AHHHHH......i need help!!

[blackdra]

ok i have been racking my brain over this and i cant seem to fix it and when i think i have it fixed 2 or 3 days later it comes right back. so let me start out with this:
running : windows xp
programs: clamwin, spybot, hjt
firewall: standers windows version

ok here is what i have done so far. i ran clamwin ( anitvirus ) and it found 2 problems :

Scan Started Fri Dec 18 06:05:25 2009
-------------------------------------------------------------------------------

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a6adc2be8539f3034d5247e6dfa3267_ab562468-bd0a-4927-81f6-bddba689b279: Permission denied
C:\Documents and Settings\Janet\Local Settings\Temp\E6.tmp: Trojan.Dropper-23141 FOUND
C:\Documents and Settings\Janet\Local Settings\Temp\E6.tmp: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\E6.tmp.infected'
C:\Documents and Settings\Janet\Local Settings\Temp\F0.tmp: Trojan.Dropper-23141 FOUND
C:\Documents and Settings\Janet\Local Settings\Temp\F0.tmp: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\F0.tmp.infected'
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
C:\WINDOWS\system32\drivers\rqxtfp.sys: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 677872
Engine version: 0.95.3
Scanned directories: 12474
Scanned files: 116626
Infected files: 2
Data scanned: 23512.66 MB
Data read: 21548.48 MB (ratio 1.09:1)
Time: 13451.203 sec (224 m 11 s)

soon after i deleted them. then i ran spybot :
-- Report generated: 2009-12-18 14:25 ---

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $DC50EBD1] Executable (File, fixed)
C:\Program Files\InternetSecurity2010\IS2010.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $21695B76] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Opachki.ru: [SBI $DC5CFC0F] Autorun settings (notepad) (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad

Opachki.ru: [SBI $DC5CFC0F] Autorun settings (notepad) (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad

Opachki.ru: [SBI $8EAABB24] Library (File, fixed)
C:\Documents and Settings\Anne\Start Menu\Programs\Startup\scandisk.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Opachki.ru: [SBI $8EAABB24] Library (File, fixed)
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Opachki.ru: [SBI $B88A1213] Link (File, fixed)
C:\Documents and Settings\Anne\Start Menu\Programs\Startup\scandisk.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Opachki.ru: [SBI $B88A1213] Link (File, fixed)
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Agent.wu: [SBI $F76387AF] Autorun settings (winupdate86.exe) (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe

Win32.Agent.wu: [SBI $F76387AF] Program file (File, fixed)
C:\WINDOWS\system32\winupdate86.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde.atr: [SBI $ADF6CE3E] Configuration file (File, fixed)
C:\WINDOWS\Tasks\uyfqaaue.job
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde.dll: [SBI $2F4068FC] Library (File, fixed)
C:\WINDOWS\system32\yabutuwi.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Virtumonde.dll: [SBI $AE112DD6] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs=....dll...

Virtumonde.prx: [SBI $81D8C514] Autorun settings (nejepidof) (Registry value, fixing failed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nejepidof

Virtumonde.sdn: [SBI $70056CE6] Data (File, fixed)
C:\WINDOWS\system32\dufubuga
Properties.size=1744
Properties.md5=4FDF7661C37387B3865E15B7047AF2A4
Properties.filedate=1261167888
Properties.filedatetext=2009-12-18 14:24:48

BurstMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


BurstMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Anne (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Janet (default)) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-12-12 unins000.exe (51.49.0.0)
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-01-26 SDShred.exe (1.0.2.5)
2009-12-17 spybotsd_includes.exe
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-26 advcheck.dll (1.6.2.15)
2009-01-26 SDHelper.dll (1.6.2.14)
2009-01-26 Tools.dll (2.1.6.10)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2009-01-22 Includes\Revision.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-15 Includes\Malware.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-10-08 Includes\Adware.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2009-12-15 Includes\DialerC.sbi (*)
2009-12-15 Includes\HijackersC.sbi (*)
2009-12-15 Includes\KeyloggersC.sbi (*)
2009-12-15 Includes\MalwareC.sbi (*)
2009-12-15 Includes\PUPSC.sbi (*)
2009-12-15 Includes\SecurityC.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-12-15 Includes\SpywareC.sbi (*)
2009-12-15 Includes\AdwareC.sbi (*)
2009-12-15 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll

i was able eto delete most problems but both Virtumonde and Opachki.ru still remain after a second scan sfter a restart

then i ran hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:58 AM, on 12/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\ctfmon.exe
C:\Program Files\PeoplePC\ISP6100\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6100\Browser\PPShared.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\hp\digital imaging\smart web printing\hpswp_clipbook.exe
c:\program files\aim\aim.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O4 - HKLM\..\Run: [ClamWin] "I:\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [MSConfig] c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [nejepidof] Rundll32.exe "c:\windows\system32\suzirowa.dll",a
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FD03FBF-A7CC-4378-81E6-472CDA2CFCE4}: NameServer = 207.69.188.167 207.69.188.166
O20 - AppInit_DLLs: fepabavi c:\windows\system32\suzirowa.dll,fepabavi.dll
O21 - SSODL: lajeyemaw - {efa2d421-1a0f-4a5c-878e-9e6de7e43ae0} - c:\windows\system32\suzirowa.dll
O22 - SharedTaskScheduler: tokatiluy - {efa2d421-1a0f-4a5c-878e-9e6de7e43ae0} - c:\windows\system32\suzirowa.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3034 bytes

after that i thought i had fix my computer but like i said 2 or 3 days later everything would come back and i have to do this all over again .... been at this for a week now and cant seem to make any head way.
also from read a few other post on her ei know that the firewall that comes with windows suck so i was thinking about downloading zonealarm form cnet is this a good firewall??
also internet explorer is not working and has been takin over by the virus as well and firefox is showing sign of it as well by being redirceted to vius infected sites

and this is a big o crap , safe mode has been disable !!!

please help .... as leelu would say from fifth element

 

[peku006]

Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

• If you don't know or understand something please don't hesitate to ask
• Please DO NOT run any other tools or scans whilst I am helping you.
• It is important that you reply to this thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006

 

[blackdra]

well im batting a thousand ....... i downloaded combofix and it wont run .......

 

[peku006]

Hi blackdra

do not worry, we can use other tools

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log


Thanks peku006

 

[blackdra]

de ja vu

same thing happen downloaded dosent run say script error or cant find script

 

[peku006]

Hi blackdra

:banghead:

Please download DDS by sUBs from one of the links below and save it to your desktop:

Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

• Double-Click on dds.scr and a command window will appear. This is normal.
• Shortly after two logs will appear:
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Next Reply

Please reply with:

• DDS.txt
• Attach.txt

Thanks peku006

 

[blackdra]

1


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2006 3:53:59 PM
System Uptime: 12/22/2009 7:30:51 AM (8 hours ago)

Motherboard: First International Computer, Inc. | | VC37 Series
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Socket 478 | 2659/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 89.618 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_924F1509&REV_10\4&1A671D0C&0&18F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_924F1509&REV_10\4&1A671D0C&0&18F0
Service: RTL8023

==== System Restore Points ===================

RP1: 12/16/2009 6:20:45 AM - System Checkpoint
RP2: 12/17/2009 9:15:00 AM - System Checkpoint
RP3: 12/18/2009 10:12:30 AM - System Checkpoint
RP4: 12/20/2009 8:11:45 AM - System Checkpoint
RP5: 12/21/2009 8:34:55 AM - System Checkpoint
RP6: 12/22/2009 5:19:02 AM - Restore Operation

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.57
Action Replay Code Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Adobe Shockwave Player
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AudibleManager
AVI Movie Player
BufferChm
CIF USB Camera (2110A)
ClamWin Free Antivirus 0.95.3
CompuServe
Copy
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Destinations
DeviceDiscovery
DivX Web Player
DJ_AIO_06_F2400_SW_Min
eMachines Bay Reader
F2400
Google Talk (remove only)
GPBaseService2
GTK+ Runtime 2.14.7 rev a (remove only)
Guifications Plugin (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ICQ
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 2
Learn2 Player (Uninstall Only)
LimeWire 4.16.6
Malwarebytes' Anti-Malware
MarketResearch
McGraw-Hill's GED
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Microsoft Works 7.0
mIRC
Mozilla Firefox (3.0.16)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero OEM
PaltalkScene
PC Tools Firewall Plus 6.0
PeoplePC Online
PeoplePC: PeoplePal Toolbar 6.1
Pidgin
PowerDVD
PowerMenu 1.51
Project Pokemon Save Editor
PurePlay Poker
QuickTime
RD1021/1071 Lyra Personal Audio Player Applications
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Scan
SceneCaster
Screenshot Captor 2.30.04
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
Shoddy Battle
Shop for HP Supplies
Skype™ 3.8
SmartWebPrinting
SoftV92 Data Fax Modem with SmartCP
SolutionCenter
Spybot - Search & Destroy
Status
The Sims 2
The Sims 2 Pets
The Sims™ 2 Seasons
Toolbox
TrayApp
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Walgreens PhotoShow Express 4
WebFldrs XP
WebReg
Winamp
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Movie Maker 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

12/22/2009 5:13:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss Tcpip
12/19/2009 5:01:21 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
12/19/2009 4:58:32 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
12/19/2009 3:21:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/19/2009 3:19:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/19/2009 3:19:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:19:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:19:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:19:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:18:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/19/2009 3:18:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/18/2009 5:45:31 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/18/2009 5:45:27 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/16/2009 6:21:48 AM, error: Service Control Manager [7023] - The BtwSrv service terminated with the following error: The specified module could not be found.
12/16/2009 5:06:55 AM, error: Service Control Manager [7034] - The fastnetsrv Service service terminated unexpectedly. It has done this 1 time(s).
12/15/2009 7:08:11 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
12/15/2009 6:51:24 AM, error: Service Control Manager [7034] - The fastnetsrv Service service terminated unexpectedly. It has done this 2 time(s).
12/15/2009 3:56:14 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
12/15/2009 3:48:33 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
12/15/2009 1:47:57 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/15/2009 1:46:53 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================



and 2



DDS (Ver_09-09-29.01) - NTFSx86
Run by Eric at 15:28:56.65 on Tue 12/22/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.933 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k netsvc
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\pc tools firewall plus\firewallgui.exe
c:\windows\system32\ctfmon.exe
C:\Program Files\PeoplePC\ISP6100\Browser\Bartshel.exe
C:\PROGRA~1\PeoplePC\ISP6100\Browser\PPShared.exe
c:\documents and settings\eric\desktop\dds(2).com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Page =
uInternet Settings,ProxyServer = localhost:8080
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [nejepidof] Rundll32.exe "c:\windows\system32\yobiseha.dll",a
mPolicies-system: EnableLUA = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: fepabavi.dll c:\windows\system32\yobiseha.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: rehirodup - {3c80fcc8-b88d-4740-bcec-d2d122abcbe9} - c:\windows\system32\yobiseha.dll
STS: mujuzedij: {3c80fcc8-b88d-4740-bcec-d2d122abcbe9} - c:\windows\system32\yobiseha.dll
LSA: Notification Packages = scecli rayedutu.dll kafiseri.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\5f6awe7z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yu-Gi-Oh! (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.deviantart.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.ftp - proxy_sever
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy_sever
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy_sever
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy_sever
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy_sever
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPView22.dll
FF - plugin: c:\program files\scenecaster\version 3.11.16\NPSceneCaster.dll
FF - plugin: c:\program files\view22\version_4\NPView22.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-20 233136]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-20 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-12-20 818432]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2004-1-1 14336]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-20 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-20 70408]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-20 56512]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-20 115216]
S1 tdidis32.sys;tdidis32.sys;\??\c:\windows\system32\tdidis32.sys --> c:\windows\system32\tdidis32.sys [?]
S2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2004-1-1 14336]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2006-11-27 227200]
S4 fastnetsrv;fastnetsrv Service;c:\windows\system32\fastnetsrv.exe --> c:\windows\system32\FastNetSrv.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-15 24652]

=============== Created Last 30 ================

2009-12-22 06:59 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 06:59 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-22 06:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 06:56 <DIR> --d----- c:\docume~1\eric\applic~1\Malwarebytes
2009-12-22 06:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-22 05:19 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-12-22 05:10 <DIR> --d----- C:\32788R22FWJFW(2)
2009-12-20 11:35 2,098 ---sh--- c:\windows\system32\dajifuji.exe
2009-12-20 08:16 <DIR> --d----- c:\docume~1\eric\applic~1\PCToolsFirewallPlus
2009-12-20 08:15 <DIR> --d----- c:\program files\common files\PC Tools
2009-12-20 08:15 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-12-20 07:15 0 a--sh--- c:\windows\system32\bemevaja.dll
2009-12-20 07:14 0 a--shrot c:\windows\wininit.ini
2009-12-19 20:34 2,098 ---sh--- c:\windows\system32\bawayeka.exe
2009-12-17 16:19 0 a------- c:\windows\system32\21906.exe
2009-12-16 13:55 2,098 ---sh--- c:\windows\system32\gezibaju.exe
2009-12-15 16:55 <DIR> --d----- c:\windows\system32\cock
2009-12-14 22:52 707,072 a------- c:\windows\system32\drivers\rqxtfp.sys
2009-12-14 22:48 118 a------- c:\windows\system32\711046.BAT
2009-12-14 22:48 32,768 a------- c:\windows\system32\msilojzb.dll
2009-12-14 03:02 <DIR> --d----- c:\program files\MSXML 4.0
2009-12-14 01:10 61 a------- c:\windows\system32\urhtps.dat
2009-12-13 10:54 <DIR> --d-h--- c:\windows\PIF
2009-12-11 23:42 <DIR> --d----- c:\docume~1\eric\applic~1\.clamwin
2009-12-11 23:41 <DIR> --d----- c:\documents and settings\all users\.clamwin
2009-12-11 15:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-12-11 15:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-11 15:27 <DIR> --d----- c:\program files\Trend Micro
2009-12-10 11:08 19,456 a------- c:\windows\system32\winhelper86.dll
2009-12-10 08:31 2,098 ---sh--- c:\windows\system32\musosami.dll
2009-12-10 08:31 2,098 ---sh--- c:\windows\system32\tipezuku.dll
2009-12-10 08:31 2,098 ---sh--- c:\windows\system32\rijiraza.dll
2009-12-10 08:18 0 a------- c:\windows\system32\23811.exe
2009-12-10 07:58 0 a------- c:\windows\system32\28703.exe
2009-12-10 07:38 0 a------- c:\windows\system32\9894.exe
2009-12-10 07:18 0 a------- c:\windows\system32\17035.exe
2009-12-10 06:58 0 a------- c:\windows\system32\26299.exe
2009-12-10 06:38 0 a------- c:\windows\system32\25667.exe
2009-12-10 06:18 0 a------- c:\windows\system32\19912.exe
2009-12-10 05:58 0 a------- c:\windows\system32\1869.exe
2009-12-10 05:38 0 a------- c:\windows\system32\11538.exe
2009-12-10 05:18 0 a------- c:\windows\system32\14771.exe
2009-12-10 04:58 0 a------- c:\windows\system32\21726.exe
2009-12-10 04:38 0 a------- c:\windows\system32\5447.exe
2009-12-10 04:18 0 a------- c:\windows\system32\19895.exe
2009-12-10 03:57 0 a------- c:\windows\system32\19718.exe
2009-12-10 03:37 0 a------- c:\windows\system32\18716.exe
2009-12-10 03:17 0 a------- c:\windows\system32\17421.exe
2009-12-10 02:57 0 a------- c:\windows\system32\12382.exe
2009-12-10 02:37 0 a------- c:\windows\system32\292.exe
2009-12-10 02:17 0 a------- c:\windows\system32\153.exe
2009-12-10 01:57 0 a------- c:\windows\system32\3902.exe
2009-12-10 01:37 0 a------- c:\windows\system32\14604.exe
2009-12-10 01:17 0 a------- c:\windows\system32\32391.exe
2009-12-10 00:57 0 a------- c:\windows\system32\5436.exe
2009-12-10 00:37 0 a------- c:\windows\system32\4827.exe
2009-12-10 00:17 0 a------- c:\windows\system32\11942.exe
2009-12-09 23:57 0 a------- c:\windows\system32\2995.exe
2009-12-09 23:37 0 a------- c:\windows\system32\491.exe
2009-12-09 23:17 0 a------- c:\windows\system32\9961.exe
2009-12-09 22:57 0 a------- c:\windows\system32\16827.exe
2009-12-09 22:37 0 a------- c:\windows\system32\23281.exe
2009-12-09 22:17 0 a------- c:\windows\system32\28145.exe
2009-12-09 21:57 0 a------- c:\windows\system32\5705.exe
2009-12-09 21:36 0 a------- c:\windows\system32\24464.exe
2009-12-09 21:16 0 a------- c:\windows\system32\26962.exe
2009-12-09 20:56 0 a------- c:\windows\system32\29358.exe
2009-12-09 20:36 0 a------- c:\windows\system32\11478.exe
2009-12-09 20:16 0 a------- c:\windows\system32\15724.exe
2009-12-09 19:56 0 a------- c:\windows\system32\19169.exe
2009-12-09 19:36 0 a------- c:\windows\system32\26500.exe
2009-12-09 19:16 0 a------- c:\windows\system32\6334.exe
2009-12-09 18:56 0 a------- c:\windows\system32\18467.exe
2009-12-09 18:36 0 a------- c:\windows\system32\41.exe
2009-12-09 18:36 19,968 a--sh--- c:\windows\system32\winlogon86.exe
2009-12-09 05:06 <DIR> --d----- c:\windows\system32\lowsec
2009-12-09 04:07 9,908 ---sh--- c:\windows\system32\siyizene.dll
2009-12-04 09:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-12-04 09:17 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-12-04 09:16 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-12-04 09:16 452,408 a----r-- c:\windows\system32\hpzids01.dll
2009-12-04 09:16 123,904 a------- c:\windows\system32\hpf3l70v.dll
2009-12-04 09:16 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-12-04 09:16 712,704 a----r-- c:\windows\system32\hposwia_d02c.dll
2009-12-04 09:16 589,824 a----r-- c:\windows\system32\hpost_d02c.dll
2009-12-04 09:16 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-12-04 09:16 315,392 a----r-- c:\windows\system32\hposc_d02a.dll
2009-12-04 09:16 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-12-04 09:11 <DIR> --d----- c:\program files\common files\HP
2009-12-04 09:11 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-12-04 09:10 <DIR> --d----- c:\program files\HP
2009-12-04 09:07 160,881 a------- c:\windows\hpoins44.dat
2009-12-04 09:07 586 -------- c:\windows\hpomdl44.dat
2009-12-04 08:48 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-12-04 08:48 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-12-04 08:48 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-12-04 08:48 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-12-03 01:36 2,805 a------- c:\windows\system32\ShellFolder
2009-12-02 14:33 <DIR> --d----- c:\windows\pss
2009-12-02 12:45 156,160 a------- c:\windows\system32\leopehgqqd78o.exe
2009-12-02 12:36 112 a------- c:\windows\system32\srvblck2.tmp
2009-12-02 12:35 17 a------- c:\windows\system32\user.cfg
2009-12-02 12:35 <DIR> --d----- c:\windows\system32\xmldm
2009-12-02 12:35 <DIR> --d----- c:\windows\system32\UAs
2009-11-30 00:15 8,823 a------- c:\windows\system32\t1p0_593775141973.b1k
2009-11-30 00:03 22,831 a------- c:\windows\system32\t1p0_444989264064.b1k
2009-11-28 01:23 148,992 a------- c:\windows\system32\nsysd.ini
2009-11-28 01:23 6,414 a------- c:\windows\system32\krncode.dat
2009-11-28 01:23 994,304 a------- c:\windows\system32\nsysk.ini
2009-11-28 01:23 986,112 a------- c:\windows\system32\olsysk.dat
2009-11-28 01:23 670,208 a------- c:\windows\system32\nsysw.ini
2009-11-28 01:23 662,016 a------- c:\windows\system32\olsysw.dat
2009-11-28 01:23 23,905 a------- c:\windows\system32\wincode.dat
2009-11-28 01:23 21,504 a------- c:\windows\system32\nsysp.ini
2009-11-28 01:23 17,408 a------- c:\windows\system32\olsysp.dat
2009-11-28 01:23 1,617 a------- c:\windows\system32\pwrcode.dat
2009-11-28 01:23 47,856 a------- c:\windows\system32\shifld2.old
2009-11-28 00:17 32,768 a------- c:\windows\system32\msynldks.dll
2009-11-28 00:04 25,600 a------- c:\windows\system32\tdlcmd.dll

==================== Find3M ====================

2009-12-14 05:24 21,504 a------- c:\windows\system32\powrprof.dll
2009-12-14 05:24 29,696 a--sh--- c:\documents and settings\eric\ntload.dll
2009-12-14 05:24 670,208 a------- c:\windows\system32\wininet.dll
2009-12-14 05:18 994,304 a------- c:\windows\system32\sysk.tmp
2009-12-14 05:18 670,208 a------- c:\windows\system32\sysw.tmp
2009-12-14 05:18 21,504 a------- c:\windows\system32\sysp.tmp
2009-11-28 01:23 148,992 a------- c:\windows\system32\rsysd.tmp
2009-11-24 08:54 56,512 a------- c:\windows\system32\drivers\pctNdis.sys
2009-11-23 13:54 88,040 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-10 17:11 70,408 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-11-09 11:20 207,792 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-30 11:11 233,136 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-21 00:00 75,776 a------- c:\windows\system32\strmfilt.dll
2009-10-21 00:00 25,088 a------- c:\windows\system32\httpapi.dll
2009-10-13 04:53 266,752 a------- c:\windows\system32\oakley.dll
2009-10-12 07:54 112,128 a------- c:\windows\system32\rastls.dll
2009-10-12 07:54 69,632 a------- c:\windows\system32\raschap.dll
2009-09-24 23:56 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-15 05:49 53,248 a--sh--- c:\windows\system32\bahegope.dll
2009-09-11 17:24 35,328 a--sh--- c:\windows\system32\bebutepo.exe
2009-09-09 18:13 3 a--sh--- c:\windows\system32\bidapoyi.dll
2009-09-15 05:49 45,568 a--sh--- c:\windows\system32\bozilajo.dll
2009-09-09 18:58 3 a--sh--- c:\windows\system32\dobiyide.dll
2009-09-20 23:36 39,424 a--sh--- c:\windows\system32\dukiwava.dll
2009-09-09 18:35 19,456 a--sh--- c:\windows\system32\duyugesa.exe
2009-09-17 13:56 19,968 a--sh--- c:\windows\system32\fanesazi.exe
2009-09-09 19:21 3 a--sh--- c:\windows\system32\fejawoza.dll
2009-09-15 05:50 53,248 a--sh--- c:\windows\system32\fepabavi.dll
2009-09-15 05:49 19,968 a--sh--- c:\windows\system32\fezijepa.exe
2009-09-10 07:49 3 a--sh--- c:\windows\system32\gopeyuye.dll
2009-09-09 18:36 3 a--sh--- c:\windows\system32\guyeroso.dll
2009-09-10 08:12 3 a--sh--- c:\windows\system32\hipofahi.dll
2009-09-15 05:49 39,424 a--sh--- c:\windows\system32\hofonike.dll
2009-09-17 01:56 39,424 a--sh--- c:\windows\system32\jesoyaru.dll
2009-09-09 18:36 3 a--sh--- c:\windows\system32\jivesiye.dll
2009-09-09 19:21 3 a--sh--- c:\windows\system32\jonesuke.dll
2009-09-15 05:50 53,248 a--sh--- c:\windows\system32\kafiseri.dll
2009-09-20 23:35 61,952 a--sh--- c:\windows\system32\ladahawe.dll
2009-09-09 19:44 3 a--sh--- c:\windows\system32\lezarase.dll
2009-09-09 19:21 3 a--sh--- c:\windows\system32\lubosuve.dll
2009-09-09 18:13 3 a--sh--- c:\windows\system32\lutehibe.dll
2009-09-17 13:56 39,424 a--sh--- c:\windows\system32\muwuhare.dll
2009-09-17 13:56 45,568 a--sh--- c:\windows\system32\naruhogo.dll
2009-09-09 19:44 3 a--sh--- c:\windows\system32\navepolu.dll
2009-09-09 19:21 3 a--sh--- c:\windows\system32\nisamuva.dll
2009-09-09 18:35 3 a--sh--- c:\windows\system32\pilabuma.dll
2009-09-10 08:11 3 a--sh--- c:\windows\system32\piyidaze.dll
2009-09-11 17:24 45,568 a--sh--- c:\windows\system32\sayawoha.dll
2009-09-10 08:11 3 a--sh--- c:\windows\system32\sirodave.dll
2009-09-10 07:49 3 a--sh--- c:\windows\system32\tobigude.dll
2009-09-17 13:56 19,968 a--sh--- c:\windows\system32\winlogon86.exe
2009-09-11 17:24 39,424 a--sh--- c:\windows\system32\wopowupa.dll
2009-09-09 18:35 3 a--sh--- c:\windows\system32\yademejo.dll
2009-09-09 18:58 3 a--sh--- c:\windows\system32\yafilore.dll
2009-09-15 05:50 53,248 a--sh--- c:\windows\system32\yijeyenu.dll
2009-09-20 23:35 93,184 a--sh--- c:\windows\system32\yobiseha.dll
2009-09-09 18:13 3 a--sh--- c:\windows\system32\yuteraji.dll
2009-09-10 07:49 3 a--sh--- c:\windows\system32\zehasipe.dll
2009-09-09 18:58 3 a--sh--- c:\windows\system32\zinozobu.dll
2009-09-10 08:34 39,424 a--sh--- c:\windows\system32\zivogima.dll

============= FINISH: 15:30:32.21 ===============

 

[peku006]

Hi blackdra

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Limewire

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


1 - Download and Run Rkill

Please download Rkill from one of the following links and save to your Desktop:

• Link 1
• Link 2
• Link 3
• Link 4

• Double click on Rkill.
• A command window will open then disappear upon completion, this is normal.
• Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

With that done, please try Combofix again

include the C:\ComboFix.txt in your next reply

Thanks peku006

 

[blackdra]

:hair::slap:

combofix did not work again :
rejection:
windows can not find 32788r22fwjfw\IEXPLORE.exe
windows can not find 32788r22fwjfw\hidec.exe
windows can not find 32788r22fwjfw\n.pif
windows can not find 32788r22fwjfw\nircmd.cfxxe

and rkill had a unknown error and shut it self down ..... i hate my computer ......i need a mac ..... but hey lime wire is not uninstalled

whats PEV?? it came with rkill and ran that it was fine

 

[peku006]

Hi blackdra

but hey lime wire is not uninstalled

why not, which is the reason that you do not remove it

Thanks peku006

 

[blackdra]

no no i did limewire has been deleted that not should had been now my bad

 

[peku006]

Hi blackdra

your computer is really dirty..........:slap:

Download and run OTS

• Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.
  
  • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• Click the Scan All Users checkbox on the toolbar.
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
• Close Notepad (saving the change if necessry).

Thanks peku006

 

[blackdra]

OTS logfile created on: 12/23/2009 3:42:34 PM - Run 1
OTS by OldTimer - Version 3.1.12.0     Folder = c:\documents and settings\eric\desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 89.60 Gb Free Space | 80.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BLACKSILVER
Current User Name: Eric
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
bartshel.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\BartShel.exe -> [2005/06/13 13:55:37 | 00,150,016 | ---- | M] 

(PeoplePC)
ppshared.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\PPShared.exe -> [2005/06/13 13:55:37 | 00,092,672 | ---- | M] 

(PeoplePC)
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
ctsvccda.exe -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative 

Technology Ltd)
 
[Modules - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
fepabavi.dll -> C:\WINDOWS\system32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | M] ()
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-

ww_ac3f9c03\comctl32.dll -> [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(fastnetsrv) fastnetsrv  Service [Disabled | Stopped] ->  -> File not found
(SPService) SPService [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL -> 

[2009/12/10 10:59:19 | 00,057,856 | ---- | M] ()
(PCToolsFirewallPlus) PC Tools Firewall Plus [Auto | Stopped] -> C:\Program Files\PC Tools Firewall Plus\FWService.exe -> 

[2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2009/05/21 

22:13:36 | 00,248,832 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> 

[2009/05/21 22:03:06 | 00,133,120 | ---- | M] (Hewlett-Packard Co.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/12/03 20:05:42 | 

00,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/12/03 20:05:32 | 

00,044,544 | ---- | M] (Hewlett-Packard)
(Viewpoint Manager Service) Viewpoint Manager Service [Disabled | Stopped] -> C:\Program 

Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 

| 00,065,536 | ---- | M] (America Online, Inc.)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running] -> C:\WINDOWS\system32

\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
 
[Driver Services - Safe List]
(pctNDIS) PC Tools Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis.sys -> [2009/11/24 

08:54:56 | 00,056,512 | ---- | M] (PC Tools)
(PCTAppEvent) PCTAppEvent Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PCTAppEvent.sys -> 

[2009/11/23 13:54:20 | 00,088,040 | ---- | M] (PC Tools)
(PCTFW-PacketFilter) PCTools Firewall - Packet filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\pctNdis-PacketFilter.sys -> [2009/11/10 17:11:36 | 00,070,408 | ---- | M] (PC Tools)
(pctgntdi) pctgntdi [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pctgntdi.sys -> [2009/10/30 11:11:00 | 

00,233,136 | ---- | M] (PC Tools)
(pctplfw) pctplfw [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pctplfw.sys -> [2009/10/16 16:55:00 | 

00,115,216 | ---- | M] (PC Tools)
(PCTFW-DNS) PCTools Firewall - DNS driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-

DNS.sys -> [2009/08/14 13:44:18 | 00,032,552 | ---- | M] (PC Tools)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2009/04/28 14:20:06 | 

00,044,944 | ---- | M] (Sonic Solutions)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> 

[2008/10/28 04:27:07 | 00,049,920 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\HPZius12.sys -> [2008/10/28 04:27:07 | 00,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\HPZipr12.sys -> [2008/10/28 04:27:07 | 00,016,496 | R--- | M] (HP)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 

| ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> 

C:\WINDOWS\system32\drivers\rtl8139.sys -> [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor 

Corporation)
(SunkFilt39) Alcor Micro Corp - 3239 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Sunkfilt39.sys -> 

[2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.)
(SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys -> 

[2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> 

C:\WINDOWS\system32\drivers\ialmsbw.sys -> [2004/01/29 20:13:06 | 00,122,110 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmnt5.sys -> [2004/01/29 20:13:06 | 

00,095,579 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> 

C:\WINDOWS\system32\drivers\ialmkchw.sys -> [2004/01/29 20:13:04 | 00,099,002 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2004/01/16 15:21:48 | 

00,012,970 | ---- | M] (Conexant)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\asctrm.sys -> [2004/01/01 05:38:00 | 

00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/13 

19:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/13 19:17:00 | 

01,042,816 | ---- | M] (Conexant Systems, Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\ALCXWDM.SYS -> [2003/08/21 02:31:52 | 00,462,940 | ---- | M] (Realtek Semiconductor Corp.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32

\drivers\ALCXSENS.SYS -> [2003/08/14 09:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> 

C:\WINDOWS\system32\drivers\Rtlnic51.sys -> [2003/08/13 01:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor 

Corporation                           )
(CCCP106) CIF USB Camera (2110A) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\cccp106.sys -> 

[2003/04/28 05:03:36 | 00,227,200 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> 

[2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> 

[2001/09/27 13:00:26 | 00,028,396 | ---- | M] (America Online, Inc.)
(USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbio.sys -> [2001/05/07 

04:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> 

http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultURL" -> 

http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: SearchURL\\"provider" -> live -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyEnable" -> 1 -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyServer" -> localhost:8080 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\FireFox\Profiles\5f6awe7z.default\prefs.js -> 
browser.search.defaultenginename -> "Bing" ->
browser.search.defaulturl -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Yu-Gi-Oh! (en)" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.deviantart.com/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 ->
extensions.enabledItems -> {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> smartwebprinting@hp.com:4.5 ->
extensions.enabledItems -> {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 ->
extensions.enabledItems -> {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2 ->
extensions.enabledItems -> {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
keyword.URL -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
network.proxy.ftp -> "proxy_sever" ->
network.proxy.ftp_port -> 8080 ->
network.proxy.gopher -> "proxy_sever" ->
network.proxy.gopher_port -> 8080 ->
network.proxy.http -> "proxy_sever" ->
network.proxy.http_port -> 8080 ->
network.proxy.socks -> "proxy_sever" ->
network.proxy.socks_port -> 8080 ->
network.proxy.ssl -> "proxy_sever" ->
network.proxy.ssl_port -> 8080 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\CompuServe 7.0\Extensions ->  -> 
HKLM\software\mozilla\CompuServe 7.0\Extensions\\ ->  -> 
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components -> C:\Program Files\Common 

Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | 

---D | M]
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins -> C:\Program Files\Common Files\csshare\plugins0942 

[C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\smart 

web printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> 

[2009/12/04 09:14:58 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components -> C:\Program Files\Mozilla Firefox\components 

[C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM 

FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions -> [2008/06/18 07:09:46 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions -> [2009/12/23 

04:57:58 | 00,000,000 | ---D | M]
ChatZilla   -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/12/13 19:53:31 | 

00,000,000 | ---D | M]
MidnightFox   -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} -> [2009/06/25 05:12:29 

| 00,000,000 | ---D | M]
Aquatint Black Gloss   -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} -> [2008/10/16 16:17:32 

| 00,000,000 | ---D | M]
Aluminium Kai 2   -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c} -> [2008/05/21 19:22:55 

| 00,000,000 | ---D | M]
PitchDark   -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2009/07/10 07:53:06 

| 00,000,000 | ---D | M]
Web Developer   -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} -> [2009/07/10 

07:53:11 | 00,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/12/13 19:53:32 

| 00,000,000 | ---D | M]
Download Statusbar   -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/05/14 

07:01:09 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bulbapedia-en.xml -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\bulbapedia-en.xml -> [2009/02/17 05:59:40 | 00,001,431 | ---- 

| M] ()
 smogon.xml -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\smogon.xml -> [2008/11/20 06:55:13 | 00,002,321 | ---- | M] ()
 yu-gi-oh-en.xml -> C:\Documents and Settings\Eric\Application 

Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\yu-gi-oh-en.xml -> [2009/08/03 01:06:46 | 00,002,303 | ---- | M] 

()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/23 04:57:58 | 00,000,000 | ---D | M]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D424EDA1-E01F-45d6-AC89-9425DE6E710A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet 

Explorer\Toolbar\ -> 
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not 

found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ 

-> 
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not 

found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-

1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not 

found
ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not 

found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"00PCTFW" -> C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall 

Plus\FirewallGUI.exe" -s] -> [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools)
"nejepidof" -> C:\WINDOWS\System32\yobiseha.DLL [Rundll32.exe "c:\windows\system32\yobiseha.dll",a] -> [2009/09/20 

23:35:57 | 00,093,184 | -HS- | M] ()
< Run [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-

1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> File not 

found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Anne Startup Folder > -> C:\Documents and Settings\Anne\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup -> 
< Janet Startup Folder > -> C:\Documents and Settings\Janet\Start Menu\Programs\Startup -> 
< Shawn Startup Folder > -> C:\Documents and Settings\Shawn\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet 

Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19

\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20

\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-

1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-

1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet 

Explorer\Extensions\ -> 
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> c:\Program Files\aim\aim.exe [Button: AIM] -> [2006/08/01 

14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital 

Imaging\smart web printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/05/21 21:54:18 | 

00,509,496 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> c:\Program Files\Spybot - 

Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | 

M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet 

Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 

14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web 

printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & 

Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer 

Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg 

Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet 

Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 

14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web 

printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & 

Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer 

Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg 

Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-

1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 

14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web 

printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & 

Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer 

Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg 

Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet 

Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 

domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 

range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 

domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range

(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 

domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) 

found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 

domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) 

found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 

domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) 

found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-

283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet 

Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-

283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet 

Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab 

[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab 

[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab 

[Java Plug-in 1.6.0_02] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> 

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 

NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | M] ()
c:\windows\system32\yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 

NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 

NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/01/29 20:13:24 | 00,323,584 | ---- | M] (Intel Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [rehirodup] -> [2009/09/20 

23:35:57 | 00,093,184 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [mujuzedij] -> [2009/09/20 

23:35:57 | 00,093,184 | -HS- | M] ()
< Domain Profile Authorized Applications List > -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Autho

rizedApplications\List -> 
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common 

Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital 

Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 19:58:14 | 00,413,496 | ---- | M] (Hewlett-

Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 06:22:32 | 00,016,896 | ---- 

| M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 06:22:36 | 01,762,816 | 

---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 20:38:10 | 00,626,488 | --

-- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe 

[C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 20:38:10 | 00,768,312 | ---- | 

M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2009/05/21 18:22:54 | 00,354,616 | --

-- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | -

--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 | 

00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 06:22:30 | 00,277,504 | ---- 

| M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 21:46:36 | 00,168,960 | ---- 

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 22:13:36 | 00,275,768 | ---- 

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 20:09:24 | 01,131,832 | ---- | 

M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 20:09:24 | 01,049,400 | ---- 

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital 

Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web 

printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 21:54:18 | 00,024,632 | ---- | M] (Hewlett-

Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe 

[C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 18:04:58 | 00,689,456 | ---- | 

M] (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe 

[C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | 

---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List -> 
"C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe" -> C:\Documents and 

Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe [C:\Documents and Settings\Anne\My 

Documents\silverchild_24\VamPChaT\mirc.exe:*:Enabled:mIRC] -> [2003/06/01 21:40:46 | 01,790,464 | ---- | M] (mIRC Co. 

Ltd.)
"C:\Program Files\aim\aim.exe" -> C:\Program Files\aim\aim.exe [C:\Program Files\aim\aim.exe:*:Enabled:AIM] -> 

[2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common 

Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital 

Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 19:58:14 | 00,413,496 | ---- | M] (Hewlett-

Packard Co.)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe 

[C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:googletalk] -> [2007/01/01 15:22:02 | 03,739,648 | ---- | 

M] (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 06:22:32 | 00,016,896 | ---- 

| M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 06:22:36 | 01,762,816 | 

---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 20:38:10 | 00,626,488 | --

-- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe 

[C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 20:38:10 | 00,768,312 | ---- | 

M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2009/05/21 18:22:54 | 00,354,616 | --

-- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | -

--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 | 

00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 06:22:30 | 00,277,504 | ---- 

| M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 21:46:36 | 00,168,960 | ---- 

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 22:13:36 | 00,275,768 | ---- 

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 20:09:24 | 01,131,832 | ---- | 

M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe 

[C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 20:09:24 | 01,049,400 | ---- 

| M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital 

Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web 

printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 21:54:18 | 00,024,632 | ---- | M] (Hewlett-

Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe 

[C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 18:04:58 | 00,689,456 | ---- | 

M] (Hewlett-Packard)
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program 

Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft 

Corporation)
"C:\Program Files\InternetSecurity2010\IS2010.exe" -> C:\Program Files\InternetSecurity2010\IS2010.exe [C:\Program 

Files\InternetSecurity2010\IS2010.exe:*:Enabled:is2010] -> File not found
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program 

Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla 

Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2009/12/16 09:37:36 | 00,307,672 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe" -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe [C:\Program 

Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:MSN Explorer] -> [2003/03/31 06:00:00 | 00,094,208 | ---- | M] (Microsoft 

Corporation)
"C:\Program Files\Paltalk Messenger\paltalk.exe" -> C:\Program Files\Paltalk Messenger\paltalk.exe [C:\Program 

Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene] -> File not found
"C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe" -> C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe 

[C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe:*:Enabled:ppcolink] -> [2005/06/13 13:55:37 | 00,020,480 | ---- | M] 

(PeoplePC)
"C:\Program Files\Pidgin\pidgin.exe" -> C:\Program Files\Pidgin\pidgin.exe [C:\Program 

Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2009/08/19 09:03:42 | 00,045,603 | ---- | M] (The Pidgin developer community)
"C:\Program Files\PurePlay\Poker\PurePlayPoker.exe" -> C:\Program Files\PurePlay\Poker\PurePlayPoker.exe [C:\Program 

Files\PurePlay\Poker\PurePlayPoker.exe:*:Enabled:PurePlay Poker] -> [2007/08/24 14:16:46 | 01,036,288 | ---- | M] (CyberArts 

Licensing LLC)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program 

Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 

[C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:spybotsd] -> [2009/01/26 15:31:12 | 05,365,592 | RHS- | 

M] (Safer Networking Limited)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe 

[C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | 

---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 

[C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program 

Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program 

Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2007/06/13 

04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe 

[C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe:*:Enabled:msconfig] -> [2004/08/04 00:56:54 | 00,158,208 | ---- | M]

 

[blackdra]

(Microsoft Corporation)
"C:\WINDOWS\system32\lsm32.sys" -> C:\WINDOWS\System32\lsm32.sys [C:\WINDOWS\system32\lsm32.sys:*:Enabled:lsm32]

-> File not found
"C:\WINDOWS\Temp\cmd.exe" -> C:\WINDOWS\Temp\cmd.exe [C:\WINDOWS\Temp\cmd.exe:*:Enabled:cmd] -> File not

found
"C:\WINDOWS\Temp\spoolsv.exe" -> C:\WINDOWS\Temp\spoolsv.exe

[C:\WINDOWS\Temp\spoolsv.exe:*:Enabled:spoolsv] -> File not found
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom

->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/01/01 04:18:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]

\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:39:08 | 00,598,528 | ---- | C] (OldTimer Tools)
32788R22FWJFW -> C:\32788R22FWJFW -> [2009/12/23 04:44:33 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/22 06:59:42 | 00,038,224 | ---- | C]

(Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/22 06:59:40 | 00,019,160 | ---- | C] (Malwarebytes

Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/22 06:59:40 | 00,000,000 | ---D |

C]
Malwarebytes -> C:\Documents and Settings\Eric\Application Data\Malwarebytes -> [2009/12/22 06:56:22 | 00,000,000 | --

-D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/22 06:56:14 | 00,000,000

| ---D | C]
computer fix -> C:\Documents and Settings\Eric\Desktop\computer fix -> [2009/12/22 06:48:07 | 00,000,000 | ---D | C]
32788R22FWJFW(2) -> C:\32788R22FWJFW(2) -> [2009/12/22 05:10:14 | 00,000,000 | ---D | C]
PCToolsFirewallPlus -> C:\Documents and Settings\Eric\Application Data\PCToolsFirewallPlus -> [2009/12/20 08:16:51 |

00,000,000 | ---D | C]
PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/12/20 08:15:31 | 00,207,792 | ---- | C] (PC Tools)
PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/12/20 08:15:31 | 00,088,040 | ---- | C] (PC

Tools)
pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/12/20 08:15:29 | 00,233,136 | ---- | C] (PC Tools)
pctNdis-PacketFilter.sys -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys -> [2009/12/20 08:15:08 | 00,070,408 | ----

| C] (PC Tools)
pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/12/20 08:15:08 | 00,056,512 | ---- | C] (PC Tools)
pctNdis-DNS.sys -> C:\WINDOWS\System32\drivers\pctNdis-DNS.sys -> [2009/12/20 08:15:08 | 00,032,552 | ---- | C] (PC Tools)
PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/12/20 08:15:08 | 00,000,000 | ---D | C]
pctplfw.sys -> C:\WINDOWS\System32\drivers\pctplfw.sys -> [2009/12/20 08:15:05 | 00,115,216 | ---- | C] (PC Tools)
PC Tools Firewall Plus -> C:\Program Files\PC Tools Firewall Plus -> [2009/12/20 08:15:03 | 00,000,000 | ---D | C]
cock -> C:\WINDOWS\System32\cock -> [2009/12/15 16:55:44 | 00,000,000 | ---D | C]
msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll -> [2009/12/14 22:48:49 | 00,032,768 | ---- | C] (USA)
AdobeUM -> C:\Documents and Settings\LocalService\Application Data\AdobeUM -> [2009/12/14 20:28:17 | 00,000,000 |

---D | M]
Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2009/12/14 20:28:17 |

00,000,000 | ---D | M]
MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2009/12/14 03:02:47 | 00,000,000 | ---D | C]
PIF -> C:\WINDOWS\PIF -> [2009/12/13 10:54:39 | 00,000,000 | -H-D | C]
.clamwin -> C:\Documents and Settings\Eric\Application Data\.clamwin -> [2009/12/11 23:42:17 | 00,000,000 | ---D | C]
.clamwin -> C:\Documents and Settings\All Users\.clamwin -> [2009/12/11 23:41:39 | 00,000,000 | ---D | C]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/12/11 15:30:36 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->

[2009/12/11 15:28:59 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/12/11 15:27:04 | 00,000,000 | ---D | C]
lowsec -> C:\WINDOWS\System32\lowsec -> [2009/12/09 05:06:02 | 00,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/12/04 22:20:57 | 00,000,000 | ---D |

M]
HPAppData -> C:\Documents and Settings\Eric\Application Data\HPAppData -> [2009/12/04 16:06:23 | 00,000,000 | ---D |

C]
WEBREG -> C:\Documents and Settings\All Users\Application Data\WEBREG -> [2009/12/04 09:18:29 | 00,000,000 | ---D | C]
HPZipr12.sys -> C:\WINDOWS\System32\drivers\HPZipr12.sys -> [2009/12/04 09:17:00 | 00,016,496 | R--- | C] (HP)
HPZid412.sys -> C:\WINDOWS\System32\drivers\HPZid412.sys -> [2009/12/04 09:16:58 | 00,049,920 | R--- | C] (HP)
hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2009/12/04 09:16:33 | 00,452,408 | R--- | C] (Hewlett-Packard)
hpf3l70v.dll -> C:\WINDOWS\System32\hpf3l70v.dll -> [2009/12/04 09:16:33 | 00,123,904 | ---- | C] (Hewlett-Packard

Company)
HPZius12.sys -> C:\WINDOWS\System32\drivers\HPZius12.sys -> [2009/12/04 09:16:24 | 00,021,568 | R--- | C] (HP)
hposwia_d02c.dll -> C:\WINDOWS\System32\hposwia_d02c.dll -> [2009/12/04 09:16:07 | 00,712,704 | R--- | C] (Hewlett-

Packard)
hpost_d02c.dll -> C:\WINDOWS\System32\hpost_d02c.dll -> [2009/12/04 09:16:07 | 00,589,824 | R--- | C] (Hewlett-Packard

Co.)
hppldcoi.dll -> C:\WINDOWS\System32\hppldcoi.dll -> [2009/12/04 09:16:07 | 00,372,736 | R--- | C] (Hewlett-Packard)
hposc_d02a.dll -> C:\WINDOWS\System32\hposc_d02a.dll -> [2009/12/04 09:16:07 | 00,315,392 | R--- | C] (Hewlett-Packard

Co.)
difxapi.dll -> C:\WINDOWS\System32\difxapi.dll -> [2009/12/04 09:16:07 | 00,309,760 | R--- | C] (Microsoft Corporation)
HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2009/12/04 09:13:17

| 00,000,000 | ---D | C]
HP -> C:\Program Files\Common Files\HP -> [2009/12/04 09:11:53 | 00,000,000 | ---D | C]
Hewlett-Packard -> C:\Program Files\Common Files\Hewlett-Packard -> [2009/12/04 09:11:25 | 00,000,000 | ---D | C]
HP -> C:\Documents and Settings\All Users\Application Data\HP -> [2009/12/04 09:11:10 | 00,000,000 | ---D | C]
HP -> C:\Program Files\HP -> [2009/12/04 09:10:05 | 00,000,000 | ---D | C]
usbscan.sys -> C:\WINDOWS\System32\dllcache\usbscan.sys -> [2009/12/04 08:48:27 | 00,015,104 | ---- | C] (Microsoft

Corporation)
usbprint.sys -> C:\WINDOWS\System32\dllcache\usbprint.sys -> [2009/12/04 08:48:24 | 00,025,856 | ---- | C] (Microsoft

Corporation)
pss -> C:\WINDOWS\pss -> [2009/12/02 14:33:53 | 00,000,000 | ---D | C]
xmldm -> C:\WINDOWS\System32\xmldm -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
UAs -> C:\WINDOWS\System32\UAs -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2009/11/29 01:14:34 | 00,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2009/11/29 00:24:21 |

00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/29 00:04:44 |

00,000,000 | ---D | M]
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | C] (Microsoft Corporation)
nsysk.ini -> C:\WINDOWS\System32\nsysk.ini -> [2009/11/28 01:23:16 | 00,994,304 | ---- | C] (Microsoft Corporation)
olsysk.dat -> C:\WINDOWS\System32\olsysk.dat -> [2009/11/28 01:23:16 | 00,986,112 | ---- | C] (Microsoft Corporation)
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/11/28 01:23:16 | 00,670,208 | ---- | C] (Microsoft Corporation)
olsysw.dat -> C:\WINDOWS\System32\olsysw.dat -> [2009/11/28 01:23:16 | 00,662,016 | ---- | C] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/11/28 01:23:16 | 00,021,504 | ---- | C] (Microsoft Corporation)
olsysp.dat -> C:\WINDOWS\System32\olsysp.dat -> [2009/11/28 01:23:16 | 00,017,408 | ---- | C] (Microsoft Corporation)
msynldks.dll -> C:\WINDOWS\System32\msynldks.dll -> [2009/11/28 00:17:09 | 00,032,768 | ---- | C] (USA)
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 |

--SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --

SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2004/01/01

04:20:36 | 00,000,000 | ---D | M]
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files/Folders - Modified Within 30 Days]
rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys -> [2009/12/23 15:44:09 | 00,707,072 | ---- | M] ()
dufubuga -> C:\WINDOWS\System32\dufubuga -> [2009/12/23 15:42:01 | 00,011,168 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job -> [2009/12/23 15:00:00 | 00,000,296 | ---- | M] ()
hosms -> C:\WINDOWS\System32\drivers\etc\hosms -> [2009/12/23 05:47:04 | 00,000,767 | ---- | M] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/12/23 04:43:00 | 05,505,024 | ---- | M] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/12/23 04:30:42 | 00,025,600 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/23 04:25:38 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/23 04:25:31 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/23 04:25:29 | 13,333,17632 | -HS- | M] ()
ntuser.ini -> C:\Documents and Settings\Eric\ntuser.ini -> [2009/12/22 17:08:49 | 00,000,178 | -HS- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/12/22 05:09:38 | 00,000,658 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/12/22 05:09:38 | 00,000,227 | ---- | M] ()
dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe -> [2009/12/20 11:35:58 | 00,002,098 | -HS- | M] ()
boot.ini -> C:\boot.ini -> [2009/12/20 07:53:15 | 00,000,211 | RHS- | M] ()
bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll -> [2009/12/20 07:15:09 | 00,000,000 | -HS- | M] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | M] ()
bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe -> [2009/12/19 20:34:54 | 00,002,098 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db -> [2009/12/18 17:07:10

| 03,285,992 | -H-- | M] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/18 14:00:17 | 00,000,000 | ---- | M] ()
21906.exe -> C:\WINDOWS\System32\21906.exe -> [2009/12/17 16:19:24 | 00,000,000 | ---- | M] ()
15724.exe -> C:\WINDOWS\System32\15724.exe -> [2009/12/17 15:41:33 | 00,000,000 | ---- | M] ()
19169.exe -> C:\WINDOWS\System32\19169.exe -> [2009/12/17 15:21:31 | 00,000,000 | ---- | M] ()
26500.exe -> C:\WINDOWS\System32\26500.exe -> [2009/12/17 15:01:30 | 00,000,000 | ---- | M] ()
6334.exe -> C:\WINDOWS\System32\6334.exe -> [2009/12/17 14:41:25 | 00,000,000 | ---- | M] ()
18467.exe -> C:\WINDOWS\System32\18467.exe -> [2009/12/17 14:21:00 | 00,000,000 | ---- | M] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/17 13:56:55 | 00,019,456 | ---- | M] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | M] ()
gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe -> [2009/12/16 13:55:27 | 00,002,098 | -HS- | M] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/16 07:00:24 | 00,000,061 | ---- | M] ()
711046.BAT -> C:\WINDOWS\System32\711046.BAT -> [2009/12/14 22:48:53 | 00,000,118 | ---- | M] ()
msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll -> [2009/12/14 22:48:49 | 00,032,768 | ---- | M] (USA)
wincode.dat -> C:\WINDOWS\System32\wincode.dat -> [2009/12/14 05:24:09 | 00,023,905 | ---- | M] ()
powrprof.dll -> C:\WINDOWS\System32\powrprof.dll -> [2009/12/14 05:24:09 | 00,021,504 | ---- | M] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/12/14 05:24:09 | 00,021,504 | ---- | M] (Microsoft Corporation)
krncode.dat -> C:\WINDOWS\System32\krncode.dat -> [2009/12/14 05:24:09 | 00,006,414 | ---- | M] ()
pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat -> [2009/12/14 05:24:09 | 00,001,617 | ---- | M] ()
nsysk.ini -> C:\WINDOWS\System32\nsysk.ini -> [2009/12/14 05:24:08 | 00,994,304 | ---- | M] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\System32\dllcache\kernel32.dll -> [2009/12/14 05:24:08 | 00,994,304 | ---- | M] (Microsoft

Corporation)
ntload.dll -> C:\Documents and Settings\Eric\ntload.dll -> [2009/12/14 05:24:08 | 00,029,696 | -HS- | M] (Microsoft)
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2009/12/14 05:24:08 | 00,000,000 | -HS- | M] ()
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft

Corporation)
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft Corporation)
shifld2.old -> C:\WINDOWS\System32\shifld2.old -> [2009/12/14 05:24:00 | 00,047,856 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/14 05:19:51 | 00,355,944 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/14 05:19:51 | 00,311,604 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/14 05:19:51 | 00,039,992 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/14 03:43:50 | 00,001,393 | ---- | M] ()
4827.exe -> C:\WINDOWS\System32\4827.exe -> [2009/12/12 17:32:07 | 00,000,000 | ---- | M] ()
11942.exe -> C:\WINDOWS\System32\11942.exe -> [2009/12/12 17:12:07 | 00,000,000 | ---- | M] ()
2995.exe -> C:\WINDOWS\System32\2995.exe -> [2009/12/12 16:52:06 | 00,000,000 | ---- | M] ()
491.exe -> C:\WINDOWS\System32\491.exe -> [2009/12/12 16:32:06 | 00,000,000 | ---- | M] ()
9961.exe -> C:\WINDOWS\System32\9961.exe -> [2009/12/12 16:12:06 | 00,000,000 | ---- | M] ()
16827.exe -> C:\WINDOWS\System32\16827.exe -> [2009/12/12 15:52:06 | 00,000,000 | ---- | M] ()
23281.exe -> C:\WINDOWS\System32\23281.exe -> [2009/12/12 15:32:06 | 00,000,000 | ---- | M] ()
28145.exe -> C:\WINDOWS\System32\28145.exe -> [2009/12/12 15:12:06 | 00,000,000 | ---- | M] ()
5705.exe -> C:\WINDOWS\System32\5705.exe -> [2009/12/12 14:52:06 | 00,000,000 | ---- | M] ()
24464.exe -> C:\WINDOWS\System32\24464.exe -> [2009/12/12 14:32:06 | 00,000,000 | ---- | M] ()
26962.exe -> C:\WINDOWS\System32\26962.exe -> [2009/12/12 14:12:06 | 00,000,000 | ---- | M] ()
29358.exe -> C:\WINDOWS\System32\29358.exe -> [2009/12/12 13:52:06 | 00,000,000 | ---- | M] ()
11478.exe -> C:\WINDOWS\System32\11478.exe -> [2009/12/12 13:32:06 | 00,000,000 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/12/12 11:25:48 | 00,000,049 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/11 15:09:55 | 00,001,158 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->

[2009/12/10 12:12:08 | 00,040,952 | ---- | M] ()
musosami.dll -> C:\WINDOWS\System32\musosami.dll -> [2009/12/10 08:31:57 | 00,002,098 | -HS- | M] ()
tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | M] ()
rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | M] ()
23811.exe -> C:\WINDOWS\System32\23811.exe -> [2009/12/10 08:18:23 | 00,000,000 | ---- | M] ()
28703.exe -> C:\WINDOWS\System32\28703.exe -> [2009/12/10 07:58:22 | 00,000,000 | ---- | M] ()
9894.exe -> C:\WINDOWS\System32\9894.exe -> [2009/12/10 07:38:21 | 00,000,000 | ---- | M] ()
17035.exe -> C:\WINDOWS\System32\17035.exe -> [2009/12/10 07:18:21 | 00,000,000 | ---- | M] ()
26299.exe -> C:\WINDOWS\System32\26299.exe -> [2009/12/10 06:58:20 | 00,000,000 | ---- | M] ()
25667.exe -> C:\WINDOWS\System32\25667.exe -> [2009/12/10 06:38:19 | 00,000,000 | ---- | M] ()
19912.exe -> C:\WINDOWS\System32\19912.exe -> [2009/12/10 06:18:18 | 00,000,000 | ---- | M] ()
1869.exe -> C:\WINDOWS\System32\1869.exe -> [2009/12/10 05:58:17 | 00,000,000 | ---- | M] ()
11538.exe -> C:\WINDOWS\System32\11538.exe -> [2009/12/10 05:38:17 | 00,000,000 | ---- | M] ()
14771.exe -> C:\WINDOWS\System32\14771.exe -> [2009/12/10 05:18:08 | 00,000,000 | ---- | M] ()
21726.exe -> C:\WINDOWS\System32\21726.exe -> [2009/12/10 04:58:07 | 00,000,000 | ---- | M] ()
5447.exe -> C:\WINDOWS\System32\5447.exe -> [2009/12/10 04:38:06 | 00,000,000 | ---- | M] ()
19895.exe -> C:\WINDOWS\System32\19895.exe -> [2009/12/10 04:18:00 | 00,000,000 | ---- | M] ()
19718.exe -> C:\WINDOWS\System32\19718.exe -> [2009/12/10 03:57:59 | 00,000,000 | ---- | M] ()
18716.exe -> C:\WINDOWS\System32\18716.exe -> [2009/12/10 03:37:57 | 00,000,000 | ---- | M] ()
17421.exe -> C:\WINDOWS\System32\17421.exe -> [2009/12/10 03:17:57 | 00,000,000 | ---- | M] ()
12382.exe -> C:\WINDOWS\System32\12382.exe -> [2009/12/10 02:57:54 | 00,000,000 | ---- | M] ()
292.exe -> C:\WINDOWS\System32\292.exe -> [2009/12/10 02:37:53 | 00,000,000 | ---- | M] ()
153.exe -> C:\WINDOWS\System32\153.exe -> [2009/12/10 02:17:52 | 00,000,000 | ---- | M] ()
3902.exe -> C:\WINDOWS\System32\3902.exe -> [2009/12/10 01:57:51 | 00,000,000 | ---- | M] ()
14604.exe -> C:\WINDOWS\System32\14604.exe -> [2009/12/10 01:37:51 | 00,000,000 | ---- | M] ()
32391.exe -> C:\WINDOWS\System32\32391.exe -> [2009/12/10 01:17:50 | 00,000,000 | ---- | M] ()
5436.exe -> C:\WINDOWS\System32\5436.exe -> [2009/12/10 00:57:45 | 00,000,000 | ---- | M] ()
siyizene.dll -> C:\WINDOWS\System32\siyizene.dll -> [2009/12/09 04:07:20 | 00,009,908 | -HS- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/08 18:25:03 | 00,153,176 | ---- | M] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:18:17 | 00,160,881 | ---- | M] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 |

00,001,018 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M]

(Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes

Corporation)
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | M] ()
leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe -> [2009/12/02 12:45:24 | 00,156,160 | ---- | M] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | M] ()
t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k -> [2009/11/30 00:15:28 | 00,008,823 | ---- | M] ()
t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k -> [2009/11/30 00:11:53 | 00,022,831 | ---- | M] ()
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
dnsapi.dll -> C:\WINDOWS\System32\dllcache\dnsapi.dll -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft

Corporation)
msynldks.dll -> C:\WINDOWS\System32\msynldks.dll -> [2009/11/28 00:17:09 | 00,032,768 | ---- | M] (USA)
pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools)
mylist.m3u -> C:\Documents and Settings\Eric\My Documents\mylist.m3u -> [2009/11/23 16:02:10 | 00,008,546 | ---- | M] ()
42 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
42 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local

Settings\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local

Settings\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local

Settings\Temp\*.tmp ->
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/22 05:21:42 | 13,333,17632 | -HS- | C] ()
dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job -> [2009/12/21 20:37:51 | 00,000,296 | ---- | C] ()
dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe -> [2009/12/20 11:35:58 | 00,002,098 | -HS- | C] ()
PCTAppEvent.cat -> C:\WINDOWS\System32\drivers\PCTAppEvent.cat -> [2009/12/20 08:15:31 | 00,007,412 | ---- | C] ()
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/12/20 08:15:31 | 00,007,383 | ---- | C] ()
pctgntdi.cat -> C:\WINDOWS\System32\drivers\pctgntdi.cat -> [2009/12/20 08:15:29 | 00,007,387 | ---- | C] ()
pctNdis-PacketFilter.cat -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat -> [2009/12/20 08:15:08 | 00,007,435 | --

-- | C] ()
pctNdis-DNS.cat -> C:\WINDOWS\System32\drivers\pctNdis-DNS.cat -> [2009/12/20 08:15:08 | 00,007,399 | ---- | C] ()
pctplfw.cat -> C:\WINDOWS\System32\drivers\pctplfw.cat -> [2009/12/20 08:15:05 | 00,007,383 | ---- | C] ()
bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll -> [2009/12/20 07:15:09 | 00,000,000 | -HS- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | C] ()
bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe -> [2009/12/19 20:34:54 | 00,002,098 | -HS- | C] ()
21906.exe -> C:\WINDOWS\System32\21906.exe -> [2009/12/17 16:19:24 | 00,000,000 | ---- | C] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | C] ()
gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe -> [2009/12/16 13:55:27 | 00,002,098 | -HS- | C] ()
rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys -> [2009/12/14 22:52:51 | 00,707,072 | ---- | C] ()
711046.BAT -> C:\WINDOWS\System32\711046.BAT -> [2009/12/14 22:48:53 | 00,000,118 | ---- | C] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/14 01:10:01 | 00,000,061 | ---- | C] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/10 11:08:52 | 00,019,456 | ---- | C] ()
musosami.dll -> C:\WINDOWS\System32\musosami.dll -> [2009/12/10 08:31:57 | 00,002,098 | -HS- | C] ()
tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | C] ()
rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | C] ()
23811.exe -> C:\WINDOWS\System32\23811.exe -> [2009/12/10 08:18:23 | 00,000,000 | ---- | C] ()
28703.exe -> C:\WINDOWS\System32\28703.exe -> [2009/12/10 07:58:22 | 00,000,000 | ---- | C] ()
9894.exe -> C:\WINDOWS\System32\9894.exe -> [2009/12/10 07:38:21 | 00,000,000 | ---- | C] ()
17035.exe -> C:\WINDOWS\System32\17035.exe -> [2009/12/10 07:18:21 | 00,000,000 | ---- | C] ()
26299.exe -> C:\WINDOWS\System32\26299.exe -> [2009/12/10 06:58:20 | 00,000,000 | ---- | C] ()
25667.exe -> C:\WINDOWS\System32\25667.exe -> [2009/12/10 06:38:19 | 00,000,000 | ---- | C] ()
19912.exe -> C:\WINDOWS\System32\19912.exe -> [2009/12/10 06:18:18 | 00,000,000 | ---- | C] ()
1869.exe -> C:\WINDOWS\System32\1869.exe -> [2009/12/10 05:58:17 | 00,000,000 | ---- | C] ()
11538.exe -> C:\WINDOWS\System32\11538.exe -> [2009/12/10 05:38:17 | 00,000,000 | ---- | C] ()
14771.exe -> C:\WINDOWS\System32\14771.exe -> [2009/12/10 05:18:08 | 00,000,000 | ---- | C] ()
21726.exe -> C:\WINDOWS\System32\21726.exe -> [2009/12/10 04:58:07 | 00,000,000 | ---- | C] ()
5447.exe -> C:\WINDOWS\System32\5447.exe -> [2009/12/10 04:38:06 | 00,000,000 | ---- | C] ()
19895.exe -> C:\WINDOWS\System32\19895.exe -> [2009/12/10 04:18:00 | 00,000,000 | ---- | C] ()
19718.exe -> C:\WINDOWS\System32\19718.exe -> [2009/12/10 03:57:59 | 00,000,000 | ---- | C] ()
18716.exe -> C:\WINDOWS\System32\18716.exe -> [2009/12/10 03:37:57 | 00,000,000 | ---- | C] ()
17421.exe -> C:\WINDOWS\System32\17421.exe -> [2009/12/10 03:17:57 | 00,000,000 | ---- | C] ()
12382.exe -> C:\WINDOWS\System32\12382.exe -> [2009/12/10 02:57:54 | 00,000,000 | ---- | C] ()
292.exe -> C:\WINDOWS\System32\292.exe -> [2009/12/10 02:37:53 | 00,000,000 | ---- | C] ()
153.exe -> C:\WINDOWS\System32\153.exe -> [2009/12/10 02:17:52 | 00,000,000 | ---- | C] ()
3902.exe -> C:\WINDOWS\System32\3902.exe -> [2009/12/10 01:57:51 | 00,000,000 | ---- | C] ()
14604.exe -> C:\WINDOWS\System32\14604.exe -> [2009/12/10 01:37:51 | 00,000,000 | ---- | C] ()
32391.exe -> C:\WINDOWS\System32\32391.exe -> [2009/12/10 01:17:50 | 00,000,000 | ---- | C] ()
5436.exe -> C:\WINDOWS\System32\5436.exe -> [2009/12/10 00:57:45 | 00,000,000 | ---- | C] ()
4827.exe -> C:\WINDOWS\System32\4827.exe -> [2009/12/10 00:37:45 | 00,000,000 | ---- | C] ()
11942.exe -> C:\WINDOWS\System32\11942.exe -> [2009/12/10 00:17:44 | 00,000,000 | ---- | C] ()
2995.exe -> C:\WINDOWS\System32\2995.exe -> [2009/12/09 23:57:43 | 00,000,000 | ---- | C] ()
491.exe -> C:\WINDOWS\System32\491.exe -> [2009/12/09 23:37:42 | 00,000,000 | ---- | C] ()
9961.exe -> C:\WINDOWS\System32\9961.exe -> [2009/12/09 23:17:35 | 00,000,000 | ---- | C] ()
16827.exe -> C:\WINDOWS\System32\16827.exe -> [2009/12/09 22:57:18 | 00,000,000 | ---- | C] ()
23281.exe -> C:\WINDOWS\System32\23281.exe -> [2009/12/09 22:37:14 | 00,000,000 | ---- | C] ()
28145.exe -> C:\WINDOWS\System32\28145.exe -> [2009/12/09 22:17:13 | 00,000,000 | ---- | C] ()
5705.exe -> C:\WINDOWS\System32\5705.exe -> [2009/12/09 21:57:13 | 00,000,000 | ---- | C] ()
24464.exe -> C:\WINDOWS\System32\24464.exe -> [2009/12/09 21:36:58 | 00,000,000 | ---- | C] ()
26962.exe -> C:\WINDOWS\System32\26962.exe -> [2009/12/09 21:16:56 | 00,000,000 | ---- | C] ()
29358.exe -> C:\WINDOWS\System32\29358.exe -> [2009/12/09 20:56:55 | 00,000,000 | ---- | C] ()
11478.exe -> C:\WINDOWS\System32\11478.exe -> [2009/12/09 20:36:54 | 00,000,000 | ---- | C] ()
15724.exe -> C:\WINDOWS\System32\15724.exe -> [2009/12/09 20:16:53 | 00,000,000 | ---- | C] ()
19169.exe -> C:\WINDOWS\System32\19169.exe -> [2009/12/09 19:56:52 | 00,000,000 | ---- | C] ()
26500.exe -> C:\WINDOWS\System32\26500.exe -> [2009/12/09 19:36:51 | 00,000,000 | ---- | C] ()
6334.exe -> C:\WINDOWS\System32\6334.exe -> [2009/12/09 19:16:46 | 00,000,000 | ---- | C] ()
18467.exe -> C:\WINDOWS\System32\18467.exe -> [2009/12/09 18:56:45 | 00,000,000 | ---- | C] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/09 18:36:38 | 00,000,000 | ---- | C] ()
winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe -> [2009/12/09 18:36:08 | 00,019,968 | -HS- | C] ()
siyizene.dll -> C:\WINDOWS\System32\siyizene.dll -> [2009/12/09 04:07:20 | 00,009,908 | -HS- | C] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 |

00,001,018 | ---- | C] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:07:54 | 00,160,881 | ---- | C] ()
hpomdl44.dat -> C:\WINDOWS\hpomdl44.dat -> [2009/12/04 09:07:53 | 00,000,586 | ---- | C] ()
hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/12/04 08:45:19 | 00,001,043 |

---- | C] ()
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | C] ()
leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe -> [2009/12/02 12:45:24 | 00,156,160 | ---- | C] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | C] ()
t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k -> [2009/11/30 00:15:25 | 00,008,823 | ---- | C] ()
t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k -> [2009/11/30 00:03:29 | 00,022,831 | ---- | C] ()
krncode.dat -> C:\WINDOWS\System32\krncode.dat -> [2009/11/28 01:23:17 | 00,006,414 | ---- | C] ()
wincode.dat -> C:\WINDOWS\System32\wincode.dat -> [2009/11/28 01:23:16 | 00,023,905 | ---- | C] ()
pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat -> [2009/11/28 01:23:16 | 00,001,617 | ---- | C] ()
shifld2.old -> C:\WINDOWS\System32\shifld2.old -> [2009/11/28 01:23:11 | 00,047,856 | ---- | C] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/11/28 00:04:17 | 00,025,600 | ---- | C] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/11/24 00:26:38 | 05,505,024 | ---- | C] ()
dukiwava.dll -> C:\WINDOWS\System32\dukiwava.dll -> [2009/09/20 23:36:20 | 00,039,424 | -HS- | C] ()
yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | C] ()
ladahawe.dll -> C:\WINDOWS\System32\ladahawe.dll -> [2009/09/20 23:35:56 | 00,061,952 | -HS- | C] ()
naruhogo.dll -> C:\WINDOWS\System32\naruhogo.dll -> [2009/09/17 13:56:27 | 00,045,568 | -HS- | C] ()
muwuhare.dll -> C:\WINDOWS\System32\muwuhare.dll -> [2009/09/17 13:56:04 | 00,039,424 | -HS- | C] ()
jesoyaru.dll -> C:\WINDOWS\System32\jesoyaru.dll -> [2009/09/17 01:56:01 | 00,039,424 | -HS- | C] ()
yijeyenu.dll -> C:\WINDOWS\System32\yijeyenu.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
kafiseri.dll -> C:\WINDOWS\System32\kafiseri.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
bahegope.dll -> C:\WINDOWS\System32\bahegope.dll -> [2009/09/15 05:49:47 | 00,053,248 | -HS- | C] ()
bozilajo.dll -> C:\WINDOWS\System32\bozilajo.dll -> [2009/09/15 05:49:33 | 00,045,568 | -HS- | C] ()
hofonike.dll -> C:\WINDOWS\System32\hofonike.dll -> [2009/09/15 05:49:08 | 00,039,424 | -HS- | C] ()
sayawoha.dll -> C:\WINDOWS\System32\sayawoha.dll -> [2009/09/11 17:24:07 | 00,045,568 | -HS- | C] ()
wopowupa.dll -> C:\WINDOWS\System32\wopowupa.dll -> [2009/09/11 17:24:06 | 00,039,424 | -HS- | C] ()
zivogima.dll -> C:\WINDOWS\System32\zivogima.dll -> [2009/09/10 08:34:33 | 00,039,424 | -HS- | C] ()
hipofahi.dll -> C:\WINDOWS\System32\hipofahi.dll -> [2009/09/10 08:12:00 | 00,000,003 | -HS- | C] ()
sirodave.dll -> C:\WINDOWS\System32\sirodave.dll -> [2009/09/10 08:11:59 | 00,000,003 | -HS- | C] ()
piyidaze.dll -> C:\WINDOWS\System32\piyidaze.dll -> [2009/09/10 08:11:59 | 00,000,003 | -HS- | C] ()
zehasipe.dll -> C:\WINDOWS\System32\zehasipe.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
tobigude.dll -> C:\WINDOWS\System32\tobigude.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
gopeyuye.dll -> C:\WINDOWS\System32\gopeyuye.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
navepolu.dll -> C:\WINDOWS\System32\navepolu.dll -> [2009/09/09 19:44:05 | 00,000,003 | -HS- | C] ()
lezarase.dll -> C:\WINDOWS\System32\lezarase.dll -> [2009/09/09 19:44:05 | 00,000,003 | -HS- | C] ()
jonesuke.dll -> C:\WINDOWS\System32\jonesuke.dll -> [2009/09/09 19:21:18 | 00,000,003 | -HS- | C] ()
fejawoza.dll -> C:\WINDOWS\System32\fejawoza.dll -> [2009/09/09 19:21:18 | 00,000,003 | -HS- | C] ()
nisamuva.dll -> C:\WINDOWS\System32\nisamuva.dll -> [2009/09/09 19:21:17 | 00,000,003 | -HS- | C] ()
lubosuve.dll -> C:\WINDOWS\System32\lubosuve.dll -> [2009/09/09 19:21:17 | 00,000,003 | -HS- | C] ()
dobiyide.dll -> C:\WINDOWS\System32\dobiyide.dll -> [2009/09/09 18:58:41 | 00,000,003 | -HS- | C] ()
zinozobu.dll -> C:\WINDOWS\System32\zinozobu.dll -> [2009/09/09 18:58:40 | 00,000,003 | -HS- | C] ()
yafilore.dll -> C:\WINDOWS\System32\yafilore.dll -> [2009/09/09 18:58:40 | 00,000,003 | -HS- | C] ()
jivesiye.dll -> C:\WINDOWS\System32\jivesiye.dll -> [2009/09/09 18:36:03 | 00,000,003 | -HS- | C] ()
guyeroso.dll -> C:\WINDOWS\System32\guyeroso.dll -> [2009/09/09 18:36:03 | 00,000,003 | -HS- | C] ()
yademejo.dll -> C:\WINDOWS\System32\yademejo.dll -> [2009/09/09 18:35:57 | 00,000,003 | -HS- | C] ()
pilabuma.dll -> C:\WINDOWS\System32\pilabuma.dll -> [2009/09/09 18:35:57 | 00,000,003 | -HS- | C] ()
bidapoyi.dll -> C:\WINDOWS\System32\bidapoyi.dll -> [2009/09/09 18:13:13 | 00,000,003 | -HS- | C] ()
yuteraji.dll -> C:\WINDOWS\System32\yuteraji.dll -> [2009/09/09 18:13:12 | 00,000,003 | -HS- | C] ()
lutehibe.dll -> C:\WINDOWS\System32\lutehibe.dll -> [2009/09/09 18:13:11 | 00,000,003 | -HS- | C] ()
GMudSVgw.INI -> C:\WINDOWS\GMudSVgw.INI -> [2007/09/25 22:31:52 | 00,000,876 | ---- | C] ()
ALBUM.INI -> C:\WINDOWS\ALBUM.INI -> [2006/12/07 17:28:03 | 00,000,086 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2006/12/02 15:37:38 | 00,363,520 | ---- | C] ()
DC2110a.ini -> C:\WINDOWS\DC2110a.ini -> [2006/11/27 16:06:06 | 00,000,321 | R--- | C] ()
dcccp106.dll -> C:\WINDOWS\System32\dcccp106.dll -> [2006/11/27 16:06:05 | 00,061,440 | R--- | C] ()
cccp106.ini -> C:\WINDOWS\cccp106.ini -> [2006/11/27 16:06:05 | 00,015,542 | R--- | C] ()
vcccp106.dll -> C:\WINDOWS\System32\vcccp106.dll -> [2006/11/27 16:06:04 | 00,045,056 | R--- | C] ()
cccp106.sys -> C:\WINDOWS\System32\drivers\cccp106.sys -> [2006/11/27 16:06:03 | 00,227,200 | R--- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2006/11/11 22:01:59 | 00,000,029 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2006/11/11 20:13:22 | 00,000,049 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/11/11 16:31:39 | 00,000,002 | ---- | C] ()
DIV_IYUV.DLL -> C:\WINDOWS\DIV_IYUV.DLL -> [2006/11/11 16:27:34 | 00,032,768 | ---- | C] ()
JPGL.DLL -> C:\WINDOWS\JPGL.DLL -> [2006/11/11 16:27:33 | 00,036,864 | ---- | C] ()
videoimp.ini -> C:\WINDOWS\videoimp.ini -> [2006/11/11 16:26:37 | 00,000,746 | ---- | C] ()
vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/11/11 16:26:20 | 00,010,240 | ---- | C] ()
IECodecPlg.dll -> C:\WINDOWS\IECodecPlg.dll -> [2005/12/01 17:39:22 | 00,113,152 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2004/12/19 07:29:40 | 00,106,496 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2004/12/19 07:17:10 | 00,614,400 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/01/03 21:00:49 | 00,000,061 | ---- | C] ()
winamp.ini -> C:\WINDOWS\winamp.ini -> [2004/01/01 05:46:42 | 00,000,132 | ---- | C] ()
net2fone.ini -> C:\WINDOWS\net2fone.ini -> [2004/01/01 05:46:08 | 00,000,310 | ---- | C] ()
avrack.ini -> C:\WINDOWS\avrack.ini -> [2004/01/01 04:55:12 | 00,000,164 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/01/01 03:06:58 | 00,001,094 | ---- | C] ()
emver.ini -> C:\WINDOWS\System32\emver.ini -> [2004/01/01 03:06:58 | 00,000,467 | ---- | C] ()
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2004/01/01 03:06:26 | 00,000,000 | -HS- | C] ()
FInstall.sys -> C:\WINDOWS\System32\FInstall.sys -> [2003/03/31 06:00:00 | 00,000,004 | ---- | C] ()
OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 12:42:56 | 00,237,568 | ---- | C] ()
VorbisEnc.dll -> C:\WINDOWS\System32\VorbisEnc.dll -> [2002/10/04 17:04:24 | 00,921,600 | ---- | C] ()
vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/10/04 17:04:24 | 00,188,416 | ---- | C] ()
ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/10/04 17:04:16 | 00,045,056 | ---- | C] ()
mp4fil32.dll -> C:\WINDOWS\System32\mp4fil32.dll -> [2002/05/15 17:38:40 | 00,091,136 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 2956 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >
[/code]

 

[blackdra]

computer is to a dirty hooker as stds are computer viruses....... damn that mean were fighting computer herpes ... you think its gone but it comes right back

 

[peku006]

Hi blackdra

you missed this :Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Turn Off WordWrap

• Click Start
• All Programs
• Accessories
• Notepad
• On the menu bar in Notepad select Format
• Click on WordWrap so it appears unchecked

With that done, please post OTS log again

Thanks peku006

 

[blackdra]

my bad

OTS logfile created on: 12/23/2009 3:42:34 PM - Run 1
OTS by OldTimer - Version 3.1.12.0     Folder = c:\documents and settings\eric\desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 89.60 Gb Free Space | 80.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BLACKSILVER
Current User Name: Eric
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
bartshel.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\BartShel.exe -> [2005/06/13 13:55:37 | 00,150,016 | ---- | M] (PeoplePC)
ppshared.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\PPShared.exe -> [2005/06/13 13:55:37 | 00,092,672 | ---- | M] (PeoplePC)
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
ctsvccda.exe -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
 
[Modules - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
fepabavi.dll -> C:\WINDOWS\system32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | M] ()
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -> [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(fastnetsrv) fastnetsrv  Service [Disabled | Stopped] ->  -> File not found
(SPService) SPService [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL -> [2009/12/10 10:59:19 | 00,057,856 | ---- | M] ()
(PCToolsFirewallPlus) PC Tools Firewall Plus [Auto | Stopped] -> C:\Program Files\PC Tools Firewall Plus\FWService.exe -> [2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2009/05/21 22:13:36 | 00,248,832 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2009/05/21 22:03:06 | 00,133,120 | ---- | M] (Hewlett-Packard Co.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/12/03 20:05:42 | 00,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/12/03 20:05:32 | 00,044,544 | ---- | M] (Hewlett-Packard)
(Viewpoint Manager Service) Viewpoint Manager Service [Disabled | Stopped] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running] -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
 
[Driver Services - Safe List]
(pctNDIS) PC Tools Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis.sys -> [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools)
(PCTAppEvent) PCTAppEvent Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PCTAppEvent.sys -> [2009/11/23 13:54:20 | 00,088,040 | ---- | M] (PC Tools)
(PCTFW-PacketFilter) PCTools Firewall - Packet filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -> [2009/11/10 17:11:36 | 00,070,408 | ---- | M] (PC Tools)
(pctgntdi) pctgntdi [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pctgntdi.sys -> [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools)
(pctplfw) pctplfw [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pctplfw.sys -> [2009/10/16 16:55:00 | 00,115,216 | ---- | M] (PC Tools)
(PCTFW-DNS) PCTools Firewall - DNS driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -> [2009/08/14 13:44:18 | 00,032,552 | ---- | M] (PC Tools)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2009/04/28 14:20:06 | 00,044,944 | ---- | M] (Sonic Solutions)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2008/10/28 04:27:07 | 00,049,920 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2008/10/28 04:27:07 | 00,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2008/10/28 04:27:07 | 00,016,496 | R--- | M] (HP)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rtl8139.sys -> [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(SunkFilt39) Alcor Micro Corp - 3239 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Sunkfilt39.sys -> [2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.)
(SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys -> [2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmsbw.sys -> [2004/01/29 20:13:06 | 00,122,110 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmnt5.sys -> [2004/01/29 20:13:06 | 00,095,579 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmkchw.sys -> [2004/01/29 20:13:04 | 00,099,002 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2004/01/16 15:21:48 | 00,012,970 | ---- | M] (Conexant)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\asctrm.sys -> [2004/01/01 05:38:00 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/13 19:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/13 19:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/08/21 02:31:52 | 00,462,940 | ---- | M] (Realtek Semiconductor Corp.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2003/08/14 09:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Rtlnic51.sys -> [2003/08/13 01:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation                           )
(CCCP106) CIF USB Camera (2110A) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\cccp106.sys -> [2003/04/28 05:03:36 | 00,227,200 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2001/09/27 13:00:26 | 00,028,396 | ---- | M] (America Online, Inc.)
(USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbio.sys -> [2001/05/07 04:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: SearchURL\\"provider" -> live -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyEnable" -> 1 -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyServer" -> localhost:8080 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Eric\Application Data\Mozilla\FireFox\Profiles\5f6awe7z.default\prefs.js -> 
browser.search.defaultenginename -> "Bing" ->
browser.search.defaulturl -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Yu-Gi-Oh! (en)" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.deviantart.com/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 ->
extensions.enabledItems -> {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> smartwebprinting@hp.com:4.5 ->
extensions.enabledItems -> {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 ->
extensions.enabledItems -> {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2 ->
extensions.enabledItems -> {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
keyword.URL -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
network.proxy.ftp -> "proxy_sever" ->
network.proxy.ftp_port -> 8080 ->
network.proxy.gopher -> "proxy_sever" ->
network.proxy.gopher_port -> 8080 ->
network.proxy.http -> "proxy_sever" ->
network.proxy.http_port -> 8080 ->
network.proxy.socks -> "proxy_sever" ->
network.proxy.socks_port -> 8080 ->
network.proxy.ssl -> "proxy_sever" ->
network.proxy.ssl_port -> 8080 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\CompuServe 7.0\Extensions ->  -> 
HKLM\software\mozilla\CompuServe 7.0\Extensions\\ ->  -> 
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2009/12/04 09:14:58 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions -> [2008/06/18 07:09:46 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions -> [2009/12/23 04:57:58 | 00,000,000 | ---D | M]
ChatZilla   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/12/13 19:53:31 | 00,000,000 | ---D | M]
MidnightFox   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} -> [2009/06/25 05:12:29 | 00,000,000 | ---D | M]
Aquatint Black Gloss   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} -> [2008/10/16 16:17:32 | 00,000,000 | ---D | M]
Aluminium Kai 2   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c} -> [2008/05/21 19:22:55 | 00,000,000 | ---D | M]
PitchDark   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2009/07/10 07:53:06 | 00,000,000 | ---D | M]
Web Developer   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} -> [2009/07/10 07:53:11 | 00,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/12/13 19:53:32 | 00,000,000 | ---D | M]
Download Statusbar   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/05/14 07:01:09 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bulbapedia-en.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\bulbapedia-en.xml -> [2009/02/17 05:59:40 | 00,001,431 | ---- | M] ()
 smogon.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\smogon.xml -> [2008/11/20 06:55:13 | 00,002,321 | ---- | M] ()
 yu-gi-oh-en.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\yu-gi-oh-en.xml -> [2009/08/03 01:06:46 | 00,002,303 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/23 04:57:58 | 00,000,000 | ---D | M]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D424EDA1-E01F-45d6-AC89-9425DE6E710A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"00PCTFW" -> C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools)
"nejepidof" -> C:\WINDOWS\System32\yobiseha.DLL [Rundll32.exe "c:\windows\system32\yobiseha.dll",a] -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
< Run [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Anne Startup Folder > -> C:\Documents and Settings\Anne\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup -> 
< Janet Startup Folder > -> C:\Documents and Settings\Janet\Start Menu\Programs\Startup -> 
< Shawn Startup Folder > -> C:\Documents and Settings\Shawn\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> c:\Program Files\aim\aim.exe [Button: AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | M] ()
c:\windows\system32\yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/01/29 20:13:24 | 00,323,584 | ---- | M] (Intel Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [rehirodup] -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [mujuzedij] -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 19:58:14 | 00,413,496 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 06:22:32 | 00,016,896 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 06:22:36 | 01,762,816 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 20:38:10 | 00,626,488 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 20:38:10 | 00,768,312 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2009/05/21 18:22:54 | 00,354,616 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 06:22:30 | 00,277,504 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 21:46:36 | 00,168,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 22:13:36 | 00,275,768 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 20:09:24 | 01,131,832 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 20:09:24 | 01,049,400 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 21:54:18 | 00,024,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 18:04:58 | 00,689,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe" -> C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe [C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe:*:Enabled:mIRC] -> [2003/06/01 21:40:46 | 01,790,464 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\aim\aim.exe" -> C:\Program Files\aim\aim.exe [C:\Program Files\aim\aim.exe:*:Enabled:AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 19:58:14 | 00,413,496 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:googletalk] -> [2007/01/01 15:22:02 | 03,739,648 | ---- | M] (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 06:22:32 | 00,016,896 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 06:22:36 | 01,762,816 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 20:38:10 | 00,626,488 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 20:38:10 | 00,768,312 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2009/05/21 18:22:54 | 00,354,616 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 06:22:30 | 00,277,504 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 21:46:36 | 00,168,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 22:13:36 | 00,275,768 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 20:09:24 | 01,131,832 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 20:09:24 | 01,049,400 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 21:54:18 | 00,024,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 18:04:58 | 00,689,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\InternetSecurity2010\IS2010.exe" -> C:\Program Files\InternetSecurity2010\IS2010.exe [C:\Program Files\InternetSecurity2010\IS2010.exe:*:Enabled:is2010] -> File not found
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2009/12/16 09:37:36 | 00,307,672 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe" -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe [C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:MSN Explorer] -> [2003/03/31 06:00:00 | 00,094,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Paltalk Messenger\paltalk.exe" -> C:\Program Files\Paltalk Messenger\paltalk.exe [C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene] -> File not found
"C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe" -> C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe [C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe:*:Enabled:ppcolink] -> [2005/06/13 13:55:37 | 00,020,480 | ---- | M] (PeoplePC)
"C:\Program Files\Pidgin\pidgin.exe" -> C:\Program Files\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2009/08/19 09:03:42 | 00,045,603 | ---- | M] (The Pidgin developer community)
"C:\Program Files\PurePlay\Poker\PurePlayPoker.exe" -> C:\Program Files\PurePlay\Poker\PurePlayPoker.exe [C:\Program Files\PurePlay\Poker\PurePlayPoker.exe:*:Enabled:PurePlay Poker] -> [2007/08/24 14:16:46 | 01,036,288 | ---- | M] (CyberArts Licensing LLC)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:spybotsd] -> [2009/01/26 15:31:12 | 05,365,592 | RHS- | M] (Safer Networking Limited)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe:*:Enabled:msconfig] -> [2004/08/04 00:56:54 | 00,158,208 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\lsm32.sys" -> C:\WINDOWS\System32\lsm32.sys [C:\WINDOWS\system32\lsm32.sys:*:Enabled:lsm32] -> File not found
"C:\WINDOWS\Temp\cmd.exe" -> C:\WINDOWS\Temp\cmd.exe [C:\WINDOWS\Temp\cmd.exe:*:Enabled:cmd] -> File not found
"C:\WINDOWS\Temp\spoolsv.exe" -> C:\WINDOWS\Temp\spoolsv.exe [C:\WINDOWS\Temp\spoolsv.exe:*:Enabled:spoolsv] -> File not found
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/01/01 04:18:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:39:08 | 00,598,528 | ---- | C] (OldTimer Tools)
 32788R22FWJFW -> C:\32788R22FWJFW -> [2009/12/23 04:44:33 | 00,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/22 06:59:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/22 06:59:40 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/22 06:59:40 | 00,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\Eric\Application Data\Malwarebytes -> [2009/12/22 06:56:22 | 00,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/22 06:56:14 | 00,000,000 | ---D | C]
 computer fix -> C:\Documents and Settings\Eric\Desktop\computer fix -> [2009/12/22 06:48:07 | 00,000,000 | ---D | C]
 32788R22FWJFW(2) -> C:\32788R22FWJFW(2) -> [2009/12/22 05:10:14 | 00,000,000 | ---D | C]
 PCToolsFirewallPlus -> C:\Documents and Settings\Eric\Application Data\PCToolsFirewallPlus -> [2009/12/20 08:16:51 | 00,000,000 | ---D | C]
 PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/12/20 08:15:31 | 00,207,792 | ---- | C] (PC Tools)
 PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/12/20 08:15:31 | 00,088,040 | ---- | C] (PC Tools)
 pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/12/20 08:15:29 | 00,233,136 | ---- | C] (PC Tools)
 pctNdis-PacketFilter.sys -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys -> [2009/12/20 08:15:08 | 00,070,408 | ---- | C] (PC Tools)
 pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/12/20 08:15:08 | 00,056,512 | ---- | C] (PC Tools)
 pctNdis-DNS.sys -> C:\WINDOWS\System32\drivers\pctNdis-DNS.sys -> [2009/12/20 08:15:08 | 00,032,552 | ---- | C] (PC Tools)
 PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/12/20 08:15:08 | 00,000,000 | ---D | C]
 pctplfw.sys -> C:\WINDOWS\System32\drivers\pctplfw.sys -> [2009/12/20 08:15:05 | 00,115,216 | ---- | C] (PC Tools)
 PC Tools Firewall Plus -> C:\Program Files\PC Tools Firewall Plus -> [2009/12/20 08:15:03 | 00,000,000 | ---D | C]
 cock -> C:\WINDOWS\System32\cock -> [2009/12/15 16:55:44 | 00,000,000 | ---D | C]
 msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll -> [2009/12/14 22:48:49 | 00,032,768 | ---- | C] (USA)
 AdobeUM -> C:\Documents and Settings\LocalService\Application Data\AdobeUM -> [2009/12/14 20:28:17 | 00,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2009/12/14 20:28:17 | 00,000,000 | ---D | M]
 MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2009/12/14 03:02:47 | 00,000,000 | ---D | C]
 PIF -> C:\WINDOWS\PIF -> [2009/12/13 10:54:39 | 00,000,000 | -H-D | C]
 .clamwin -> C:\Documents and Settings\Eric\Application Data\.clamwin -> [2009/12/11 23:42:17 | 00,000,000 | ---D | C]
 .clamwin -> C:\Documents and Settings\All Users\.clamwin -> [2009/12/11 23:41:39 | 00,000,000 | ---D | C]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/12/11 15:30:36 | 00,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2009/12/11 15:27:04 | 00,000,000 | ---D | C]
 lowsec -> C:\WINDOWS\System32\lowsec -> [2009/12/09 05:06:02 | 00,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/12/04 22:20:57 | 00,000,000 | ---D | M]
 HPAppData -> C:\Documents and Settings\Eric\Application Data\HPAppData -> [2009/12/04 16:06:23 | 00,000,000 | ---D | C]
 WEBREG -> C:\Documents and Settings\All Users\Application Data\WEBREG -> [2009/12/04 09:18:29 | 00,000,000 | ---D | C]
 HPZipr12.sys -> C:\WINDOWS\System32\drivers\HPZipr12.sys -> [2009/12/04 09:17:00 | 00,016,496 | R--- | C] (HP)
 HPZid412.sys -> C:\WINDOWS\System32\drivers\HPZid412.sys -> [2009/12/04 09:16:58 | 00,049,920 | R--- | C] (HP)
 hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2009/12/04 09:16:33 | 00,452,408 | R--- | C] (Hewlett-Packard)
 hpf3l70v.dll -> C:\WINDOWS\System32\hpf3l70v.dll -> [2009/12/04 09:16:33 | 00,123,904 | ---- | C] (Hewlett-Packard Company)
 HPZius12.sys -> C:\WINDOWS\System32\drivers\HPZius12.sys -> [2009/12/04 09:16:24 | 00,021,568 | R--- | C] (HP)
 hposwia_d02c.dll -> C:\WINDOWS\System32\hposwia_d02c.dll -> [2009/12/04 09:16:07 | 00,712,704 | R--- | C] (Hewlett-Packard)
 hpost_d02c.dll -> C:\WINDOWS\System32\hpost_d02c.dll -> [2009/12/04 09:16:07 | 00,589,824 | R--- | C] (Hewlett-Packard Co.)
 hppldcoi.dll -> C:\WINDOWS\System32\hppldcoi.dll -> [2009/12/04 09:16:07 | 00,372,736 | R--- | C] (Hewlett-Packard)
 hposc_d02a.dll -> C:\WINDOWS\System32\hposc_d02a.dll -> [2009/12/04 09:16:07 | 00,315,392 | R--- | C] (Hewlett-Packard Co.)
 difxapi.dll -> C:\WINDOWS\System32\difxapi.dll -> [2009/12/04 09:16:07 | 00,309,760 | R--- | C] (Microsoft Corporation)
 HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2009/12/04 09:13:17 | 00,000,000 | ---D | C]
 HP -> C:\Program Files\Common Files\HP -> [2009/12/04 09:11:53 | 00,000,000 | ---D | C]
 Hewlett-Packard -> C:\Program Files\Common Files\Hewlett-Packard -> [2009/12/04 09:11:25 | 00,000,000 | ---D | C]
 HP -> C:\Documents and Settings\All Users\Application Data\HP -> [2009/12/04 09:11:10 | 00,000,000 | ---D | C]
 HP -> C:\Program Files\HP -> [2009/12/04 09:10:05 | 00,000,000 | ---D | C]
 usbscan.sys -> C:\WINDOWS\System32\dllcache\usbscan.sys -> [2009/12/04 08:48:27 | 00,015,104 | ---- | C] (Microsoft Corporation)
 usbprint.sys -> C:\WINDOWS\System32\dllcache\usbprint.sys -> [2009/12/04 08:48:24 | 00,025,856 | ---- | C] (Microsoft Corporation)
 pss -> C:\WINDOWS\pss -> [2009/12/02 14:33:53 | 00,000,000 | ---D | C]
 xmldm -> C:\WINDOWS\System32\xmldm -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
 UAs -> C:\WINDOWS\System32\UAs -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2009/11/29 01:14:34 | 00,000,000 | ---D | M]
 Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2009/11/29 00:24:21 | 00,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/29 00:04:44 | 00,000,000 | ---D | M]
 nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | C] (Microsoft Corporation)
 nsysk.ini -> C:\WINDOWS\System32\nsysk.ini -> [2009/11/28 01:23:16 | 00,994,304 | ---- | C] (Microsoft Corporation)
 olsysk.dat -> C:\WINDOWS\System32\olsysk.dat -> [2009/11/28 01:23:16 | 00,986,112 | ---- | C] (Microsoft Corporation)
 nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/11/28 01:23:16 | 00,670,208 | ---- | C] (Microsoft Corporation)
 olsysw.dat -> C:\WINDOWS\System32\olsysw.dat -> [2009/11/28 01:23:16 | 00,662,016 | ---- | C] (Microsoft Corporation)
 nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/11/28 01:23:16 | 00,021,504 | ---- | C] (Microsoft Corporation)
 olsysp.dat -> C:\WINDOWS\System32\olsysp.dat -> [2009/11/28 01:23:16 | 00,017,408 | ---- | C] (Microsoft Corporation)
 msynldks.dll -> C:\WINDOWS\System32\msynldks.dll -> [2009/11/28 00:17:09 | 00,032,768 | ---- | C] (USA)
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | ---D | M]
 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

 

[blackdra]

[Files/Folders - Modified Within 30 Days]
rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys -> [2009/12/23 15:44:09 | 00,707,072 | ---- | M] ()
dufubuga -> C:\WINDOWS\System32\dufubuga -> [2009/12/23 15:42:01 | 00,011,168 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Eric\Desktop\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job -> [2009/12/23 15:00:00 | 00,000,296 | ---- | M] ()
hosms -> C:\WINDOWS\System32\drivers\etc\hosms -> [2009/12/23 05:47:04 | 00,000,767 | ---- | M] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/12/23 04:43:00 | 05,505,024 | ---- | M] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/12/23 04:30:42 | 00,025,600 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/23 04:25:38 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/23 04:25:31 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/23 04:25:29 | 13,333,17632 | -HS- | M] ()
ntuser.ini -> C:\Documents and Settings\Eric\ntuser.ini -> [2009/12/22 17:08:49 | 00,000,178 | -HS- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/12/22 05:09:38 | 00,000,658 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/12/22 05:09:38 | 00,000,227 | ---- | M] ()
dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe -> [2009/12/20 11:35:58 | 00,002,098 | -HS- | M] ()
boot.ini -> C:\boot.ini -> [2009/12/20 07:53:15 | 00,000,211 | RHS- | M] ()
bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll -> [2009/12/20 07:15:09 | 00,000,000 | -HS- | M] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | M] ()
bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe -> [2009/12/19 20:34:54 | 00,002,098 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db -> [2009/12/18 17:07:10 | 03,285,992 | -H-- | M] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/18 14:00:17 | 00,000,000 | ---- | M] ()
21906.exe -> C:\WINDOWS\System32\21906.exe -> [2009/12/17 16:19:24 | 00,000,000 | ---- | M] ()
15724.exe -> C:\WINDOWS\System32\15724.exe -> [2009/12/17 15:41:33 | 00,000,000 | ---- | M] ()
19169.exe -> C:\WINDOWS\System32\19169.exe -> [2009/12/17 15:21:31 | 00,000,000 | ---- | M] ()
26500.exe -> C:\WINDOWS\System32\26500.exe -> [2009/12/17 15:01:30 | 00,000,000 | ---- | M] ()
6334.exe -> C:\WINDOWS\System32\6334.exe -> [2009/12/17 14:41:25 | 00,000,000 | ---- | M] ()
18467.exe -> C:\WINDOWS\System32\18467.exe -> [2009/12/17 14:21:00 | 00,000,000 | ---- | M] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/17 13:56:55 | 00,019,456 | ---- | M] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | M] ()
gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe -> [2009/12/16 13:55:27 | 00,002,098 | -HS- | M] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/16 07:00:24 | 00,000,061 | ---- | M] ()
711046.BAT -> C:\WINDOWS\System32\711046.BAT -> [2009/12/14 22:48:53 | 00,000,118 | ---- | M] ()
msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll -> [2009/12/14 22:48:49 | 00,032,768 | ---- | M] (USA)
wincode.dat -> C:\WINDOWS\System32\wincode.dat -> [2009/12/14 05:24:09 | 00,023,905 | ---- | M] ()
powrprof.dll -> C:\WINDOWS\System32\powrprof.dll -> [2009/12/14 05:24:09 | 00,021,504 | ---- | M] (Microsoft Corporation)
nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/12/14 05:24:09 | 00,021,504 | ---- | M] (Microsoft Corporation)
krncode.dat -> C:\WINDOWS\System32\krncode.dat -> [2009/12/14 05:24:09 | 00,006,414 | ---- | M] ()
pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat -> [2009/12/14 05:24:09 | 00,001,617 | ---- | M] ()
nsysk.ini -> C:\WINDOWS\System32\nsysk.ini -> [2009/12/14 05:24:08 | 00,994,304 | ---- | M] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\System32\dllcache\kernel32.dll -> [2009/12/14 05:24:08 | 00,994,304 | ---- | M] (Microsoft Corporation)
ntload.dll -> C:\Documents and Settings\Eric\ntload.dll -> [2009/12/14 05:24:08 | 00,029,696 | -HS- | M] (Microsoft)
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2009/12/14 05:24:08 | 00,000,000 | -HS- | M] ()
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft Corporation)
nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft Corporation)
shifld2.old -> C:\WINDOWS\System32\shifld2.old -> [2009/12/14 05:24:00 | 00,047,856 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/14 05:19:51 | 00,355,944 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/14 05:19:51 | 00,311,604 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/14 05:19:51 | 00,039,992 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/14 03:43:50 | 00,001,393 | ---- | M] ()
4827.exe -> C:\WINDOWS\System32\4827.exe -> [2009/12/12 17:32:07 | 00,000,000 | ---- | M] ()
11942.exe -> C:\WINDOWS\System32\11942.exe -> [2009/12/12 17:12:07 | 00,000,000 | ---- | M] ()
2995.exe -> C:\WINDOWS\System32\2995.exe -> [2009/12/12 16:52:06 | 00,000,000 | ---- | M] ()
491.exe -> C:\WINDOWS\System32\491.exe -> [2009/12/12 16:32:06 | 00,000,000 | ---- | M] ()
9961.exe -> C:\WINDOWS\System32\9961.exe -> [2009/12/12 16:12:06 | 00,000,000 | ---- | M] ()
16827.exe -> C:\WINDOWS\System32\16827.exe -> [2009/12/12 15:52:06 | 00,000,000 | ---- | M] ()
23281.exe -> C:\WINDOWS\System32\23281.exe -> [2009/12/12 15:32:06 | 00,000,000 | ---- | M] ()
28145.exe -> C:\WINDOWS\System32\28145.exe -> [2009/12/12 15:12:06 | 00,000,000 | ---- | M] ()
5705.exe -> C:\WINDOWS\System32\5705.exe -> [2009/12/12 14:52:06 | 00,000,000 | ---- | M] ()
24464.exe -> C:\WINDOWS\System32\24464.exe -> [2009/12/12 14:32:06 | 00,000,000 | ---- | M] ()
26962.exe -> C:\WINDOWS\System32\26962.exe -> [2009/12/12 14:12:06 | 00,000,000 | ---- | M] ()
29358.exe -> C:\WINDOWS\System32\29358.exe -> [2009/12/12 13:52:06 | 00,000,000 | ---- | M] ()
11478.exe -> C:\WINDOWS\System32\11478.exe -> [2009/12/12 13:32:06 | 00,000,000 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/12/12 11:25:48 | 00,000,049 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/11 15:09:55 | 00,001,158 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/12/10 12:12:08 | 00,040,952 | ---- | M] ()
musosami.dll -> C:\WINDOWS\System32\musosami.dll -> [2009/12/10 08:31:57 | 00,002,098 | -HS- | M] ()
tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | M] ()
rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | M] ()
23811.exe -> C:\WINDOWS\System32\23811.exe -> [2009/12/10 08:18:23 | 00,000,000 | ---- | M] ()
28703.exe -> C:\WINDOWS\System32\28703.exe -> [2009/12/10 07:58:22 | 00,000,000 | ---- | M] ()
9894.exe -> C:\WINDOWS\System32\9894.exe -> [2009/12/10 07:38:21 | 00,000,000 | ---- | M] ()
17035.exe -> C:\WINDOWS\System32\17035.exe -> [2009/12/10 07:18:21 | 00,000,000 | ---- | M] ()
26299.exe -> C:\WINDOWS\System32\26299.exe -> [2009/12/10 06:58:20 | 00,000,000 | ---- | M] ()
25667.exe -> C:\WINDOWS\System32\25667.exe -> [2009/12/10 06:38:19 | 00,000,000 | ---- | M] ()
19912.exe -> C:\WINDOWS\System32\19912.exe -> [2009/12/10 06:18:18 | 00,000,000 | ---- | M] ()
1869.exe -> C:\WINDOWS\System32\1869.exe -> [2009/12/10 05:58:17 | 00,000,000 | ---- | M] ()
11538.exe -> C:\WINDOWS\System32\11538.exe -> [2009/12/10 05:38:17 | 00,000,000 | ---- | M] ()
14771.exe -> C:\WINDOWS\System32\14771.exe -> [2009/12/10 05:18:08 | 00,000,000 | ---- | M] ()
21726.exe -> C:\WINDOWS\System32\21726.exe -> [2009/12/10 04:58:07 | 00,000,000 | ---- | M] ()
5447.exe -> C:\WINDOWS\System32\5447.exe -> [2009/12/10 04:38:06 | 00,000,000 | ---- | M] ()
19895.exe -> C:\WINDOWS\System32\19895.exe -> [2009/12/10 04:18:00 | 00,000,000 | ---- | M] ()
19718.exe -> C:\WINDOWS\System32\19718.exe -> [2009/12/10 03:57:59 | 00,000,000 | ---- | M] ()
18716.exe -> C:\WINDOWS\System32\18716.exe -> [2009/12/10 03:37:57 | 00,000,000 | ---- | M] ()
17421.exe -> C:\WINDOWS\System32\17421.exe -> [2009/12/10 03:17:57 | 00,000,000 | ---- | M] ()
12382.exe -> C:\WINDOWS\System32\12382.exe -> [2009/12/10 02:57:54 | 00,000,000 | ---- | M] ()
292.exe -> C:\WINDOWS\System32\292.exe -> [2009/12/10 02:37:53 | 00,000,000 | ---- | M] ()
153.exe -> C:\WINDOWS\System32\153.exe -> [2009/12/10 02:17:52 | 00,000,000 | ---- | M] ()
3902.exe -> C:\WINDOWS\System32\3902.exe -> [2009/12/10 01:57:51 | 00,000,000 | ---- | M] ()
14604.exe -> C:\WINDOWS\System32\14604.exe -> [2009/12/10 01:37:51 | 00,000,000 | ---- | M] ()
32391.exe -> C:\WINDOWS\System32\32391.exe -> [2009/12/10 01:17:50 | 00,000,000 | ---- | M] ()
5436.exe -> C:\WINDOWS\System32\5436.exe -> [2009/12/10 00:57:45 | 00,000,000 | ---- | M] ()
siyizene.dll -> C:\WINDOWS\System32\siyizene.dll -> [2009/12/09 04:07:20 | 00,009,908 | -HS- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/08 18:25:03 | 00,153,176 | ---- | M] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:18:17 | 00,160,881 | ---- | M] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 | 00,001,018 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | M] ()
leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe -> [2009/12/02 12:45:24 | 00,156,160 | ---- | M] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | M] ()
t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k -> [2009/11/30 00:15:28 | 00,008,823 | ---- | M] ()
t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k -> [2009/11/30 00:11:53 | 00,022,831 | ---- | M] ()
nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
dnsapi.dll -> C:\WINDOWS\System32\dllcache\dnsapi.dll -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
msynldks.dll -> C:\WINDOWS\System32\msynldks.dll -> [2009/11/28 00:17:09 | 00,032,768 | ---- | M] (USA)
pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools)
mylist.m3u -> C:\Documents and Settings\Eric\My Documents\mylist.m3u -> [2009/11/23 16:02:10 | 00,008,546 | ---- | M] ()
42 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
42 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp ->
14 C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Eric\Local Settings\Temp\*.tmp ->
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/22 05:21:42 | 13,333,17632 | -HS- | C] ()
dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job -> [2009/12/21 20:37:51 | 00,000,296 | ---- | C] ()
dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe -> [2009/12/20 11:35:58 | 00,002,098 | -HS- | C] ()
PCTAppEvent.cat -> C:\WINDOWS\System32\drivers\PCTAppEvent.cat -> [2009/12/20 08:15:31 | 00,007,412 | ---- | C] ()
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/12/20 08:15:31 | 00,007,383 | ---- | C] ()
pctgntdi.cat -> C:\WINDOWS\System32\drivers\pctgntdi.cat -> [2009/12/20 08:15:29 | 00,007,387 | ---- | C] ()
pctNdis-PacketFilter.cat -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat -> [2009/12/20 08:15:08 | 00,007,435 | ---- | C] ()
pctNdis-DNS.cat -> C:\WINDOWS\System32\drivers\pctNdis-DNS.cat -> [2009/12/20 08:15:08 | 00,007,399 | ---- | C] ()
pctplfw.cat -> C:\WINDOWS\System32\drivers\pctplfw.cat -> [2009/12/20 08:15:05 | 00,007,383 | ---- | C] ()
bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll -> [2009/12/20 07:15:09 | 00,000,000 | -HS- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | C] ()
bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe -> [2009/12/19 20:34:54 | 00,002,098 | -HS- | C] ()
21906.exe -> C:\WINDOWS\System32\21906.exe -> [2009/12/17 16:19:24 | 00,000,000 | ---- | C] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | C] ()
gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe -> [2009/12/16 13:55:27 | 00,002,098 | -HS- | C] ()
rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys -> [2009/12/14 22:52:51 | 00,707,072 | ---- | C] ()
711046.BAT -> C:\WINDOWS\System32\711046.BAT -> [2009/12/14 22:48:53 | 00,000,118 | ---- | C] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/14 01:10:01 | 00,000,061 | ---- | C] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/10 11:08:52 | 00,019,456 | ---- | C] ()
musosami.dll -> C:\WINDOWS\System32\musosami.dll -> [2009/12/10 08:31:57 | 00,002,098 | -HS- | C] ()
tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | C] ()
rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll -> [2009/12/10 08:31:37 | 00,002,098 | -HS- | C] ()
23811.exe -> C:\WINDOWS\System32\23811.exe -> [2009/12/10 08:18:23 | 00,000,000 | ---- | C] ()
28703.exe -> C:\WINDOWS\System32\28703.exe -> [2009/12/10 07:58:22 | 00,000,000 | ---- | C] ()
9894.exe -> C:\WINDOWS\System32\9894.exe -> [2009/12/10 07:38:21 | 00,000,000 | ---- | C] ()
17035.exe -> C:\WINDOWS\System32\17035.exe -> [2009/12/10 07:18:21 | 00,000,000 | ---- | C] ()
26299.exe -> C:\WINDOWS\System32\26299.exe -> [2009/12/10 06:58:20 | 00,000,000 | ---- | C] ()
25667.exe -> C:\WINDOWS\System32\25667.exe -> [2009/12/10 06:38:19 | 00,000,000 | ---- | C] ()
19912.exe -> C:\WINDOWS\System32\19912.exe -> [2009/12/10 06:18:18 | 00,000,000 | ---- | C] ()
1869.exe -> C:\WINDOWS\System32\1869.exe -> [2009/12/10 05:58:17 | 00,000,000 | ---- | C] ()
11538.exe -> C:\WINDOWS\System32\11538.exe -> [2009/12/10 05:38:17 | 00,000,000 | ---- | C] ()
14771.exe -> C:\WINDOWS\System32\14771.exe -> [2009/12/10 05:18:08 | 00,000,000 | ---- | C] ()
21726.exe -> C:\WINDOWS\System32\21726.exe -> [2009/12/10 04:58:07 | 00,000,000 | ---- | C] ()
5447.exe -> C:\WINDOWS\System32\5447.exe -> [2009/12/10 04:38:06 | 00,000,000 | ---- | C] ()
19895.exe -> C:\WINDOWS\System32\19895.exe -> [2009/12/10 04:18:00 | 00,000,000 | ---- | C] ()
19718.exe -> C:\WINDOWS\System32\19718.exe -> [2009/12/10 03:57:59 | 00,000,000 | ---- | C] ()
18716.exe -> C:\WINDOWS\System32\18716.exe -> [2009/12/10 03:37:57 | 00,000,000 | ---- | C] ()
17421.exe -> C:\WINDOWS\System32\17421.exe -> [2009/12/10 03:17:57 | 00,000,000 | ---- | C] ()
12382.exe -> C:\WINDOWS\System32\12382.exe -> [2009/12/10 02:57:54 | 00,000,000 | ---- | C] ()
292.exe -> C:\WINDOWS\System32\292.exe -> [2009/12/10 02:37:53 | 00,000,000 | ---- | C] ()
153.exe -> C:\WINDOWS\System32\153.exe -> [2009/12/10 02:17:52 | 00,000,000 | ---- | C] ()
3902.exe -> C:\WINDOWS\System32\3902.exe -> [2009/12/10 01:57:51 | 00,000,000 | ---- | C] ()
14604.exe -> C:\WINDOWS\System32\14604.exe -> [2009/12/10 01:37:51 | 00,000,000 | ---- | C] ()
32391.exe -> C:\WINDOWS\System32\32391.exe -> [2009/12/10 01:17:50 | 00,000,000 | ---- | C] ()
5436.exe -> C:\WINDOWS\System32\5436.exe -> [2009/12/10 00:57:45 | 00,000,000 | ---- | C] ()
4827.exe -> C:\WINDOWS\System32\4827.exe -> [2009/12/10 00:37:45 | 00,000,000 | ---- | C] ()
11942.exe -> C:\WINDOWS\System32\11942.exe -> [2009/12/10 00:17:44 | 00,000,000 | ---- | C] ()
2995.exe -> C:\WINDOWS\System32\2995.exe -> [2009/12/09 23:57:43 | 00,000,000 | ---- | C] ()
491.exe -> C:\WINDOWS\System32\491.exe -> [2009/12/09 23:37:42 | 00,000,000 | ---- | C] ()
9961.exe -> C:\WINDOWS\System32\9961.exe -> [2009/12/09 23:17:35 | 00,000,000 | ---- | C] ()
16827.exe -> C:\WINDOWS\System32\16827.exe -> [2009/12/09 22:57:18 | 00,000,000 | ---- | C] ()
23281.exe -> C:\WINDOWS\System32\23281.exe -> [2009/12/09 22:37:14 | 00,000,000 | ---- | C] ()
28145.exe -> C:\WINDOWS\System32\28145.exe -> [2009/12/09 22:17:13 | 00,000,000 | ---- | C] ()
5705.exe -> C:\WINDOWS\System32\5705.exe -> [2009/12/09 21:57:13 | 00,000,000 | ---- | C] ()
24464.exe -> C:\WINDOWS\System32\24464.exe -> [2009/12/09 21:36:58 | 00,000,000 | ---- | C] ()
26962.exe -> C:\WINDOWS\System32\26962.exe -> [2009/12/09 21:16:56 | 00,000,000 | ---- | C] ()
29358.exe -> C:\WINDOWS\System32\29358.exe -> [2009/12/09 20:56:55 | 00,000,000 | ---- | C] ()
11478.exe -> C:\WINDOWS\System32\11478.exe -> [2009/12/09 20:36:54 | 00,000,000 | ---- | C] ()
15724.exe -> C:\WINDOWS\System32\15724.exe -> [2009/12/09 20:16:53 | 00,000,000 | ---- | C] ()
19169.exe -> C:\WINDOWS\System32\19169.exe -> [2009/12/09 19:56:52 | 00,000,000 | ---- | C] ()
26500.exe -> C:\WINDOWS\System32\26500.exe -> [2009/12/09 19:36:51 | 00,000,000 | ---- | C] ()
6334.exe -> C:\WINDOWS\System32\6334.exe -> [2009/12/09 19:16:46 | 00,000,000 | ---- | C] ()
18467.exe -> C:\WINDOWS\System32\18467.exe -> [2009/12/09 18:56:45 | 00,000,000 | ---- | C] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/09 18:36:38 | 00,000,000 | ---- | C] ()
winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe -> [2009/12/09 18:36:08 | 00,019,968 | -HS- | C] ()
siyizene.dll -> C:\WINDOWS\System32\siyizene.dll -> [2009/12/09 04:07:20 | 00,009,908 | -HS- | C] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 | 00,001,018 | ---- | C] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:07:54 | 00,160,881 | ---- | C] ()
hpomdl44.dat -> C:\WINDOWS\hpomdl44.dat -> [2009/12/04 09:07:53 | 00,000,586 | ---- | C] ()
hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/12/04 08:45:19 | 00,001,043 | ---- | C] ()
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | C] ()
leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe -> [2009/12/02 12:45:24 | 00,156,160 | ---- | C] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | C] ()
t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k -> [2009/11/30 00:15:25 | 00,008,823 | ---- | C] ()
t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k -> [2009/11/30 00:03:29 | 00,022,831 | ---- | C] ()
krncode.dat -> C:\WINDOWS\System32\krncode.dat -> [2009/11/28 01:23:17 | 00,006,414 | ---- | C] ()
wincode.dat -> C:\WINDOWS\System32\wincode.dat -> [2009/11/28 01:23:16 | 00,023,905 | ---- | C] ()
pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat -> [2009/11/28 01:23:16 | 00,001,617 | ---- | C] ()
shifld2.old -> C:\WINDOWS\System32\shifld2.old -> [2009/11/28 01:23:11 | 00,047,856 | ---- | C] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/11/28 00:04:17 | 00,025,600 | ---- | C] ()
ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/11/24 00:26:38 | 05,505,024 | ---- | C] ()
dukiwava.dll -> C:\WINDOWS\System32\dukiwava.dll -> [2009/09/20 23:36:20 | 00,039,424 | -HS- | C] ()
yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll -> [2009/09/20 23:35:57 | 00,093,184 | -HS- | C] ()
ladahawe.dll -> C:\WINDOWS\System32\ladahawe.dll -> [2009/09/20 23:35:56 | 00,061,952 | -HS- | C] ()
naruhogo.dll -> C:\WINDOWS\System32\naruhogo.dll -> [2009/09/17 13:56:27 | 00,045,568 | -HS- | C] ()
muwuhare.dll -> C:\WINDOWS\System32\muwuhare.dll -> [2009/09/17 13:56:04 | 00,039,424 | -HS- | C] ()
jesoyaru.dll -> C:\WINDOWS\System32\jesoyaru.dll -> [2009/09/17 01:56:01 | 00,039,424 | -HS- | C] ()
yijeyenu.dll -> C:\WINDOWS\System32\yijeyenu.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
kafiseri.dll -> C:\WINDOWS\System32\kafiseri.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll -> [2009/09/15 05:50:14 | 00,053,248 | -HS- | C] ()
bahegope.dll -> C:\WINDOWS\System32\bahegope.dll -> [2009/09/15 05:49:47 | 00,053,248 | -HS- | C] ()
bozilajo.dll -> C:\WINDOWS\System32\bozilajo.dll -> [2009/09/15 05:49:33 | 00,045,568 | -HS- | C] ()
hofonike.dll -> C:\WINDOWS\System32\hofonike.dll -> [2009/09/15 05:49:08 | 00,039,424 | -HS- | C] ()
sayawoha.dll -> C:\WINDOWS\System32\sayawoha.dll -> [2009/09/11 17:24:07 | 00,045,568 | -HS- | C] ()
wopowupa.dll -> C:\WINDOWS\System32\wopowupa.dll -> [2009/09/11 17:24:06 | 00,039,424 | -HS- | C] ()
zivogima.dll -> C:\WINDOWS\System32\zivogima.dll -> [2009/09/10 08:34:33 | 00,039,424 | -HS- | C] ()
hipofahi.dll -> C:\WINDOWS\System32\hipofahi.dll -> [2009/09/10 08:12:00 | 00,000,003 | -HS- | C] ()
sirodave.dll -> C:\WINDOWS\System32\sirodave.dll -> [2009/09/10 08:11:59 | 00,000,003 | -HS- | C] ()
piyidaze.dll -> C:\WINDOWS\System32\piyidaze.dll -> [2009/09/10 08:11:59 | 00,000,003 | -HS- | C] ()
zehasipe.dll -> C:\WINDOWS\System32\zehasipe.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
tobigude.dll -> C:\WINDOWS\System32\tobigude.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
gopeyuye.dll -> C:\WINDOWS\System32\gopeyuye.dll -> [2009/09/10 07:49:26 | 00,000,003 | -HS- | C] ()
navepolu.dll -> C:\WINDOWS\System32\navepolu.dll -> [2009/09/09 19:44:05 | 00,000,003 | -HS- | C] ()
lezarase.dll -> C:\WINDOWS\System32\lezarase.dll -> [2009/09/09 19:44:05 | 00,000,003 | -HS- | C] ()
jonesuke.dll -> C:\WINDOWS\System32\jonesuke.dll -> [2009/09/09 19:21:18 | 00,000,003 | -HS- | C] ()
fejawoza.dll -> C:\WINDOWS\System32\fejawoza.dll -> [2009/09/09 19:21:18 | 00,000,003 | -HS- | C] ()
nisamuva.dll -> C:\WINDOWS\System32\nisamuva.dll -> [2009/09/09 19:21:17 | 00,000,003 | -HS- | C] ()
lubosuve.dll -> C:\WINDOWS\System32\lubosuve.dll -> [2009/09/09 19:21:17 | 00,000,003 | -HS- | C] ()
dobiyide.dll -> C:\WINDOWS\System32\dobiyide.dll -> [2009/09/09 18:58:41 | 00,000,003 | -HS- | C] ()
zinozobu.dll -> C:\WINDOWS\System32\zinozobu.dll -> [2009/09/09 18:58:40 | 00,000,003 | -HS- | C] ()
yafilore.dll -> C:\WINDOWS\System32\yafilore.dll -> [2009/09/09 18:58:40 | 00,000,003 | -HS- | C] ()
jivesiye.dll -> C:\WINDOWS\System32\jivesiye.dll -> [2009/09/09 18:36:03 | 00,000,003 | -HS- | C] ()
guyeroso.dll -> C:\WINDOWS\System32\guyeroso.dll -> [2009/09/09 18:36:03 | 00,000,003 | -HS- | C] ()
yademejo.dll -> C:\WINDOWS\System32\yademejo.dll -> [2009/09/09 18:35:57 | 00,000,003 | -HS- | C] ()
pilabuma.dll -> C:\WINDOWS\System32\pilabuma.dll -> [2009/09/09 18:35:57 | 00,000,003 | -HS- | C] ()
bidapoyi.dll -> C:\WINDOWS\System32\bidapoyi.dll -> [2009/09/09 18:13:13 | 00,000,003 | -HS- | C] ()
yuteraji.dll -> C:\WINDOWS\System32\yuteraji.dll -> [2009/09/09 18:13:12 | 00,000,003 | -HS- | C] ()
lutehibe.dll -> C:\WINDOWS\System32\lutehibe.dll -> [2009/09/09 18:13:11 | 00,000,003 | -HS- | C] ()
GMudSVgw.INI -> C:\WINDOWS\GMudSVgw.INI -> [2007/09/25 22:31:52 | 00,000,876 | ---- | C] ()
ALBUM.INI -> C:\WINDOWS\ALBUM.INI -> [2006/12/07 17:28:03 | 00,000,086 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2006/12/02 15:37:38 | 00,363,520 | ---- | C] ()
DC2110a.ini -> C:\WINDOWS\DC2110a.ini -> [2006/11/27 16:06:06 | 00,000,321 | R--- | C] ()
dcccp106.dll -> C:\WINDOWS\System32\dcccp106.dll -> [2006/11/27 16:06:05 | 00,061,440 | R--- | C] ()
cccp106.ini -> C:\WINDOWS\cccp106.ini -> [2006/11/27 16:06:05 | 00,015,542 | R--- | C] ()
vcccp106.dll -> C:\WINDOWS\System32\vcccp106.dll -> [2006/11/27 16:06:04 | 00,045,056 | R--- | C] ()
cccp106.sys -> C:\WINDOWS\System32\drivers\cccp106.sys -> [2006/11/27 16:06:03 | 00,227,200 | R--- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2006/11/11 22:01:59 | 00,000,029 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2006/11/11 20:13:22 | 00,000,049 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/11/11 16:31:39 | 00,000,002 | ---- | C] ()
DIV_IYUV.DLL -> C:\WINDOWS\DIV_IYUV.DLL -> [2006/11/11 16:27:34 | 00,032,768 | ---- | C] ()
JPGL.DLL -> C:\WINDOWS\JPGL.DLL -> [2006/11/11 16:27:33 | 00,036,864 | ---- | C] ()
videoimp.ini -> C:\WINDOWS\videoimp.ini -> [2006/11/11 16:26:37 | 00,000,746 | ---- | C] ()
vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/11/11 16:26:20 | 00,010,240 | ---- | C] ()
IECodecPlg.dll -> C:\WINDOWS\IECodecPlg.dll -> [2005/12/01 17:39:22 | 00,113,152 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2004/12/19 07:29:40 | 00,106,496 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2004/12/19 07:17:10 | 00,614,400 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/01/03 21:00:49 | 00,000,061 | ---- | C] ()
winamp.ini -> C:\WINDOWS\winamp.ini -> [2004/01/01 05:46:42 | 00,000,132 | ---- | C] ()
net2fone.ini -> C:\WINDOWS\net2fone.ini -> [2004/01/01 05:46:08 | 00,000,310 | ---- | C] ()
avrack.ini -> C:\WINDOWS\avrack.ini -> [2004/01/01 04:55:12 | 00,000,164 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/01/01 03:06:58 | 00,001,094 | ---- | C] ()
emver.ini -> C:\WINDOWS\System32\emver.ini -> [2004/01/01 03:06:58 | 00,000,467 | ---- | C] ()
notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2004/01/01 03:06:26 | 00,000,000 | -HS- | C] ()
FInstall.sys -> C:\WINDOWS\System32\FInstall.sys -> [2003/03/31 06:00:00 | 00,000,004 | ---- | C] ()
OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 12:42:56 | 00,237,568 | ---- | C] ()
VorbisEnc.dll -> C:\WINDOWS\System32\VorbisEnc.dll -> [2002/10/04 17:04:24 | 00,921,600 | ---- | C] ()
vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/10/04 17:04:24 | 00,188,416 | ---- | C] ()
ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/10/04 17:04:16 | 00,045,056 | ---- | C] ()
mp4fil32.dll -> C:\WINDOWS\System32\mp4fil32.dll -> [2002/05/15 17:38:40 | 00,091,136 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 2956 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >
[/code]

 

[peku006]

Hi blackdra

Start OTS. Copy/Paste the information in the Code box below into the panel where it says Paste fix here and then click the Run Fix button.

[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "nejepidof" -> C:\WINDOWS\System32\yobiseha.DLL [Rundll32.exe "c:\windows\system32\yobiseha.dll",a]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll
YY -> c:\windows\system32\yobiseha.dll -> C:\WINDOWS\system32\yobiseha.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [rehirodup]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\system32\yobiseha.dll [mujuzedij]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
NY -> "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe]
NY -> "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe]
NY -> "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe]
NY -> "C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire]
YN -> "C:\WINDOWS\system32\lsm32.sys" -> C:\WINDOWS\System32\lsm32.sys [C:\WINDOWS\system32\lsm32.sys:*:Enabled:lsm32]
YN -> "C:\WINDOWS\Temp\cmd.exe" -> C:\WINDOWS\Temp\cmd.exe [C:\WINDOWS\Temp\cmd.exe:*:Enabled:cmd]
YN -> "C:\WINDOWS\Temp\spoolsv.exe" -> C:\WINDOWS\Temp\spoolsv.exe [C:\WINDOWS\Temp\spoolsv.exe:*:Enabled:spoolsv]
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom
YN -> "DisplayName" -> CD-ROM Driver
YN -> "ImagePath" -> [System32\DRIVERS\cdrom.sys]
[Files/Folders - Created Within 30 Days]
NY -> 32788R22FWJFW -> C:\32788R22FWJFW
NY -> 32788R22FWJFW(2) -> C:\32788R22FWJFW(2)
NY -> cock -> C:\WINDOWS\System32\cock
NY -> msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll
NY -> lowsec -> C:\WINDOWS\System32\lowsec
NY -> xmldm -> C:\WINDOWS\System32\xmldm
NY -> msynldks.dll -> C:\WINDOWS\System32\msynldks.dll
[Files/Folders - Modified Within 30 Days]
NY -> rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys
NY -> dufubuga -> C:\WINDOWS\System32\dufubuga
NY -> dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job
NY -> tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll
NY -> dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe
NY -> bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll
NY -> bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> 21906.exe -> C:\WINDOWS\System32\21906.exe
NY -> 15724.exe -> C:\WINDOWS\System32\15724.exe
NY -> 19169.exe -> C:\WINDOWS\System32\19169.exe
NY -> 26500.exe -> C:\WINDOWS\System32\26500.exe
NY -> 6334.exe -> C:\WINDOWS\System32\6334.exe
NY -> 18467.exe -> C:\WINDOWS\System32\18467.exe
NY -> winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll
NY -> gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe
NY -> urhtps.dat -> C:\WINDOWS\System32\urhtps.dat
NY -> 711046.BAT -> C:\WINDOWS\System32\711046.BAT
NY -> msilojzb.dll -> C:\WINDOWS\System32\msilojzb.dll
NY -> wincode.dat -> C:\WINDOWS\System32\wincode.dat
NY -> krncode.dat -> C:\WINDOWS\System32\krncode.dat
NY -> pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat
NY -> nsysk.ini -> C:\WINDOWS\System32\nsysk.ini
NY -> ntload.dll -> C:\Documents and Settings\Eric\ntload.dll
NY -> notepad.dll -> C:\WINDOWS\System32\notepad.dll
NY -> shifld2.old -> C:\WINDOWS\System32\shifld2.old
NY -> 4827.exe -> C:\WINDOWS\System32\4827.exe
NY -> 11942.exe -> C:\WINDOWS\System32\11942.exe
NY -> 2995.exe -> C:\WINDOWS\System32\2995.exe
NY -> 491.exe -> C:\WINDOWS\System32\491.exe
NY -> 9961.exe -> C:\WINDOWS\System32\9961.exe
NY -> 16827.exe -> C:\WINDOWS\System32\16827.exe
NY -> 23281.exe -> C:\WINDOWS\System32\23281.exe
NY -> 28145.exe -> C:\WINDOWS\System32\28145.exe
NY -> 5705.exe -> C:\WINDOWS\System32\5705.exe
NY -> 24464.exe -> C:\WINDOWS\System32\24464.exe
NY -> 26962.exe -> C:\WINDOWS\System32\26962.exe
NY -> 29358.exe -> C:\WINDOWS\System32\29358.exe
NY -> 11478.exe -> C:\WINDOWS\System32\11478.exe
NY -> musosami.dll -> C:\WINDOWS\System32\musosami.dll
NY -> tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll
NY -> rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll
NY -> 23811.exe -> C:\WINDOWS\System32\23811.exe
NY -> 28703.exe -> C:\WINDOWS\System32\28703.exe
NY -> 9894.exe -> C:\WINDOWS\System32\9894.exe
NY -> 17035.exe -> C:\WINDOWS\System32\17035.exe
NY -> 26299.exe -> C:\WINDOWS\System32\26299.exe
NY -> 25667.exe -> C:\WINDOWS\System32\25667.exe
NY -> 19912.exe -> C:\WINDOWS\System32\19912.exe
NY -> 1869.exe -> C:\WINDOWS\System32\1869.exe
NY -> 11538.exe -> C:\WINDOWS\System32\11538.exe
NY -> 14771.exe -> C:\WINDOWS\System32\14771.exe
NY -> 21726.exe -> C:\WINDOWS\System32\21726.exe
NY -> 5447.exe -> C:\WINDOWS\System32\5447.exe
NY -> 19895.exe -> C:\WINDOWS\System32\19895.exe
NY -> 19718.exe -> C:\WINDOWS\System32\19718.exe
NY -> 18716.exe -> C:\WINDOWS\System32\18716.exe
NY -> 17421.exe -> C:\WINDOWS\System32\17421.exe
NY -> 12382.exe -> C:\WINDOWS\System32\12382.exe
NY -> 292.exe -> C:\WINDOWS\System32\292.exe
NY -> 153.exe -> C:\WINDOWS\System32\153.exe
NY -> 3902.exe -> C:\WINDOWS\System32\3902.exe
NY -> 14604.exe -> C:\WINDOWS\System32\14604.exe
NY -> 32391.exe -> C:\WINDOWS\System32\32391.exe
NY -> 5436.exe -> C:\WINDOWS\System32\5436.exe
NY -> siyizene.dll -> C:\WINDOWS\System32\siyizene.dll
NY -> leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe
NY -> t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k
NY -> t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k
NY -> msynldks.dll -> C:\WINDOWS\System32\msynldks.dll
[Files - No Company Name]
NY -> dossywtx.job -> C:\WINDOWS\tasks\dossywtx.job
NY -> dajifuji.exe -> C:\WINDOWS\System32\dajifuji.exe
NY -> bemevaja.dll -> C:\WINDOWS\System32\bemevaja.dll
NY -> bawayeka.exe -> C:\WINDOWS\System32\bawayeka.exe
NY -> 21906.exe -> C:\WINDOWS\System32\21906.exe
NY -> gezibaju.exe -> C:\WINDOWS\System32\gezibaju.exe
NY -> rqxtfp.sys -> C:\WINDOWS\System32\drivers\rqxtfp.sys
NY -> 711046.BAT -> C:\WINDOWS\System32\711046.BAT
NY -> urhtps.dat -> C:\WINDOWS\System32\urhtps.dat
NY -> winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll
NY -> musosami.dll -> C:\WINDOWS\System32\musosami.dll
NY -> tipezuku.dll -> C:\WINDOWS\System32\tipezuku.dll
NY -> rijiraza.dll -> C:\WINDOWS\System32\rijiraza.dll
NY -> 23811.exe -> C:\WINDOWS\System32\23811.exe
NY -> 28703.exe -> C:\WINDOWS\System32\28703.exe
NY -> 9894.exe -> C:\WINDOWS\System32\9894.exe
NY -> 17035.exe -> C:\WINDOWS\System32\17035.exe
NY -> 26299.exe -> C:\WINDOWS\System32\26299.exe
NY -> 25667.exe -> C:\WINDOWS\System32\25667.exe
NY -> 19912.exe -> C:\WINDOWS\System32\19912.exe
NY -> 1869.exe -> C:\WINDOWS\System32\1869.exe
NY -> 11538.exe -> C:\WINDOWS\System32\11538.exe
NY -> 14771.exe -> C:\WINDOWS\System32\14771.exe
NY -> 21726.exe -> C:\WINDOWS\System32\21726.exe
NY -> 5447.exe -> C:\WINDOWS\System32\5447.exe
NY -> 19895.exe -> C:\WINDOWS\System32\19895.exe
NY -> 19718.exe -> C:\WINDOWS\System32\19718.exe
NY -> 18716.exe -> C:\WINDOWS\System32\18716.exe
NY -> 17421.exe -> C:\WINDOWS\System32\17421.exe
NY -> 12382.exe -> C:\WINDOWS\System32\12382.exe
NY -> 292.exe -> C:\WINDOWS\System32\292.exe
NY -> 153.exe -> C:\WINDOWS\System32\153.exe
NY -> 3902.exe -> C:\WINDOWS\System32\3902.exe
NY -> 14604.exe -> C:\WINDOWS\System32\14604.exe
NY -> 32391.exe -> C:\WINDOWS\System32\32391.exe
NY -> 5436.exe -> C:\WINDOWS\System32\5436.exe
NY -> 4827.exe -> C:\WINDOWS\System32\4827.exe
NY -> 11942.exe -> C:\WINDOWS\System32\11942.exe
NY -> 2995.exe -> C:\WINDOWS\System32\2995.exe
NY -> 491.exe -> C:\WINDOWS\System32\491.exe
NY -> 9961.exe -> C:\WINDOWS\System32\9961.exe
NY -> 16827.exe -> C:\WINDOWS\System32\16827.exe
NY -> 23281.exe -> C:\WINDOWS\System32\23281.exe
NY -> 28145.exe -> C:\WINDOWS\System32\28145.exe
NY -> 5705.exe -> C:\WINDOWS\System32\5705.exe
NY -> 24464.exe -> C:\WINDOWS\System32\24464.exe
NY -> 26962.exe -> C:\WINDOWS\System32\26962.exe
NY -> 29358.exe -> C:\WINDOWS\System32\29358.exe
NY -> 11478.exe -> C:\WINDOWS\System32\11478.exe
NY -> 15724.exe -> C:\WINDOWS\System32\15724.exe
NY -> 19169.exe -> C:\WINDOWS\System32\19169.exe
NY -> 26500.exe -> C:\WINDOWS\System32\26500.exe
NY -> 6334.exe -> C:\WINDOWS\System32\6334.exe
NY -> 18467.exe -> C:\WINDOWS\System32\18467.exe
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe
NY -> siyizene.dll -> C:\WINDOWS\System32\siyizene.dll
NY -> leopehgqqd78o.exe -> C:\WINDOWS\System32\leopehgqqd78o.exe
NY -> t1p0_593775141973.b1k -> C:\WINDOWS\System32\t1p0_593775141973.b1k
NY -> t1p0_444989264064.b1k -> C:\WINDOWS\System32\t1p0_444989264064.b1k
NY -> krncode.dat -> C:\WINDOWS\System32\krncode.dat
NY -> wincode.dat -> C:\WINDOWS\System32\wincode.dat
NY -> pwrcode.dat -> C:\WINDOWS\System32\pwrcode.dat
NY -> shifld2.old -> C:\WINDOWS\System32\shifld2.old
NY -> tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll
NY -> dukiwava.dll -> C:\WINDOWS\System32\dukiwava.dll
NY -> yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll
NY -> ladahawe.dll -> C:\WINDOWS\System32\ladahawe.dll
NY -> naruhogo.dll -> C:\WINDOWS\System32\naruhogo.dll
NY -> muwuhare.dll -> C:\WINDOWS\System32\muwuhare.dll
NY -> jesoyaru.dll -> C:\WINDOWS\System32\jesoyaru.dll
NY -> yijeyenu.dll -> C:\WINDOWS\System32\yijeyenu.dll
NY -> kafiseri.dll -> C:\WINDOWS\System32\kafiseri.dll
NY -> fepabavi.dll -> C:\WINDOWS\System32\fepabavi.dll
NY -> bahegope.dll -> C:\WINDOWS\System32\bahegope.dll
NY -> bozilajo.dll -> C:\WINDOWS\System32\bozilajo.dll
NY -> hofonike.dll -> C:\WINDOWS\System32\hofonike.dll
NY -> sayawoha.dll -> C:\WINDOWS\System32\sayawoha.dll
NY -> wopowupa.dll -> C:\WINDOWS\System32\wopowupa.dll
NY -> zivogima.dll -> C:\WINDOWS\System32\zivogima.dll
NY -> hipofahi.dll -> C:\WINDOWS\System32\hipofahi.dll
NY -> sirodave.dll -> C:\WINDOWS\System32\sirodave.dll
NY -> piyidaze.dll -> C:\WINDOWS\System32\piyidaze.dll
NY -> zehasipe.dll -> C:\WINDOWS\System32\zehasipe.dll
NY -> tobigude.dll -> C:\WINDOWS\System32\tobigude.dll
NY -> gopeyuye.dll -> C:\WINDOWS\System32\gopeyuye.dll
NY -> navepolu.dll -> C:\WINDOWS\System32\navepolu.dll
NY -> lezarase.dll -> C:\WINDOWS\System32\lezarase.dll
NY -> jonesuke.dll -> C:\WINDOWS\System32\jonesuke.dll
NY -> fejawoza.dll -> C:\WINDOWS\System32\fejawoza.dll
NY -> nisamuva.dll -> C:\WINDOWS\System32\nisamuva.dll
NY -> lubosuve.dll -> C:\WINDOWS\System32\lubosuve.dll
NY -> dobiyide.dll -> C:\WINDOWS\System32\dobiyide.dll
NY -> zinozobu.dll -> C:\WINDOWS\System32\zinozobu.dll
NY -> yafilore.dll -> C:\WINDOWS\System32\yafilore.dll
NY -> jivesiye.dll -> C:\WINDOWS\System32\jivesiye.dll
NY -> guyeroso.dll -> C:\WINDOWS\System32\guyeroso.dll
NY -> yademejo.dll -> C:\WINDOWS\System32\yademejo.dll
NY -> pilabuma.dll -> C:\WINDOWS\System32\pilabuma.dll
NY -> bidapoyi.dll -> C:\WINDOWS\System32\bidapoyi.dll
NY -> yuteraji.dll -> C:\WINDOWS\System32\yuteraji.dll
NY -> lutehibe.dll -> C:\WINDOWS\System32\lutehibe.dll
NY -> GMudSVgw.INI -> C:\WINDOWS\GMudSVgw.INI

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here.

peku006

 

[blackdra]

[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nejepidof deleted successfully.
C:\WINDOWS\System32\yobiseha.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:fepabavi.dll deleted successfully.
C:\WINDOWS\System32\fepabavi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yobiseha.dll deleted successfully.
File C:\WINDOWS\system32\yobiseha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\rehirodup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}\ deleted successfully.
File C:\WINDOWS\system32\yobiseha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3c80fcc8-b88d-4740-bcec-d2d122abcbe9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}\ deleted successfully.
File C:\WINDOWS\system32\yobiseha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe deleted successfully.
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe deleted successfully.
C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\HP Software Update\HPWUCli.exe deleted successfully.
C:\Program Files\HP\HP Software Update\HPWUCli.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\lsm32.sys deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\cmd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\spoolsv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
C:\32788R22FWJFW(2)\License(2) folder moved successfully.
C:\32788R22FWJFW(2) folder moved successfully.
C:\WINDOWS\System32\cock folder moved successfully.
C:\WINDOWS\System32\msilojzb.dll moved successfully.
C:\WINDOWS\System32\lowsec folder moved successfully.
C:\WINDOWS\System32\xmldm folder moved successfully.
C:\WINDOWS\System32\msynldks.dll moved successfully.
[Files/Folders - Modified Within 30 Days]
File move failed. C:\WINDOWS\System32\drivers\rqxtfp.sys scheduled to be moved on reboot.
C:\WINDOWS\System32\dufubuga moved successfully.
C:\WINDOWS\tasks\dossywtx.job moved successfully.
C:\WINDOWS\System32\tdlcmd.dll moved successfully.
C:\WINDOWS\System32\dajifuji.exe moved successfully.
C:\WINDOWS\System32\bemevaja.dll moved successfully.
C:\WINDOWS\System32\bawayeka.exe moved successfully.
C:\WINDOWS\System32\41.exe moved successfully.
C:\WINDOWS\System32\21906.exe moved successfully.
C:\WINDOWS\System32\15724.exe moved successfully.
C:\WINDOWS\System32\19169.exe moved successfully.
C:\WINDOWS\System32\26500.exe moved successfully.
C:\WINDOWS\System32\6334.exe moved successfully.
C:\WINDOWS\System32\18467.exe moved successfully.
C:\WINDOWS\System32\winhelper86.dll moved successfully.
C:\WINDOWS\System32\gezibaju.exe moved successfully.
C:\WINDOWS\System32\urhtps.dat moved successfully.
C:\WINDOWS\System32\711046.BAT moved successfully.
File C:\WINDOWS\System32\msilojzb.dll not found!
C:\WINDOWS\System32\wincode.dat moved successfully.
C:\WINDOWS\System32\krncode.dat moved successfully.
C:\WINDOWS\System32\pwrcode.dat moved successfully.
C:\WINDOWS\System32\nsysk.ini moved successfully.
C:\Documents and Settings\Eric\ntload.dll moved successfully.
C:\WINDOWS\System32\notepad.dll moved successfully.
C:\WINDOWS\System32\shifld2.old moved successfully.
C:\WINDOWS\System32\4827.exe moved successfully.
C:\WINDOWS\System32\11942.exe moved successfully.
C:\WINDOWS\System32\2995.exe moved successfully.
C:\WINDOWS\System32\491.exe moved successfully.
C:\WINDOWS\System32\9961.exe moved successfully.
C:\WINDOWS\System32\16827.exe moved successfully.
C:\WINDOWS\System32\23281.exe moved successfully.
C:\WINDOWS\System32\28145.exe moved successfully.
C:\WINDOWS\System32\5705.exe moved successfully.
C:\WINDOWS\System32\24464.exe moved successfully.
C:\WINDOWS\System32\26962.exe moved successfully.
C:\WINDOWS\System32\29358.exe moved successfully.
C:\WINDOWS\System32\11478.exe moved successfully.
C:\WINDOWS\System32\musosami.dll moved successfully.
C:\WINDOWS\System32\tipezuku.dll moved successfully.
C:\WINDOWS\System32\rijiraza.dll moved successfully.
C:\WINDOWS\System32\23811.exe moved successfully.
C:\WINDOWS\System32\28703.exe moved successfully.
C:\WINDOWS\System32\9894.exe moved successfully.
C:\WINDOWS\System32\17035.exe moved successfully.
C:\WINDOWS\System32\26299.exe moved successfully.
C:\WINDOWS\System32\25667.exe moved successfully.
C:\WINDOWS\System32\19912.exe moved successfully.
C:\WINDOWS\System32\1869.exe moved successfully.
C:\WINDOWS\System32\11538.exe moved successfully.
C:\WINDOWS\System32\14771.exe moved successfully.
C:\WINDOWS\System32\21726.exe moved successfully.
C:\WINDOWS\System32\5447.exe moved successfully.
C:\WINDOWS\System32\19895.exe moved successfully.
C:\WINDOWS\System32\19718.exe moved successfully.
C:\WINDOWS\System32\18716.exe moved successfully.
C:\WINDOWS\System32\17421.exe moved successfully.
C:\WINDOWS\System32\12382.exe moved successfully.
C:\WINDOWS\System32\292.exe moved successfully.
C:\WINDOWS\System32\153.exe moved successfully.
C:\WINDOWS\System32\3902.exe moved successfully.
C:\WINDOWS\System32\14604.exe moved successfully.
C:\WINDOWS\System32\32391.exe moved successfully.
C:\WINDOWS\System32\5436.exe moved successfully.
C:\WINDOWS\System32\siyizene.dll moved successfully.
C:\WINDOWS\System32\leopehgqqd78o.exe moved successfully.
C:\WINDOWS\System32\t1p0_593775141973.b1k moved successfully.
C:\WINDOWS\System32\t1p0_444989264064.b1k moved successfully.
File C:\WINDOWS\System32\msynldks.dll not found!
[Files - No Company Name]
File C:\WINDOWS\tasks\dossywtx.job not found!
File C:\WINDOWS\System32\dajifuji.exe not found!
File C:\WINDOWS\System32\bemevaja.dll not found!
File C:\WINDOWS\System32\bawayeka.exe not found!
File C:\WINDOWS\System32\21906.exe not found!
File C:\WINDOWS\System32\gezibaju.exe not found!
File move failed. C:\WINDOWS\System32\drivers\rqxtfp.sys scheduled to be moved on reboot.
File C:\WINDOWS\System32\711046.BAT not found!
File C:\WINDOWS\System32\urhtps.dat not found!
File C:\WINDOWS\System32\winhelper86.dll not found!
File C:\WINDOWS\System32\musosami.dll not found!
File C:\WINDOWS\System32\tipezuku.dll not found!
File C:\WINDOWS\System32\rijiraza.dll not found!
File C:\WINDOWS\System32\23811.exe not found!
File C:\WINDOWS\System32\28703.exe not found!
File C:\WINDOWS\System32\9894.exe not found!
File C:\WINDOWS\System32\17035.exe not found!
File C:\WINDOWS\System32\26299.exe not found!
File C:\WINDOWS\System32\25667.exe not found!
File C:\WINDOWS\System32\19912.exe not found!
File C:\WINDOWS\System32\1869.exe not found!
File C:\WINDOWS\System32\11538.exe not found!
File C:\WINDOWS\System32\14771.exe not found!
File C:\WINDOWS\System32\21726.exe not found!
File C:\WINDOWS\System32\5447.exe not found!
File C:\WINDOWS\System32\19895.exe not found!
File C:\WINDOWS\System32\19718.exe not found!
File C:\WINDOWS\System32\18716.exe not found!
File C:\WINDOWS\System32\17421.exe not found!
File C:\WINDOWS\System32\12382.exe not found!
File C:\WINDOWS\System32\292.exe not found!
File C:\WINDOWS\System32\153.exe not found!
File C:\WINDOWS\System32\3902.exe not found!
File C:\WINDOWS\System32\14604.exe not found!
File C:\WINDOWS\System32\32391.exe not found!
File C:\WINDOWS\System32\5436.exe not found!
File C:\WINDOWS\System32\4827.exe not found!
File C:\WINDOWS\System32\11942.exe not found!
File C:\WINDOWS\System32\2995.exe not found!
File C:\WINDOWS\System32\491.exe not found!
File C:\WINDOWS\System32\9961.exe not found!
File C:\WINDOWS\System32\16827.exe not found!
File C:\WINDOWS\System32\23281.exe not found!
File C:\WINDOWS\System32\28145.exe not found!
File C:\WINDOWS\System32\5705.exe not found!
File C:\WINDOWS\System32\24464.exe not found!
File C:\WINDOWS\System32\26962.exe not found!
File C:\WINDOWS\System32\29358.exe not found!
File C:\WINDOWS\System32\11478.exe not found!
File C:\WINDOWS\System32\15724.exe not found!
File C:\WINDOWS\System32\19169.exe not found!
File C:\WINDOWS\System32\26500.exe not found!
File C:\WINDOWS\System32\6334.exe not found!
File C:\WINDOWS\System32\18467.exe not found!
File C:\WINDOWS\System32\41.exe not found!
C:\WINDOWS\System32\winlogon86.exe moved successfully.
File C:\WINDOWS\System32\siyizene.dll not found!
File C:\WINDOWS\System32\leopehgqqd78o.exe not found!
File C:\WINDOWS\System32\t1p0_593775141973.b1k not found!
File C:\WINDOWS\System32\t1p0_444989264064.b1k not found!
File C:\WINDOWS\System32\krncode.dat not found!
File C:\WINDOWS\System32\wincode.dat not found!
File C:\WINDOWS\System32\pwrcode.dat not found!
File C:\WINDOWS\System32\shifld2.old not found!
File C:\WINDOWS\System32\tdlcmd.dll not found!
C:\WINDOWS\System32\dukiwava.dll moved successfully.
File C:\WINDOWS\System32\yobiseha.dll not found!
C:\WINDOWS\System32\ladahawe.dll moved successfully.
C:\WINDOWS\System32\naruhogo.dll moved successfully.
C:\WINDOWS\System32\muwuhare.dll moved successfully.
C:\WINDOWS\System32\jesoyaru.dll moved successfully.
C:\WINDOWS\System32\yijeyenu.dll moved successfully.
C:\WINDOWS\System32\kafiseri.dll moved successfully.
File C:\WINDOWS\System32\fepabavi.dll not found!
C:\WINDOWS\System32\bahegope.dll moved successfully.
C:\WINDOWS\System32\bozilajo.dll moved successfully.
C:\WINDOWS\System32\hofonike.dll moved successfully.
C:\WINDOWS\System32\sayawoha.dll moved successfully.
C:\WINDOWS\System32\wopowupa.dll moved successfully.
C:\WINDOWS\System32\zivogima.dll moved successfully.
C:\WINDOWS\System32\hipofahi.dll moved successfully.
C:\WINDOWS\System32\sirodave.dll moved successfully.
C:\WINDOWS\System32\piyidaze.dll moved successfully.
C:\WINDOWS\System32\zehasipe.dll moved successfully.
C:\WINDOWS\System32\tobigude.dll moved successfully.
C:\WINDOWS\System32\gopeyuye.dll moved successfully.
C:\WINDOWS\System32\navepolu.dll moved successfully.
C:\WINDOWS\System32\lezarase.dll moved successfully.
C:\WINDOWS\System32\jonesuke.dll moved successfully.
C:\WINDOWS\System32\fejawoza.dll moved successfully.
C:\WINDOWS\System32\nisamuva.dll moved successfully.
C:\WINDOWS\System32\lubosuve.dll moved successfully.
C:\WINDOWS\System32\dobiyide.dll moved successfully.
C:\WINDOWS\System32\zinozobu.dll moved successfully.
C:\WINDOWS\System32\yafilore.dll moved successfully.
C:\WINDOWS\System32\jivesiye.dll moved successfully.
C:\WINDOWS\System32\guyeroso.dll moved successfully.
C:\WINDOWS\System32\yademejo.dll moved successfully.
C:\WINDOWS\System32\pilabuma.dll moved successfully.
C:\WINDOWS\System32\bidapoyi.dll moved successfully.
C:\WINDOWS\System32\yuteraji.dll moved successfully.
C:\WINDOWS\System32\lutehibe.dll moved successfully.
C:\WINDOWS\GMudSVgw.INI moved successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.12.0 fix logfile created on 12242009_054046