
File C:\WINDOWS\tasks\wushskrw.job not found!
File C:\WINDOWS\System32\41.exe not found!
File C:\WINDOWS\System32\AVR10.exe not found!
File C:\WINDOWS\System32\winhelper86.dll not found!
File C:\uwlwfa.exe not found!
File C:\haypsixd.exe not found!
File C:\WINDOWS\System32\ezdr3.dll not found!
File C:\WINDOWS\System32\tdlcmd.dll not found!
C:\WINDOWS\System32\urhtps.dat moved successfully.
File C:\WINDOWS\System32\tuwatoba.exe not found!
File C:\WINDOWS\System32\ragutali.dll not found!
File C:\WINDOWS\System32\wincode.res not found!
File C:\WINDOWS\System32\krnkode.res not found!
File C:\WINDOWS\System32\pwrcode.res not found!
C:\WINDOWS\System32\user.cfg moved successfully.
C:\WINDOWS\System32\timinebe.dll moved successfully.
C:\WINDOWS\System32\sehameyi.dll moved successfully.
C:\WINDOWS\System32\lidanufu.dll moved successfully.
File C:\WINDOWS\System32\vuzofafu.dll not found!
C:\WINDOWS\System32\nefavega.dll moved successfully.
C:\WINDOWS\System32\hidumule.dll moved successfully.
C:\WINDOWS\System32\psisdecd.dll moved successfully.
C:\WINDOWS\DC2110a.ini moved successfully.
C:\WINDOWS\atid.ini moved successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.12.0 fix logfile created on 12262009_082227

peku006
2009-12-26, 16:59
Hi blackdra

wow did y ou type all that out?
of course, who else :D:
Let´s try combofix again.......
So please delete the old combofix and download the new.

Download Combofix from any of the links below but rename it to BLACKDRA before saving it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

==================================

Double click on the BLACKDRA ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

peku006

blackdra
2009-12-26, 21:48
woo hoo it ran this time .......... for about an hour ............. not including download time.........anyways heres the log very large



ComboFix 09-12-25.05 - Eric 12/26/2009 13:25:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.985 [GMT -6:00]
Running from: c:\documents and settings\Eric\Desktop\blackdra.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Start Menu\Internet Security 2010.lnk
c:\recycler\S-1-5-21-1285431163-2949483060-138999394-1003
c:\recycler\S-1-5-21-725345543-1604221776-2147019285-1003
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\EventSystem.log
c:\windows\IECOdecplg.dll
c:\windows\irc.txt
c:\windows\system32\AcroIEHelpe.dll
c:\windows\system32\bebutepo.exe
c:\windows\system32\certstore.dat
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\system32\critical_warning.html
c:\windows\system32\duyugesa.exe
c:\windows\system32\fanesazi.exe
c:\windows\system32\fezijepa.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\Iasv32.dll
c:\windows\system32\jabihoju.dll
c:\windows\system32\lufesoko.dll
c:\windows\system32\nezezaju.dll
c:\windows\system32\notepad.dll
c:\windows\system32\nsysw.dat
c:\windows\system32\nuwuzeku.exe
c:\windows\system32\schtml
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\word.doc
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\skynet.dat
c:\windows\system32\tdlcmd.dll
c:\windows\system32\UAs
c:\windows\system32\UAs\acad_UAs001.dat
c:\windows\system32\UAs\AcroRd32_UAs001.dat
c:\windows\system32\UAs\AcroRd32_UAs002.dat
c:\windows\system32\UAs\actionreplaycodemanager_UAs001.dat
c:\windows\system32\UAs\aim_UAs001.dat
c:\windows\system32\UAs\Bartshel_UAs001.dat
c:\windows\system32\UAs\cmd_UAs001.dat
c:\windows\system32\UAs\cmd_UAs002.dat
c:\windows\system32\UAs\cxu61118_UAs001.dat
c:\windows\system32\UAs\Explorer_UAs001.dat
c:\windows\system32\UAs\Explorer_UAs002.dat
c:\windows\system32\UAs\Explorer_UAs003.dat
c:\windows\system32\UAs\Explorer_UAs004.dat
c:\windows\system32\UAs\Explorer_UAs005.dat
c:\windows\system32\UAs\Explorer_UAs006.dat
c:\windows\system32\UAs\f5d9_UAs001.dat
c:\windows\system32\UAs\firefox_UAs001.dat
c:\windows\system32\UAs\firefox_UAs002.dat
c:\windows\system32\UAs\firefox_UAs003.dat
c:\windows\system32\UAs\firefox_UAs004.dat
c:\windows\system32\UAs\haypsixd_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs002.dat
c:\windows\system32\UAs\iexplore_UAs003.dat
c:\windows\system32\UAs\iexplore_UAs004.dat
c:\windows\system32\UAs\leopehgqqd78o_UAs001.dat
c:\windows\system32\UAs\leopehgqqd78o_UAs002.dat
c:\windows\system32\UAs\logonui_UAs001.dat
c:\windows\system32\UAs\lsm32_UAs001.dat
c:\windows\system32\UAs\msksur_UAs001.dat
c:\windows\system32\UAs\msnmsgr_UAs001.dat
c:\windows\system32\UAs\muiq_UAs001.dat
c:\windows\system32\UAs\nbhfy_UAs001.dat
c:\windows\system32\UAs\ndgkqs_UAs001.dat
c:\windows\system32\UAs\nmjhv_UAs001.dat
c:\windows\system32\UAs\pctbdupdate_UAs001.dat
c:\windows\system32\UAs\pureplaypoker_UAs001.dat
c:\windows\system32\UAs\siuhb_UAs001.dat
c:\windows\system32\UAs\smss_UAs001.dat
c:\windows\system32\UAs\spoolsv_UAs001.dat
c:\windows\system32\UAs\spoolsv_UAs002.dat
c:\windows\system32\UAs\spoolsv_UAs003.dat
c:\windows\system32\UAs\spybotsd162_UAs001.dat
c:\windows\system32\UAs\spyhunter-installer_UAs001.dat
c:\windows\system32\UAs\spyhunter3_UAs001.dat
c:\windows\system32\UAs\spyhunter3_UAs002.dat
c:\windows\system32\UAs\svchost_UAs001.dat
c:\windows\system32\UAs\svchost_UAs002.dat
c:\windows\system32\UAs\svchost_UAs003.dat
c:\windows\system32\UAs\svchost_UAs004.dat
c:\windows\system32\UAs\svchost_UAs005.dat
c:\windows\system32\UAs\system321lkdoiuekrewr_UAs001.dat
c:\windows\system32\UAs\system321lkdoiuekrewr_UAs002.dat
c:\windows\system32\UAs\user_UAs001.dat
c:\windows\system32\UAs\user_UAs002.dat
c:\windows\system32\UAs\viewmgr_UAs001.dat
c:\windows\system32\UAs\vvhhaul1od_UAs001.dat
c:\windows\system32\UAs\winamp_UAs001.dat
c:\windows\system32\UAs\winlogon_UAs001.dat
c:\windows\system32\UAs\winupdate86_UAs001.dat
c:\windows\system32\UAs\wmdtc_UAs001.dat
c:\windows\system32\UAs\xprp_UAs001.dat

----- BITS: Possible infected sites -----

hxxp://82.98.231.102
hxxp://77.74.48.116
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
c:\windows\system32\powrprof.dll . . . is infected!!

c:\windows\system32\wininet.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSRV
-------\Legacy_FASTNETSRV
-------\Legacy_TDIDIS32.SYS
-------\Service_BtwSrv
-------\Service_fastnetsrv
-------\Service_tdidis32.sys


((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-26 10:27 . 2009-12-26 10:27 -------- d-----w- C:\_OTM
2009-12-24 21:06 . 2009-12-24 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-24 13:49 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 13:49 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 11:54 . 2009-12-24 11:54 155648 ----a-w- C:\srwq.exe
2009-12-24 11:42 . 2009-12-24 13:11 -------- d-----w- c:\windows\system32\xmldm
2009-12-24 11:40 . 2009-12-24 11:40 -------- d-----w- C:\_OTS
2009-12-22 12:59 . 2009-12-24 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 12:56 . 2009-12-22 12:56 -------- d-----w- c:\documents and settings\Eric\Application Data\Malwarebytes
2009-12-22 12:56 . 2009-12-22 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-22 11:19 . 2009-12-22 11:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-21 00:48 . 2009-12-21 00:48 -------- d-----w- c:\documents and settings\Anne\Application Data\PCToolsFirewallPlus
2009-12-20 14:38 . 2009-12-20 14:38 -------- d-----w- c:\documents and settings\Janet\Application Data\PCToolsFirewallPlus
2009-12-20 14:16 . 2009-12-20 14:17 -------- d-----w- c:\documents and settings\Eric\Application Data\PCToolsFirewallPlus
2009-12-20 14:15 . 2009-11-23 19:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-20 14:15 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-20 14:15 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-20 14:15 . 2009-12-20 14:15 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-20 14:15 . 2009-11-24 14:54 56512 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-12-20 14:15 . 2009-11-10 23:11 70408 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-12-20 14:15 . 2009-08-14 19:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-12-20 14:15 . 2009-10-16 22:55 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-12-20 14:15 . 2009-12-22 11:25 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-12-15 02:28 . 2009-12-15 02:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-12-15 02:28 . 2009-12-15 02:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2009-12-14 09:02 . 2009-12-14 09:02 -------- d-----w- c:\program files\MSXML 4.0
2009-12-13 17:33 . 2009-12-13 17:33 -------- d-----w- c:\documents and settings\Janet\Application Data\.clamwin
2009-12-13 16:54 . 2009-12-13 16:54 -------- d--h--w- c:\windows\PIF
2009-12-12 18:32 . 2009-12-12 18:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Walgreens
2009-12-12 05:45 . 2009-12-12 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\.clamwin
2009-12-12 05:42 . 2009-12-12 05:42 -------- d-----w- c:\documents and settings\Eric\Application Data\.clamwin
2009-12-12 05:41 . 2009-12-19 23:34 -------- d-----w- c:\documents and settings\All Users\.clamwin
2009-12-11 23:23 . 2009-12-11 23:23 -------- d-----w- c:\documents and settings\Anne\Local Settings\Application Data\Threat Expert
2009-12-11 21:30 . 2009-12-26 19:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-11 21:28 . 2009-12-14 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-11 21:28 . 2009-12-12 01:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-11 21:27 . 2009-12-11 21:27 -------- d-----w- c:\program files\Trend Micro
2009-12-10 14:49 . 2009-12-10 14:49 40952 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 22:06 . 2009-12-26 18:44 -------- d-----w- c:\documents and settings\Eric\Application Data\HPAppData
2009-12-04 18:15 . 2009-12-24 01:58 -------- d-----w- c:\documents and settings\Janet\Application Data\HPAppData
2009-12-04 15:25 . 2009-12-23 04:15 -------- d-----w- c:\documents and settings\Anne\Application Data\HPAppData
2009-12-04 15:18 . 2009-12-04 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-12-04 15:17 . 2009-12-04 15:18 -------- d-----w- c:\documents and settings\Anne\Application Data\HP
2009-12-04 15:17 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-12-04 15:16 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-12-04 15:16 . 2009-04-16 20:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2009-12-04 15:16 . 2009-04-16 20:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2009-12-04 15:16 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2009-12-04 15:16 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-12-04 15:16 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2009-12-04 15:16 . 2009-02-10 20:03 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2009-12-04 15:16 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2009-12-04 15:16 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-12-04 15:16 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-12-04 15:13 . 2009-12-04 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-04 15:11 . 2009-12-04 15:11 -------- d-----w- c:\program files\Common Files\HP
2009-12-04 15:11 . 2009-12-04 15:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-12-04 15:11 . 2009-12-04 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-04 15:10 . 2009-12-04 15:14 -------- d-----w- c:\program files\HP
2009-12-04 15:07 . 2009-12-04 15:18 160881 ----a-w- c:\windows\hpoins44.dat
2009-12-04 15:07 . 2009-06-11 09:30 586 ------w- c:\windows\hpomdl44.dat
2009-12-04 14:48 . 2004-08-04 04:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-04 14:48 . 2004-08-04 04:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-04 14:48 . 2004-08-04 05:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-04 14:48 . 2004-08-04 05:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 14:27 . 2009-12-26 14:27 0 ---ha-w- c:\windows\system32\BITE.tmp
2009-12-26 14:27 . 2009-12-26 14:27 0 ---ha-w- c:\windows\system32\BITC.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BITA.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BIT9.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BIT6.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BIT5.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BIT4.tmp
2009-12-26 12:57 . 2007-10-09 14:10 -------- d-----w- c:\documents and settings\Eric\Application Data\.purple
2009-12-26 10:45 . 2009-12-26 10:45 112 ----a-w- c:\windows\system32\srvblck2.tmp
2009-12-24 10:29 . 2006-06-23 17:33 670208 ----a-w- c:\windows\system32\wininet.dll
2009-12-24 10:29 . 2004-01-01 09:06 21504 ----a-w- c:\windows\system32\powrprof.dll
2009-12-24 10:29 . 2004-01-01 09:06 27136 --sha-w- c:\windows\system32\config\systemprofile\ntload.dll
2009-12-23 10:39 . 2006-11-12 02:30 -------- d-----w- c:\program files\LimeWire
2009-12-22 05:28 . 2007-10-09 00:58 -------- d-----w- c:\documents and settings\Anne\Application Data\.purple
2009-12-21 12:45 . 2009-12-21 12:45 2157 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-17 13:35 . 2007-10-12 22:41 -------- d-----w- c:\documents and settings\Eric\Application Data\gtk-2.0
2009-12-17 11:10 . 2007-10-09 00:57 -------- d-----w- c:\program files\Pidgin
2009-12-15 05:35 . 2006-11-24 02:56 -------- d-----w- c:\program files\PokerStars.NET
2009-12-15 05:33 . 2004-01-01 10:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-10 18:12 . 2007-11-24 19:39 40952 ----a-w- c:\documents and settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 16:59 . 2009-12-10 16:59 57856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\sp.DLL
2009-12-10 00:05 . 2006-11-11 22:23 -------- d-----w- c:\documents and settings\Anne\Application Data\AdobeUM
2009-12-06 04:09 . 2007-10-09 01:02 -------- d-----w- c:\documents and settings\Anne\Application Data\gtk-2.0
2009-12-04 15:21 . 2007-02-12 19:00 40952 ----a-w- c:\documents and settings\Anne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 14:39 . 2008-08-17 00:22 -------- d-----w- c:\documents and settings\Eric\Application Data\Skype
2009-11-30 14:38 . 2008-08-17 00:23 -------- d-----w- c:\documents and settings\Eric\Application Data\skypePM
2009-11-23 09:24 . 2009-11-23 09:24 2165 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-11-16 22:23 . 2006-11-17 20:15 -------- d-----w- c:\documents and settings\Eric\Application Data\LimeWire
2009-10-21 06:00 . 2007-11-24 18:52 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00 . 2007-11-24 18:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2007-11-24 18:52 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 09:41 . 2009-10-19 08:03 58 ----a-w- c:\windows\wp4.dat
2009-10-19 09:41 . 2009-10-19 08:03 3 ----a-w- c:\windows\wp3.dat
2009-10-13 10:53 . 2006-05-14 09:13 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-01-01 09:06 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54 . 2004-01-01 09:06 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-07 12:47 . 2009-10-07 12:47 2145 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-10-02 12:03 . 2009-10-02 12:03 2095 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-09-30 13:08 . 2009-09-30 13:08 1089 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\login.yahoo.com
2007-11-15 21:05 . 2007-12-13 22:06 89088 ----a-w- c:\program files\mozilla firefox\plugins\atl71.dll
2007-11-15 21:05 . 2007-12-13 22:06 53248 ----a-w- c:\program files\mozilla firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
2007-11-15 21:05 . 2007-12-13 22:06 499712 ----a-w- c:\program files\mozilla firefox\plugins\msvcp71.dll
2007-11-15 21:05 . 2007-12-13 22:06 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2007-11-15 21:05 . 2007-12-13 22:06 110592 ----a-w- c:\program files\mozilla firefox\plugins\v22_base.dll
2007-11-15 21:05 . 2007-12-13 22:06 114688 ----a-w- c:\program files\mozilla firefox\plugins\v22_compression.dll
2007-11-15 21:05 . 2007-12-13 22:06 106496 ----a-w- c:\program files\mozilla firefox\plugins\v22_connect.dll
2007-11-15 21:05 . 2007-12-13 22:06 229376 ----a-w- c:\program files\mozilla firefox\plugins\v22_update.dll
2007-11-15 21:05 . 2007-12-13 22:06 196608 ----a-w- c:\program files\mozilla firefox\plugins\v22_utility.dll
2007-11-15 21:05 . 2007-12-13 22:06 159744 ----a-w- c:\program files\mozilla firefox\plugins\v22_winapplib.dll
2009-09-26 11:16 . 2009-09-26 11:16 22016 --sha-w- c:\windows\system32\yosutihe.exe
.

------- Sigcheck -------

[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtUninstallKB917422_0$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP3GDR\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB974455$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\sp]
@="{96AFBE69-C3B0-4b00-8578-D933D2896EE2}"
[HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2}]
2009-12-10 16:59 57856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\sp.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-27 2971608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"notepad"="c:\windows\system32\config\SYSTEM~1\ntload.dll" [2009-12-24 27136]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric^Start Menu^Programs^Startup^scandisk.dll]
path=c:\documents and settings\Eric\Start Menu\Programs\Startup\scandisk.dll
backup=c:\windows\pss\scandisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric^Start Menu^Programs^Startup^scandisk.lnk]
path=c:\documents and settings\Eric\Start Menu\Programs\Startup\scandisk.lnk
backup=c:\windows\pss\scandisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
2005-06-13 19:55 20480 ------w- c:\program files\PeoplePC\ISP6100\Bin\PPCOLink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 06:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 04:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 04:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 04:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 04:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-01-01 11:53 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 10:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 23:18 135168 ----a-w- c:\program files\eMachines Bay Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fastnetsrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\aim\\aim.exe"=
"c:\\Program Files\\PurePlay\\Poker\\PurePlayPoker.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Anne\\My Documents\\silverchild_24\\VamPChaT\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\PeoplePC\\ISP6100\\Bin\\PPCOLink.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msconfig.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\PC Tools Firewall Plus\\FirewallGUI.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:blacksilver
"5576:TCP"= 5576:TCP:spport
"27679:TCP"= 27679:TCP:spport
"12778:TCP"= 12778:TCP:spport
"24727:TCP"= 24727:TCP:spport
"24081:TCP"= 24081:TCP:spport
"18799:TCP"= 18799:TCP:spport
"5586:TCP"= 5586:TCP:spport
"18914:TCP"= 18914:TCP:spport
"5645:TCP"= 5645:TCP:spport
"10850:TCP"= 10850:TCP:spport
"29694:TCP"= 29694:TCP:spport
"14876:TCP"= 14876:TCP:spport
"29596:TCP"= 29596:TCP:spport
"10317:TCP"= 10317:TCP:spport
"24501:TCP"= 24501:TCP:spport
"16950:TCP"= 16950:TCP:spport
"5736:TCP"= 5736:TCP:spport
"15492:TCP"= 15492:TCP:spport
"7112:TCP"= 7112:TCP:spport
"9548:TCP"= 9548:TCP:spport
"9001:TCP"= 9001:TCP:spport
"29261:TCP"= 29261:TCP:spport
"19990:TCP"= 19990:TCP:spport
"24336:TCP"= 24336:TCP:spport
"25100:TCP"= 25100:TCP:spport
"19537:TCP"= 19537:TCP:spport
"13204:TCP"= 13204:TCP:spport
"14253:TCP"= 14253:TCP:spport
"14613:TCP"= 14613:TCP:spport
"5461:TCP"= 5461:TCP:spport
"25794:TCP"= 25794:TCP:spport
"6490:TCP"= 6490:TCP:spport
"27557:TCP"= 27557:TCP:spport
"11116:TCP"= 11116:TCP:spport
"26056:TCP"= 26056:TCP:spport
"14385:TCP"= 14385:TCP:spport
"21012:TCP"= 21012:TCP:spport
"26860:TCP"= 26860:TCP:spport
"8290:TCP"= 8290:TCP:spport
"13443:TCP"= 13443:TCP:spport
"10961:TCP"= 10961:TCP:spport
"28647:TCP"= 28647:TCP:spport
"24337:TCP"= 24337:TCP:spport
"25097:TCP"= 25097:TCP:spport
"21167:TCP"= 21167:TCP:spport
"10475:TCP"= 10475:TCP:spport
"5034:TCP"= 5034:TCP:spport
"22097:TCP"= 22097:TCP:spport
"17116:TCP"= 17116:TCP:spport

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/20/2009 8:15 AM 233136]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [12/20/2009 8:15 AM 88040]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [1/1/2004 3:06 AM 14336]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [12/20/2009 8:15 AM 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [12/20/2009 8:15 AM 70408]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [12/20/2009 8:15 AM 56512]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [12/20/2009 8:15 AM 115216]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [11/27/2006 4:06 PM 227200]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/24/2009 7:49 AM 38224]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2007 9:12 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
netsvc REG_MULTI_SZ SPService
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = localhost:8080
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yu-Gi-Oh! (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.ftp - proxy_sever
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy_sever
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy_sever
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy_sever
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy_sever
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPView22.dll
FF - plugin: c:\program files\SceneCaster\Version 3.11.16\NPSceneCaster.dll
FF - plugin: c:\program files\view22\version_4\NPView22.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
SSODL-rehirodup-{3c80fcc8-b88d-4740-bcec-d2d122abcbe9} - (no file)
MSConfigStartUp-ClamWin - i:\clamwin\bin\ClamTray.exe
MSConfigStartUp-iinjug - c:\windows\system32\msilojzb.dll
MSConfigStartUp-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
MSConfigStartUp-leopehgqqd78o - c:\windows\system32\leopehgqqd78o.exe
MSConfigStartUp-lokerususe - fepabavi.dll
MSConfigStartUp-mhjury - c:\windows\system32\msynldks.dll
MSConfigStartUp-nejepidof - c:\windows\system32\yobiseha.dll
MSConfigStartUp-notepad - c:\windows\system32\notepad.dll
MSConfigStartUp-tqammy - c:\windows\system32\msaouahn.dll
MSConfigStartUp-winupdate86 - c:\windows\system32\winupdate86.exe
AddRemove-ClamWin Free Antivirus_is1 - i:\clamwin\unins000.exe
AddRemove-pidgin-guifications - c:\program files\Pidgin\pidgin-guifications-uninst.exe
AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - i:\spybot - search & destroy\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 13:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3760)
c:\documents and settings\all users\application data\adobe\sp.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-26 13:42:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-26 19:42

Pre-Run: 98,400,841,728 bytes free
Post-Run: 98,379,812,864 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 5779B166C4765BC243FFB04BB82CA471

peku006
2009-12-27, 13:42
Hi blackdra

:bigthumb:

1 - Run CFScript

Open Notepad and copy/paste the text in the box into the window:


File::
C:\windows\system32\srvblck2.tmp

FCopy::
C:\windows\ServicePackFiles\i386\powrprof.dll | c:\windows\system32\powrprof.dll
C:\windows\ServicePackFiles\i386\wininet.dll| c:\windows\system32\wininet.dll

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"notepad"=-



Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006

blackdra
2009-12-27, 18:12
ComboFix 09-12-25.05 - Eric 12/27/2009 9:57.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.944 [GMT -6:00]
Running from: c:\documents and settings\Eric\Desktop\blackdra.exe
Command switches used :: c:\documents and settings\Eric\Desktop\cfscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\powrprof.dll . . . is infected!!

c:\windows\system32\wininet.dll . . . is infected!!

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\powrprof.dll --> c:\windows\system32\powrprof.dll
c:\windows\ServicePackFiles\i386\wininet.dll --> c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 15:57 . 2009-12-27 15:57 -------- d-----w- c:\windows\LastGood
2009-12-27 15:30 . 2008-05-02 16:41 3493888 ---ha-w- c:\documents and settings\Shawn\Application Data\U3\temp\Launchpad Removal.exe
2009-12-27 15:29 . 2004-08-04 06:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-12-27 15:29 . 2004-08-04 06:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-27 15:29 . 2009-12-27 15:30 -------- d-----w- c:\documents and settings\Shawn\Application Data\U3
2009-12-27 15:02 . 2009-12-27 15:03 -------- d-----w- c:\documents and settings\Shawn\Application Data\PCToolsFirewallPlus
2009-12-26 10:27 . 2009-12-26 10:27 -------- d-----w- C:\_OTM
2009-12-24 21:06 . 2009-12-24 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-24 13:49 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 13:49 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 11:54 . 2009-12-24 11:54 155648 ----a-w- C:\srwq.exe
2009-12-24 11:42 . 2009-12-24 13:11 -------- d-----w- c:\windows\system32\xmldm
2009-12-24 11:40 . 2009-12-24 11:40 -------- d-----w- C:\_OTS
2009-12-22 12:59 . 2009-12-24 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 12:56 . 2009-12-22 12:56 -------- d-----w- c:\documents and settings\Eric\Application Data\Malwarebytes
2009-12-22 12:56 . 2009-12-22 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-22 11:19 . 2009-12-22 11:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-21 12:45 . 2009-12-21 12:45 2157 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-21 00:48 . 2009-12-21 00:48 -------- d-----w- c:\documents and settings\Anne\Application Data\PCToolsFirewallPlus
2009-12-20 14:38 . 2009-12-20 14:38 -------- d-----w- c:\documents and settings\Janet\Application Data\PCToolsFirewallPlus
2009-12-20 14:16 . 2009-12-20 14:17 -------- d-----w- c:\documents and settings\Eric\Application Data\PCToolsFirewallPlus
2009-12-20 14:15 . 2009-11-23 19:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-20 14:15 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-20 14:15 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-20 14:15 . 2009-12-20 14:15 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-20 14:15 . 2009-11-24 14:54 56512 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-12-20 14:15 . 2009-11-10 23:11 70408 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-12-20 14:15 . 2009-08-14 19:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-12-20 14:15 . 2009-10-16 22:55 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-12-20 14:15 . 2009-12-22 11:25 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-12-15 02:28 . 2009-12-15 02:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-12-15 02:28 . 2009-12-15 02:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2009-12-14 09:02 . 2009-12-14 09:02 -------- d-----w- c:\program files\MSXML 4.0
2009-12-13 17:33 . 2009-12-13 17:33 -------- d-----w- c:\documents and settings\Janet\Application Data\.clamwin
2009-12-13 16:54 . 2009-12-13 16:54 -------- d--h--w- c:\windows\PIF
2009-12-12 18:32 . 2009-12-12 18:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Walgreens
2009-12-12 05:45 . 2009-12-12 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\.clamwin
2009-12-12 05:42 . 2009-12-12 05:42 -------- d-----w- c:\documents and settings\Eric\Application Data\.clamwin
2009-12-12 05:41 . 2009-12-19 23:34 -------- d-----w- c:\documents and settings\All Users\.clamwin
2009-12-11 23:23 . 2009-12-11 23:23 -------- d-----w- c:\documents and settings\Anne\Local Settings\Application Data\Threat Expert
2009-12-11 21:30 . 2009-12-27 15:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-11 21:28 . 2009-12-14 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-11 21:28 . 2009-12-12 01:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-11 21:27 . 2009-12-11 21:27 -------- d-----w- c:\program files\Trend Micro
2009-12-10 16:59 . 2009-12-10 16:59 57856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\sp.DLL
2009-12-10 14:49 . 2009-12-10 14:49 40952 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 22:06 . 2009-12-27 15:54 -------- d-----w- c:\documents and settings\Eric\Application Data\HPAppData
2009-12-04 18:15 . 2009-12-24 01:58 -------- d-----w- c:\documents and settings\Janet\Application Data\HPAppData
2009-12-04 15:25 . 2009-12-23 04:15 -------- d-----w- c:\documents and settings\Anne\Application Data\HPAppData
2009-12-04 15:18 . 2009-12-04 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-12-04 15:17 . 2009-12-04 15:18 -------- d-----w- c:\documents and settings\Anne\Application Data\HP
2009-12-04 15:17 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-12-04 15:16 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-12-04 15:16 . 2009-04-16 20:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2009-12-04 15:16 . 2009-04-16 20:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2009-12-04 15:16 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2009-12-04 15:16 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-12-04 15:16 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2009-12-04 15:16 . 2009-02-10 20:03 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2009-12-04 15:16 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2009-12-04 15:16 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-12-04 15:16 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-12-04 15:13 . 2009-12-04 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-04 15:11 . 2009-12-04 15:11 -------- d-----w- c:\program files\Common Files\HP
2009-12-04 15:11 . 2009-12-04 15:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-12-04 15:11 . 2009-12-04 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-04 15:10 . 2009-12-04 15:14 -------- d-----w- c:\program files\HP
2009-12-04 15:07 . 2009-12-04 15:18 160881 ----a-w- c:\windows\hpoins44.dat
2009-12-04 15:07 . 2009-06-11 09:30 586 ------w- c:\windows\hpomdl44.dat
2009-12-04 14:48 . 2004-08-04 04:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-04 14:48 . 2004-08-04 04:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-04 14:48 . 2004-08-04 05:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-04 14:48 . 2004-08-04 05:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 15:11 . 2007-12-15 06:23 40952 ----a-w- c:\documents and settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 06:25 . 2007-10-09 14:10 -------- d-----w- c:\documents and settings\Eric\Application Data\.purple
2009-12-26 14:27 . 2009-12-26 14:27 0 ---ha-w- c:\windows\system32\BITE.tmp
2009-12-26 14:27 . 2009-12-26 14:27 0 ---ha-w- c:\windows\system32\BITC.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BITA.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BIT9.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BIT6.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BIT5.tmp
2009-12-26 14:26 . 2009-12-26 14:26 0 ---ha-w- c:\windows\system32\BIT4.tmp
2009-12-26 10:45 . 2009-12-26 10:45 112 ----a-w- c:\windows\system32\srvblck2.tmp
2009-12-24 10:29 . 2006-06-23 17:33 670208 ----a-w- c:\windows\system32\wininet.dll
2009-12-24 10:29 . 2004-01-01 09:06 21504 ----a-w- c:\windows\system32\powrprof.dll
2009-12-24 10:29 . 2004-01-01 09:06 27136 --sha-w- c:\windows\system32\config\systemprofile\ntload.dll
2009-12-23 10:39 . 2006-11-12 02:30 -------- d-----w- c:\program files\LimeWire
2009-12-22 05:28 . 2007-10-09 00:58 -------- d-----w- c:\documents and settings\Anne\Application Data\.purple
2009-12-17 13:35 . 2007-10-12 22:41 -------- d-----w- c:\documents and settings\Eric\Application Data\gtk-2.0
2009-12-17 11:10 . 2007-10-09 00:57 -------- d-----w- c:\program files\Pidgin
2009-12-15 05:35 . 2006-11-24 02:56 -------- d-----w- c:\program files\PokerStars.NET
2009-12-15 05:33 . 2004-01-01 10:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-10 18:12 . 2007-11-24 19:39 40952 ----a-w- c:\documents and settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 00:05 . 2006-11-11 22:23 -------- d-----w- c:\documents and settings\Anne\Application Data\AdobeUM
2009-12-06 04:09 . 2007-10-09 01:02 -------- d-----w- c:\documents and settings\Anne\Application Data\gtk-2.0
2009-12-04 15:21 . 2007-02-12 19:00 40952 ----a-w- c:\documents and settings\Anne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 14:39 . 2008-08-17 00:22 -------- d-----w- c:\documents and settings\Eric\Application Data\Skype
2009-11-30 14:38 . 2008-08-17 00:23 -------- d-----w- c:\documents and settings\Eric\Application Data\skypePM
2009-11-23 09:24 . 2009-11-23 09:24 2165 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-11-16 22:23 . 2006-11-17 20:15 -------- d-----w- c:\documents and settings\Eric\Application Data\LimeWire
2009-10-21 06:00 . 2007-11-24 18:52 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00 . 2007-11-24 18:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2007-11-24 18:52 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 09:41 . 2009-10-19 08:03 58 ----a-w- c:\windows\wp4.dat
2009-10-19 09:41 . 2009-10-19 08:03 3 ----a-w- c:\windows\wp3.dat
2009-10-13 10:53 . 2006-05-14 09:13 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-01-01 09:06 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54 . 2004-01-01 09:06 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-07 12:47 . 2009-10-07 12:47 2145 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-10-02 12:03 . 2009-10-02 12:03 2095 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-09-30 13:08 . 2009-09-30 13:08 1089 ----a-w- c:\documents and settings\Eric\Application Data\.purple\certificates\x509\tls_peers\login.yahoo.com
2007-11-15 21:05 . 2007-12-13 22:06 89088 ----a-w- c:\program files\mozilla firefox\plugins\atl71.dll
2007-11-15 21:05 . 2007-12-13 22:06 53248 ----a-w- c:\program files\mozilla firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
2007-11-15 21:05 . 2007-12-13 22:06 499712 ----a-w- c:\program files\mozilla firefox\plugins\msvcp71.dll
2007-11-15 21:05 . 2007-12-13 22:06 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2007-11-15 21:05 . 2007-12-13 22:06 110592 ----a-w- c:\program files\mozilla firefox\plugins\v22_base.dll
2007-11-15 21:05 . 2007-12-13 22:06 114688 ----a-w- c:\program files\mozilla firefox\plugins\v22_compression.dll
2007-11-15 21:05 . 2007-12-13 22:06 106496 ----a-w- c:\program files\mozilla firefox\plugins\v22_connect.dll
2007-11-15 21:05 . 2007-12-13 22:06 229376 ----a-w- c:\program files\mozilla firefox\plugins\v22_update.dll
2007-11-15 21:05 . 2007-12-13 22:06 196608 ----a-w- c:\program files\mozilla firefox\plugins\v22_utility.dll
2007-11-15 21:05 . 2007-12-13 22:06 159744 ----a-w- c:\program files\mozilla firefox\plugins\v22_winapplib.dll
2009-09-26 11:16 . 2009-09-26 11:16 22016 --sha-w- c:\windows\system32\yosutihe.exe
.

------- Sigcheck -------

[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtUninstallKB917422_0$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-12-24 . 91CE9DE762E9F01E7AA39AD89CF00971 . 994304 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\LastGood\system32\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2009-12-24 . BAAC49924BFF74A9223C74FB1D37A461 . 21504 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP3GDR\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB974455$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2009-12-24 . C24783F6DDCB579BB4383970283C0965 . 670208 . . [6.00.2900.3627] . . c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\sp]
@="{96AFBE69-C3B0-4b00-8578-D933D2896EE2}"
[HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2}]
2009-12-10 16:59 57856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\sp.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-27 2971608]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric^Start Menu^Programs^Startup^scandisk.dll]
path=c:\documents and settings\Eric\Start Menu\Programs\Startup\scandisk.dll
backup=c:\windows\pss\scandisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric^Start Menu^Programs^Startup^scandisk.lnk]
path=c:\documents and settings\Eric\Start Menu\Programs\Startup\scandisk.lnk
backup=c:\windows\pss\scandisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
2005-06-13 19:55 20480 ------w- c:\program files\PeoplePC\ISP6100\Bin\PPCOLink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 06:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 04:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 04:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 04:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 04:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-01-01 11:53 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 10:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 23:18 135168 ----a-w- c:\program files\eMachines Bay Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fastnetsrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\aim\\aim.exe"=
"c:\\Program Files\\PurePlay\\Poker\\PurePlayPoker.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Anne\\My Documents\\silverchild_24\\VamPChaT\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\PeoplePC\\ISP6100\\Bin\\PPCOLink.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msconfig.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\PC Tools Firewall Plus\\FirewallGUI.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:blacksilver
"5576:TCP"= 5576:TCP:spport
"27679:TCP"= 27679:TCP:spport
"12778:TCP"= 12778:TCP:spport
"24727:TCP"= 24727:TCP:spport
"24081:TCP"= 24081:TCP:spport
"18799:TCP"= 18799:TCP:spport
"5586:TCP"= 5586:TCP:spport
"18914:TCP"= 18914:TCP:spport
"5645:TCP"= 5645:TCP:spport
"10850:TCP"= 10850:TCP:spport
"29694:TCP"= 29694:TCP:spport
"14876:TCP"= 14876:TCP:spport
"29596:TCP"= 29596:TCP:spport
"10317:TCP"= 10317:TCP:spport
"24501:TCP"= 24501:TCP:spport
"16950:TCP"= 16950:TCP:spport
"5736:TCP"= 5736:TCP:spport
"15492:TCP"= 15492:TCP:spport
"7112:TCP"= 7112:TCP:spport
"9548:TCP"= 9548:TCP:spport
"9001:TCP"= 9001:TCP:spport
"29261:TCP"= 29261:TCP:spport
"19990:TCP"= 19990:TCP:spport
"24336:TCP"= 24336:TCP:spport
"25100:TCP"= 25100:TCP:spport
"19537:TCP"= 19537:TCP:spport
"13204:TCP"= 13204:TCP:spport
"14253:TCP"= 14253:TCP:spport
"14613:TCP"= 14613:TCP:spport
"5461:TCP"= 5461:TCP:spport
"25794:TCP"= 25794:TCP:spport
"6490:TCP"= 6490:TCP:spport
"27557:TCP"= 27557:TCP:spport
"11116:TCP"= 11116:TCP:spport
"26056:TCP"= 26056:TCP:spport
"14385:TCP"= 14385:TCP:spport
"21012:TCP"= 21012:TCP:spport
"26860:TCP"= 26860:TCP:spport
"8290:TCP"= 8290:TCP:spport
"13443:TCP"= 13443:TCP:spport
"10961:TCP"= 10961:TCP:spport
"28647:TCP"= 28647:TCP:spport
"24337:TCP"= 24337:TCP:spport
"25097:TCP"= 25097:TCP:spport
"21167:TCP"= 21167:TCP:spport
"10475:TCP"= 10475:TCP:spport
"5034:TCP"= 5034:TCP:spport
"22097:TCP"= 22097:TCP:spport
"17116:TCP"= 17116:TCP:spport
"17857:TCP"= 17857:TCP:spport
"13145:TCP"= 13145:TCP:spport
"21954:TCP"= 21954:TCP:spport
"24980:TCP"= 24980:TCP:spport
"27742:TCP"= 27742:TCP:spport
"10449:TCP"= 10449:TCP:spport

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/20/2009 8:15 AM 233136]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [12/20/2009 8:15 AM 88040]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [1/1/2004 3:06 AM 14336]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [12/20/2009 8:15 AM 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [12/20/2009 8:15 AM 70408]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [12/20/2009 8:15 AM 56512]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [11/27/2006 4:06 PM 227200]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/24/2009 7:49 AM 38224]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [12/20/2009 8:15 AM 115216]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2007 9:12 PM 24652]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HIDSERV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
netsvc REG_MULTI_SZ SPService
.

blackdra
2009-12-27, 18:12
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = localhost:8080
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yu-Gi-Oh! (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.ftp - proxy_sever
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy_sever
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy_sever
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy_sever
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy_sever
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPView22.dll
FF - plugin: c:\program files\SceneCaster\Version 3.11.16\NPSceneCaster.dll
FF - plugin: c:\program files\view22\version_4\NPView22.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 10:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'explorer.exe'(2340)
c:\documents and settings\all users\application data\adobe\sp.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2009-12-27 10:07:07
ComboFix-quarantined-files.txt 2009-12-27 16:07
ComboFix2.txt 2009-12-26 19:42

Pre-Run: 98,344,349,696 bytes free
Post-Run: 98,304,954,368 bytes free

- - End Of File - - 968F4B535E3B335B711FB60F891FC456

blackdra
2009-12-27, 18:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:31 AM, on 12/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PeoplePC\ISP6100\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6100\Browser\PPShared.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 2733 bytes

blackdra
2009-12-27, 18:17
just as a side note internet explorer came back but still not connecting to the net would that be still a virus interaction or in this case something eles

peku006
2009-12-28, 10:35
Hi blackdra

Have you tried
Manually restoring the Internet connection (http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore)

1 - Run Malwarebytes' Anti-Malware


Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Status Check
Please reply with

the Malwarebytes' Anti-Malware Log

Thanks peku006

blackdra
2009-12-28, 16:48
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/28/2009 8:40:29 AM
mbam-log-2009-12-28 (08-40-29).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 239491
Time elapsed: 32 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c1ebef0-37cf-4408-b494-f6c000fd6ed7} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{339949fb-4a8c-4aa3-bd04-8b888d9a642a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf3e4737-a002-49ce-8e07-3460cb177a28} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{30fcf052-3649-4543-b924-ba7ab9facc8a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{050c8642-c1a9-480b-95a1-55fecb2b8c9a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{050c8642-c1a9-480b-95a1-55fecb2b8c9a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\acroie.dll (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkreader.acroiebho (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkreader.acroiebho.1 (Spyware.Banker) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\dcomclsid (Rogue.DesktopDefender) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091222-060240-256.dll (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\AcroIEHelpe.dll.vir (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\notepad.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\12242009_054046\C_Documents and Settings\Eric\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\12242009_054046\C_WINDOWS\System32\msilojzb.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\12242009_054046\C_WINDOWS\System32\msynldks.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\12262009_082227\C_WINDOWS\system32\msaouahn.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\12262009_082227\C_WINDOWS\system32\ndisdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\12262009_082227\C_WINDOWS\system32\winsts.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

peku006
2009-12-28, 17:50
Hi blackdra

1 - Clean temp files


Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.


NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

2 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

Thanks peku006

blackdra
2009-12-29, 13:26
haven troble getting the download to work i downloaded the installer for firefox but it saying that it cant get the update for the online scanner is there any way i can manually download from the site it self. also the link to restore the net connection didnt work as well

peku006
2009-12-29, 14:38
Hi blackdra

Manually restoring the Internet connection

Click on the Start button.
Click on the Settings menu option.
Click on the Control Panel option.
When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
ou will now see a menu similar to the image below. Simply click on the Repair menu option.

http://img.bleepingcomputer.com/combofix/en/repair.jpg
Repair Internet Connection

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.

Alternatively, if your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair as shown below.
http://img.bleepingcomputer.com/combofix/en/tray-repair.jpg

post back if it helped.

Thanks peku006

blackdra
2009-12-30, 12:53
the repair option dose not come up when i click on icon on eirther. can i run clamwin instead of the online scanner since i cant get it to run ?

peku006
2009-12-30, 12:56
Hi

Yes, do it

peku006

blackdra
2009-12-31, 00:56
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:06 PM, on 12/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\PeoplePC\ISP6100\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6100\Browser\PPShared.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\hp\digital imaging\smart web printing\hpswp_clipbook.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = peoplepc online:8080
O2 - BHO: (no name) - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - (no file)
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Anne')
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Anne')
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1006\..\Run: [notepad] rundll32.exe C:\DOCUME~1\Anne\ntload.dll,_IWMPEvents@0 (User 'Anne')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FD03FBF-A7CC-4378-81E6-472CDA2CFCE4}: NameServer = 207.69.188.167 207.69.188.166
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3552 bytes

blackdra
2009-12-31, 00:57
Scan Started Wed Dec 30 07:18:26 2009

-------------------------------------------------------------------------------



C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a6adc2be8539f3034d5247e6dfa3267_ab562468-bd0a-4927-81f6-bddba689b279: Permission denied

C:\hiberfil.sys: Permission denied

C:\pagefile.sys: Permission denied

C:\WINDOWS\SoftwareDistribution\EventCache\5CB96EDA-12AC-4F6A-A2BE-78AB721BFBC7.bin: Permission denied

C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

C:\WINDOWS\system32\config\default: Permission denied

C:\WINDOWS\system32\config\SAM: Permission denied

C:\WINDOWS\system32\config\SECURITY: Permission denied

C:\WINDOWS\system32\config\software: Permission denied

C:\WINDOWS\system32\config\system: Permission denied



C:\Documents and Settings\Eric\Desktop\computer fix\avenger\avenger.exe: Trojan.Agent-119128 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 677872

Engine version: 0.95.3

Scanned directories: 11631

Scanned files: 91035

Infected files: 1



Data scanned: 21191.66 MB

Data read: 19776.76 MB (ratio 1.07:1)

Time: 11600.500 sec (193 m 20 s)

--------------------------------------

Completed

--------------------------------------

blackdra
2009-12-31, 00:57
woo got ie to work had to play around with the internet setting on it

peku006
2009-12-31, 09:18
Hi blackdra

all the logs look good ,how is your computer behaving now?

Thanks peku006

blackdra
2009-12-31, 13:05
its acting great but got a few questions still in my c drive i have a few new folders that the program like combfix made should i delete those folders and have you ever heard of this Win32 Cabinet Self-Extractor srwq

peku006
2009-12-31, 14:33
Hi blackdra

Win32 Cabinet Self-Extractor (http://www.fileresearchcenter.com/A/AWFAX.EXE-3243.html) is a legitimate file

Your log now appears to be clean. Congratulations! :yahoo:

To remove all of the tools we used and the files and folders they created do the following:

Delete DDS, Rkill and RootRepeal from your desktop.

Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by Old Timer and save it to your Desktop.

Double-click OTC.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913).

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Spybot Search and Destroy
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)

SpyWare Blaster
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.


Happy safe surfing! :bigthumb:

peku006

blackdra
2010-01-02, 13:13
thx ill be back in a week with a new virus
...................:funny:

peku006
2010-01-03, 19:47
As this issue appears to be resolved, this topic is now closed

We are pleased to have been some help in getting you clean.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)