AHHHHH......i need help!!

blackdra · Dec 24, 2009

i restarted the computer and when i loged on i got an error message saying it could not find yobiseha.dll is that normal or dont have to worry about it now

blackdra · Dec 24, 2009

omg what ever that program just did brought out or w/e all types of virus in like one show from runadll.exe to project1.exe to like 5 or 6 other in one virus bombardment

peku006 · Dec 24, 2009

Hi blackdra

i restarted the computer and when i loged on i got an error message saying it could not find yobiseha.dll is that normal

do not worry it is normal,yobiseha.dll is a "bad guy", it is good that it is missing

:

Please try run combofix now

Please include the C:\ComboFix.txt in your next reply

Thanks peku006

blackdra · Dec 24, 2009

ok because of the bombardment i had to open taskmgr and shut down all those viruses that poped up because my computer started to lag very very very badly as soon as i did that wow my computer start going faster then it has had gone in months woo hooo finaly on the right path

blackdra · Dec 24, 2009

rejection:
windows can not find 32788r22fwjfw\IEXPLORE.exe
windows can not find 32788r22fwjfw\hidec.exe
:banghead::banghead:

peku006 · Dec 24, 2009

Hi blackdra

Let´s try Malwarebytes' Anti-Malware

go to C:\Program Files\Malwarebytes' Anti-Malware and find the file mbam.exe, right-click on the file and select Rename. Rename the file to blackdra.exe and double-click on it to see if it will run.

Thanks peku006

blackdra · Dec 24, 2009

ok i get mbam running but 6 second in and after finding 6 infected files i get a run time script error 9 and then the program shuts down

peku006 · Dec 24, 2009

Hi blackdra

Try run it in “Safe Mode”

blackdra · Dec 24, 2009

same problem it gets to 6 infected files then it give me a run error 9 then shuts down should i run s/b first then mbam ?

peku006 · Dec 25, 2009

Hi blackdra
nothing works :hair:

Download RootRepeal from the following location and save it to your desktop.
Unzip it to your Desktop
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Click the OK button
Check the box for your main system drive (Usually C, and Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

Thanks peku006

blackdra · Dec 26, 2009

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/12/25 19:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1CD3000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF799D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0BCF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\rqxtfp.sys
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a107068 Size: 2392

Hidden Services
-------------------
Service Name: rqxtfp
Image Path: C:\WINDOWS\system32\drivers\rqxtfp.sys

==EOF==

peku006 · Dec 26, 2009

Hi blackdra

Download OTM by Old Timer and save it to your Desktop.

Double-click OTM.exe to run it.
Paste the following code under the

area. Do not include the word Code.

Code:

:Services
rqxtfp

:Files
C:\WINDOWS\system32\drivers\rqxtfp.sys
:Commands
[emptytemp]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large

button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thanks peku006

blackdra · Dec 26, 2009

lol got freaked out for a sec there the computer gave me the blue screen of death and i was like o sh*t thankfully it was nothing and i tryed the program again (with out and programs running ) and it worked find

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named rqxtfp was found to stop!
Unable to stop service rqxtfp!
========== FILES ==========
File move failed. C:\WINDOWS\system32\drivers\rqxtfp.sys scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 103304 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Anne
->Temp folder emptied: 625373217 bytes
->Temporary Internet Files folder emptied: 5805964 bytes
->Java cache emptied: 49108207 bytes
->FireFox cache emptied: 99261081 bytes

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 0 bytes

User: Eric
->Temp folder emptied: 5415896 bytes
->Temporary Internet Files folder emptied: 7309724 bytes
->Java cache emptied: 77765384 bytes
->FireFox cache emptied: 86257007 bytes

User: Janet
->Temp folder emptied: 769222025 bytes
->Temporary Internet Files folder emptied: 13196500 bytes
->Java cache emptied: 647383 bytes
->FireFox cache emptied: 171454399 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 6284582 bytes
->Java cache emptied: 193467 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65938 bytes

User: Shawn
->Temp folder emptied: 1236184 bytes
->Temporary Internet Files folder emptied: 4120943 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40319845 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 5411457 bytes
Windows Temp folder emptied: 10937286 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 660595 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,889.00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 12262009_043525

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\rqxtfp.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

blackdra · Dec 26, 2009

should i run spy bot now cause i tryed mbam after still got the same runtime error

peku006 · Dec 26, 2009

Hi blackdra

should i run spy bot now cause i tryed mbam after still got the same runtime error

not yet.......

Download Avenger by Swandog and unzip it to your Desktop.

Note: This programme must be run from an account with Administrator priviledges.

Open the Avenger folder and double click Avenger.exe to launch the programme.
Copy the text in the code box below and Paste it into the Input script here: box.

Code:

Drivers to delete:
rqxtfp

Files to delete:
C:\WINDOWS\system32\drivers\rqxtfp.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Ensure the following:
- Scan for Rootkits is checked.
- Automatically disable any rootkits found is Unchecked.
Press the Execute key.
Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
Post the log back here please. (it can also be found at C:\avenger.txt)

Thanks peku006

blackdra · Dec 26, 2009

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "rqxtfp" deleted successfully.
File "C:\WINDOWS\system32\drivers\rqxtfp.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

peku006 · Dec 26, 2009

Hi blackdra

good job :bigthumb:

Run OTS

NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).

Thanks peku006

blackdra · Dec 26, 2009

Code:

OTS logfile created on: 12/26/2009 7:38:05 AM - Run 2
OTS by OldTimer - Version 3.1.12.0     Folder = c:\documents and settings\eric\desktop\computer fix
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 91.71 Gb Free Space | 82.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BLACKSILVER
Current User Name: Eric
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\computer fix\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
bartshel.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\BartShel.exe -> [2005/06/13 13:55:37 | 00,150,016 | ---- | M] (PeoplePC)
ppshared.exe -> C:\Program Files\PeoplePC\ISP6100\Browser\PPShared.exe -> [2005/06/13 13:55:37 | 00,092,672 | ---- | M] (PeoplePC)
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
ctsvccda.exe -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
 
[Modules - Safe List]
ots.exe -> c:\Documents and Settings\Eric\Desktop\computer fix\OTS.exe -> [2009/12/23 15:41:17 | 00,598,528 | ---- | M] (OldTimer Tools)
vuzofafu.dll -> C:\WINDOWS\system32\vuzofafu.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | M] ()
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -> [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(fastnetsrv) fastnetsrv  Service [Disabled | Stopped] ->  -> File not found
(SPService) SPService [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL -> [2009/12/10 10:59:19 | 00,057,856 | ---- | M] ()
(PCToolsFirewallPlus) PC Tools Firewall Plus [Auto | Stopped] -> C:\Program Files\PC Tools Firewall Plus\FWService.exe -> [2009/11/09 11:20:14 | 00,818,432 | ---- | M] (PC Tools)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2009/05/21 22:13:36 | 00,248,832 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2009/05/21 22:03:06 | 00,133,120 | ---- | M] (Hewlett-Packard Co.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/12/03 20:05:42 | 00,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/12/03 20:05:32 | 00,044,544 | ---- | M] (Hewlett-Packard)
(Viewpoint Manager Service) Viewpoint Manager Service [Disabled | Stopped] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(6to4) Network Security [Auto | Running] -> C:\WINDOWS\system32\6to4v32.dll -> [2004/08/04 00:56:44 | 00,061,440 | ---- | M] ()
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2001/09/25 11:32:50 | 00,065,536 | ---- | M] (America Online, Inc.)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running] -> C:\WINDOWS\system32\CTSVCCDA.EXE -> [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
 
[Driver Services - Safe List]
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
(pctNDIS) PC Tools Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis.sys -> [2009/11/24 08:54:56 | 00,056,512 | ---- | M] (PC Tools)
(PCTAppEvent) PCTAppEvent Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PCTAppEvent.sys -> [2009/11/23 13:54:20 | 00,088,040 | ---- | M] (PC Tools)
(PCTFW-PacketFilter) PCTools Firewall - Packet filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -> [2009/11/10 17:11:36 | 00,070,408 | ---- | M] (PC Tools)
(pctgntdi) pctgntdi [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pctgntdi.sys -> [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools)
(pctplfw) pctplfw [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pctplfw.sys -> [2009/10/16 16:55:00 | 00,115,216 | ---- | M] (PC Tools)
(PCTFW-DNS) PCTools Firewall - DNS driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -> [2009/08/14 13:44:18 | 00,032,552 | ---- | M] (PC Tools)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2009/04/28 14:20:06 | 00,044,944 | ---- | M] (Sonic Solutions)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2008/10/28 04:27:07 | 00,049,920 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2008/10/28 04:27:07 | 00,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2008/10/28 04:27:07 | 00,016,496 | R--- | M] (HP)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(winsts) winsts [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\winsts.sys -> [2004/08/04 00:56:44 | 00,002,304 | ---- | M] ()
(ndisdrv) ndisdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\ndisdrv.sys -> [2004/08/04 00:56:44 | 00,002,304 | ---- | M] ()
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rtl8139.sys -> [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(SunkFilt39) Alcor Micro Corp - 3239 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Sunkfilt39.sys -> [2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.)
(SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys -> [2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmsbw.sys -> [2004/01/29 20:13:06 | 00,122,110 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmnt5.sys -> [2004/01/29 20:13:06 | 00,095,579 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ialmkchw.sys -> [2004/01/29 20:13:04 | 00,099,002 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2004/01/16 15:21:48 | 00,012,970 | ---- | M] (Conexant)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\asctrm.sys -> [2004/01/01 05:38:00 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/13 19:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/13 19:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/08/21 02:31:52 | 00,462,940 | ---- | M] (Realtek Semiconductor Corp.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2003/08/14 09:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Rtlnic51.sys -> [2003/08/13 01:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation                           )
(CCCP106) CIF USB Camera (2110A) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\cccp106.sys -> [2003/04/28 05:03:36 | 00,227,200 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2001/09/27 13:00:26 | 00,028,396 | ---- | M] (America Online, Inc.)
(USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbio.sys -> [2001/05/07 04:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.emachines.com -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: SearchURL\\"provider" -> live -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyEnable" -> 1 -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\: "ProxyServer" -> localhost:8080 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Eric\Application Data\Mozilla\FireFox\Profiles\5f6awe7z.default\prefs.js -> 
browser.search.defaultenginename -> "Bing" ->
browser.search.defaulturl -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Yu-Gi-Oh! (en)" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.deviantart.com/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 ->
extensions.enabledItems -> {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> smartwebprinting@hp.com:4.5 ->
extensions.enabledItems -> {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 ->
extensions.enabledItems -> {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2 ->
extensions.enabledItems -> {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
keyword.URL -> "http://www.bing.com/search?FORM=IEFM1&q=" ->
network.proxy.ftp -> "proxy_sever" ->
network.proxy.ftp_port -> 8080 ->
network.proxy.gopher -> "proxy_sever" ->
network.proxy.gopher_port -> 8080 ->
network.proxy.http -> "proxy_sever" ->
network.proxy.http_port -> 8080 ->
network.proxy.socks -> "proxy_sever" ->
network.proxy.socks_port -> 8080 ->
network.proxy.ssl -> "proxy_sever" ->
network.proxy.ssl_port -> 8080 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\CompuServe 7.0\Extensions ->  -> 
HKLM\software\mozilla\CompuServe 7.0\Extensions\\ ->  -> 
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins -> C:\Program Files\Common Files\csshare\plugins0942 [C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS0942] -> [2007/09/27 04:14:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2009/12/04 09:14:58 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/16 09:37:44 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions -> [2008/06/18 07:09:46 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions -> [2009/12/25 18:57:19 | 00,000,000 | ---D | M]
ChatZilla   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/12/13 19:53:31 | 00,000,000 | ---D | M]
MidnightFox   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} -> [2009/06/25 05:12:29 | 00,000,000 | ---D | M]
Aquatint Black Gloss   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} -> [2008/10/16 16:17:32 | 00,000,000 | ---D | M]
Aluminium Kai 2   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c} -> [2008/05/21 19:22:55 | 00,000,000 | ---D | M]
PitchDark   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2009/07/10 07:53:06 | 00,000,000 | ---D | M]
Web Developer   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} -> [2009/07/10 07:53:11 | 00,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/12/13 19:53:32 | 00,000,000 | ---D | M]
Download Statusbar   -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/05/14 07:01:09 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bulbapedia-en.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\bulbapedia-en.xml -> [2009/02/17 05:59:40 | 00,001,431 | ---- | M] ()
 smogon.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\smogon.xml -> [2008/11/20 06:55:13 | 00,002,321 | ---- | M] ()
 yu-gi-oh-en.xml -> C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\5f6awe7z.default\searchplugins\yu-gi-oh-en.xml -> [2009/08/03 01:06:46 | 00,002,303 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/25 18:57:19 | 00,000,000 | ---D | M]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"00PCTFW" -> C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools)
"MSConfig" -> c:\windows\pchealth\helpctr\binaries\msconfig.exe [c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto] -> [2004/08/04 00:56:54 | 00,158,208 | ---- | M] (Microsoft Corporation)
"winupdate86.exe" -> C:\WINDOWS\system32\winupdate86.exe [C:\WINDOWS\system32\winupdate86.exe] -> [2009/09/26 05:16:37 | 00,022,016 | -HS- | M] (SWUsVvhddARXbqA)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"asg984jgkfmgasi8ug98jgkfgfb" -> C:\WINDOWS\TEMP\smss.exe [C:\WINDOWS\TEMP\smss.exe] -> File not found
"notepad" -> C:\WINDOWS\system32\config\systemprofile\ntload.dll [rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0] -> [2009/12/24 04:29:43 | 00,027,136 | -HS- | M] (Microsoft)
"ygua8e7yhuiesfha876yfauy8fe" -> C:\WINDOWS\TEMP\vvhhaul1od.exe [C:\WINDOWS\TEMP\vvhhaul1od.exe] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"asg984jgkfmgasi8ug98jgkfgfb" -> C:\WINDOWS\TEMP\smss.exe [C:\WINDOWS\TEMP\smss.exe] -> File not found
"notepad" -> C:\WINDOWS\system32\config\systemprofile\ntload.dll [rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0] -> [2009/12/24 04:29:43 | 00,027,136 | -HS- | M] (Microsoft)
"ygua8e7yhuiesfha876yfauy8fe" -> C:\WINDOWS\TEMP\vvhhaul1od.exe [C:\WINDOWS\TEMP\vvhhaul1od.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Anne Startup Folder > -> C:\Documents and Settings\Anne\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup -> 
< Janet Startup Folder > -> C:\Documents and Settings\Janet\Start Menu\Programs\Startup -> 
< Shawn Startup Folder > -> C:\Documents and Settings\Shawn\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoSetActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
\\"NoFolderOptions" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableTaskMgr" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoSetActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
\\"NoFolderOptions" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableTaskMgr" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> c:\Program Files\aim\aim.exe [Button: AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> c:\Program Files\aim\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/05/21 21:54:18 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> c:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Reg Error: Value error.] -> File not found
CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\] > -> HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
c:\windows\system32\yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll -> File not found
fepabavi.dll ->  -> File not found
vuzofafu.dll -> C:\WINDOWS\System32\vuzofafu.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | M] ()
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\winlogon86.exe -> C:\WINDOWS\system32\winlogon86.exe -> [2009/09/26 05:16:37 | 00,022,016 | -HS- | M] (SWUsVvhddARXbqA)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/01/29 20:13:24 | 00,323,584 | ---- | M] (Intel Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\System32\yobiseha.dll [rehirodup] -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\System32\yobiseha.dll [mujuzedij] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe" -> C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe [C:\Documents and Settings\Anne\My Documents\silverchild_24\VamPChaT\mirc.exe:*:Enabled:mIRC] -> [2003/06/01 21:40:46 | 01,790,464 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\aim\aim.exe" -> C:\Program Files\aim\aim.exe [C:\Program Files\aim\aim.exe:*:Enabled:AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:googletalk] -> [2007/01/01 15:22:02 | 03,739,648 | ---- | M] (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> File not found
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\InternetSecurity2010\IS2010.exe" -> C:\Program Files\InternetSecurity2010\IS2010.exe [C:\Program Files\InternetSecurity2010\IS2010.exe:*:Enabled:is2010] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2009/12/16 09:37:36 | 00,307,672 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe" -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe [C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:MSN Explorer] -> [2003/03/31 06:00:00 | 00,094,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Paltalk Messenger\paltalk.exe" -> C:\Program Files\Paltalk Messenger\paltalk.exe [C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene] -> File not found
"C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -> C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe:*:Enabled:firewallgui] -> [2009/11/27 17:50:08 | 02,971,608 | ---- | M] (PC Tools)
"C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe" -> C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe [C:\Program Files\PeoplePC\ISP6100\Bin\PPCOLink.exe:*:Enabled:ppcolink] -> [2005/06/13 13:55:37 | 00,020,480 | ---- | M] (PeoplePC)
"C:\Program Files\Pidgin\pidgin.exe" -> C:\Program Files\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2009/08/19 09:03:42 | 00,045,603 | ---- | M] (The Pidgin developer community)
"C:\Program Files\PurePlay\Poker\PurePlayPoker.exe" -> C:\Program Files\PurePlay\Poker\PurePlayPoker.exe [C:\Program Files\PurePlay\Poker\PurePlayPoker.exe:*:Enabled:PurePlay Poker] -> [2007/08/24 14:16:46 | 01,036,288 | ---- | M] (CyberArts Licensing LLC)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:spybotsd] -> [2009/01/26 15:31:12 | 05,365,592 | RHS- | M] (Safer Networking Limited)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe:*:Enabled:msconfig] -> [2004/08/04 00:56:54 | 00,158,208 | ---- | M] (Microsoft Corporation)
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/01/01 04:18:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 Avenger -> C:\Avenger -> [2009/12/26 07:10:24 | 00,000,000 | ---D | C]
 _OTM -> C:\_OTM -> [2009/12/26 04:27:02 | 00,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/24 07:49:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/24 07:49:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
 32788R22FWJFW -> C:\32788R22FWJFW -> [2009/12/24 06:44:42 | 00,000,000 | ---D | C]
 Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2009/12/24 06:27:11 | 00,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2009/12/24 06:14:04 | 00,000,000 | ---D | M]
 msaouahn.dll -> C:\WINDOWS\System32\msaouahn.dll -> [2009/12/24 05:54:37 | 00,032,768 | ---- | C] (USA)
 winupdate86.exe -> C:\WINDOWS\System32\winupdate86.exe -> [2009/12/24 05:54:08 | 00,022,016 | -HS- | C] (SWUsVvhddARXbqA)
 winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe -> [2009/12/24 05:54:08 | 00,022,016 | -HS- | C] (SWUsVvhddARXbqA)
 srwq.exe -> C:\srwq.exe -> [2009/12/24 05:54:03 | 00,155,648 | ---- | C] (Microsoft Corporation)
 waxfhosk.exe -> C:\waxfhosk.exe -> [2009/12/24 05:53:58 | 00,031,232 | ---- | C] (EaGgfFYBq)
 cock -> C:\WINDOWS\System32\cock -> [2009/12/24 05:44:47 | 00,000,000 | ---D | C]
 xmldm -> C:\WINDOWS\System32\xmldm -> [2009/12/24 05:42:44 | 00,000,000 | ---D | C]
 _OTS -> C:\_OTS -> [2009/12/24 05:40:46 | 00,000,000 | ---D | C]
 nsysw.dat -> C:\WINDOWS\System32\nsysw.dat -> [2009/12/24 04:29:43 | 00,670,208 | ---- | C] (Microsoft Corporation)
 AcroIEHelpe.dll -> C:\WINDOWS\System32\AcroIEHelpe.dll -> [2009/12/24 04:29:34 | 00,191,768 | ---- | C] (Adobe Systems, Incorporated)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/22 06:59:40 | 00,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\Eric\Application Data\Malwarebytes -> [2009/12/22 06:56:22 | 00,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/22 06:56:14 | 00,000,000 | ---D | C]
 computer fix -> C:\Documents and Settings\Eric\Desktop\computer fix -> [2009/12/22 06:48:07 | 00,000,000 | ---D | C]
 PCToolsFirewallPlus -> C:\Documents and Settings\Eric\Application Data\PCToolsFirewallPlus -> [2009/12/20 08:16:51 | 00,000,000 | ---D | C]
 PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/12/20 08:15:31 | 00,207,792 | ---- | C] (PC Tools)
 PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/12/20 08:15:31 | 00,088,040 | ---- | C] (PC Tools)
 pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/12/20 08:15:29 | 00,233,136 | ---- | C] (PC Tools)
 pctNdis-PacketFilter.sys -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys -> [2009/12/20 08:15:08 | 00,070,408 | ---- | C] (PC Tools)
 pctNdis.sys -> C:\WINDOWS\System32\drivers\pctNdis.sys -> [2009/12/20 08:15:08 | 00,056,512 | ---- | C] (PC Tools)
 pctNdis-DNS.sys -> C:\WINDOWS\System32\drivers\pctNdis-DNS.sys -> [2009/12/20 08:15:08 | 00,032,552 | ---- | C] (PC Tools)
 PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/12/20 08:15:08 | 00,000,000 | ---D | C]
 pctplfw.sys -> C:\WINDOWS\System32\drivers\pctplfw.sys -> [2009/12/20 08:15:05 | 00,115,216 | ---- | C] (PC Tools)
 PC Tools Firewall Plus -> C:\Program Files\PC Tools Firewall Plus -> [2009/12/20 08:15:03 | 00,000,000 | ---D | C]
 AdobeUM -> C:\Documents and Settings\LocalService\Application Data\AdobeUM -> [2009/12/14 20:28:17 | 00,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2009/12/14 20:28:17 | 00,000,000 | ---D | M]
 MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2009/12/14 03:02:47 | 00,000,000 | ---D | C]
 PIF -> C:\WINDOWS\PIF -> [2009/12/13 10:54:39 | 00,000,000 | -H-D | C]
 .clamwin -> C:\Documents and Settings\Eric\Application Data\.clamwin -> [2009/12/11 23:42:17 | 00,000,000 | ---D | C]
 .clamwin -> C:\Documents and Settings\All Users\.clamwin -> [2009/12/11 23:41:39 | 00,000,000 | ---D | C]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/12/11 15:30:36 | 00,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/12/11 15:28:59 | 00,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2009/12/11 15:27:04 | 00,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/12/04 22:20:57 | 00,000,000 | ---D | M]
 HPAppData -> C:\Documents and Settings\Eric\Application Data\HPAppData -> [2009/12/04 16:06:23 | 00,000,000 | ---D | C]
 WEBREG -> C:\Documents and Settings\All Users\Application Data\WEBREG -> [2009/12/04 09:18:29 | 00,000,000 | ---D | C]
 HPZipr12.sys -> C:\WINDOWS\System32\drivers\HPZipr12.sys -> [2009/12/04 09:17:00 | 00,016,496 | R--- | C] (HP)
 HPZid412.sys -> C:\WINDOWS\System32\drivers\HPZid412.sys -> [2009/12/04 09:16:58 | 00,049,920 | R--- | C] (HP)
 hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2009/12/04 09:16:33 | 00,452,408 | R--- | C] (Hewlett-Packard)
 hpf3l70v.dll -> C:\WINDOWS\System32\hpf3l70v.dll -> [2009/12/04 09:16:33 | 00,123,904 | ---- | C] (Hewlett-Packard Company)
 HPZius12.sys -> C:\WINDOWS\System32\drivers\HPZius12.sys -> [2009/12/04 09:16:24 | 00,021,568 | R--- | C] (HP)
 hposwia_d02c.dll -> C:\WINDOWS\System32\hposwia_d02c.dll -> [2009/12/04 09:16:07 | 00,712,704 | R--- | C] (Hewlett-Packard)
 hpost_d02c.dll -> C:\WINDOWS\System32\hpost_d02c.dll -> [2009/12/04 09:16:07 | 00,589,824 | R--- | C] (Hewlett-Packard Co.)
 hppldcoi.dll -> C:\WINDOWS\System32\hppldcoi.dll -> [2009/12/04 09:16:07 | 00,372,736 | R--- | C] (Hewlett-Packard)
 hposc_d02a.dll -> C:\WINDOWS\System32\hposc_d02a.dll -> [2009/12/04 09:16:07 | 00,315,392 | R--- | C] (Hewlett-Packard Co.)
 difxapi.dll -> C:\WINDOWS\System32\difxapi.dll -> [2009/12/04 09:16:07 | 00,309,760 | R--- | C] (Microsoft Corporation)
 HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2009/12/04 09:13:17 | 00,000,000 | ---D | C]
 HP -> C:\Program Files\Common Files\HP -> [2009/12/04 09:11:53 | 00,000,000 | ---D | C]
 Hewlett-Packard -> C:\Program Files\Common Files\Hewlett-Packard -> [2009/12/04 09:11:25 | 00,000,000 | ---D | C]
 HP -> C:\Documents and Settings\All Users\Application Data\HP -> [2009/12/04 09:11:10 | 00,000,000 | ---D | C]
 HP -> C:\Program Files\HP -> [2009/12/04 09:10:05 | 00,000,000 | ---D | C]
 usbscan.sys -> C:\WINDOWS\System32\dllcache\usbscan.sys -> [2009/12/04 08:48:27 | 00,015,104 | ---- | C] (Microsoft Corporation)
 usbprint.sys -> C:\WINDOWS\System32\dllcache\usbprint.sys -> [2009/12/04 08:48:24 | 00,025,856 | ---- | C] (Microsoft Corporation)
 pss -> C:\WINDOWS\pss -> [2009/12/02 14:33:53 | 00,000,000 | ---D | C]
 UAs -> C:\WINDOWS\System32\UAs -> [2009/12/02 12:35:20 | 00,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2009/11/29 01:14:34 | 00,000,000 | ---D | M]
 Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2009/11/29 00:24:21 | 00,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/29 00:04:44 | 00,000,000 | ---D | M]
 nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | C] (Microsoft Corporation)
 olsysk.dat -> C:\WINDOWS\System32\olsysk.dat -> [2009/11/28 01:23:16 | 00,986,112 | ---- | C] (Microsoft Corporation)
 nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/11/28 01:23:16 | 00,670,208 | ---- | C] (Microsoft Corporation)
 olsysw.dat -> C:\WINDOWS\System32\olsysw.dat -> [2009/11/28 01:23:16 | 00,662,016 | ---- | C] (Microsoft Corporation)
 nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/11/28 01:23:16 | 00,021,504 | ---- | C] (Microsoft Corporation)
 olsysp.dat -> C:\WINDOWS\System32\olsysp.dat -> [2009/11/28 01:23:16 | 00,017,408 | ---- | C] (Microsoft Corporation)
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2004/01/01 04:20:36 | 00,000,000 | ---D | M]
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 dufubuga -> C:\WINDOWS\System32\dufubuga -> [2009/12/26 07:39:39 | 00,011,168 | -H-- | M] ()
 ntuser.dat -> C:\Documents and Settings\Eric\ntuser.dat -> [2009/12/26 07:38:00 | 05,505,024 | ---- | M] ()
 winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/26 07:11:39 | 00,000,000 | ---- | M] ()
 AVR10.exe -> C:\WINDOWS\System32\AVR10.exe -> [2009/12/26 07:11:39 | 00,000,000 | ---- | M] ()
 41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/26 07:11:39 | 00,000,000 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/26 07:10:49 | 00,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/26 07:10:43 | 00,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2009/12/26 07:10:41 | 13,333,17632 | -HS- | M] ()
 ntuser.ini -> C:\Documents and Settings\Eric\ntuser.ini -> [2009/12/26 07:08:58 | 00,000,178 | -HS- | M] ()
 wushskrw.job -> C:\WINDOWS\tasks\wushskrw.job -> [2009/12/26 07:00:00 | 00,000,296 | ---- | M] ()
 urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/26 06:48:11 | 00,000,029 | ---- | M] ()
 tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/12/26 06:46:58 | 00,025,600 | ---- | M] ()
 pufikere.dll -> C:\WINDOWS\System32\pufikere.dll -> [2009/12/26 05:19:07 | 00,024,225 | -HS- | M] ()
 rurirovi.dll -> C:\WINDOWS\System32\rurirovi.dll -> [2009/12/26 05:19:07 | 00,017,426 | -HS- | M] ()
 critical_warning.html -> C:\WINDOWS\System32\critical_warning.html -> [2009/12/26 04:42:16 | 00,002,854 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2009/12/26 04:16:39 | 00,000,658 | ---- | M] ()
 system.ini -> C:\WINDOWS\system.ini -> [2009/12/26 04:16:39 | 00,000,227 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2009/12/26 04:16:39 | 00,000,211 | RHS- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/25 18:38:37 | 00,001,158 | ---- | M] ()
 uwlwfa.exe -> C:\uwlwfa.exe -> [2009/12/24 05:55:02 | 00,052,736 | ---- | M] ()
 srwq.exe -> C:\srwq.exe -> [2009/12/24 05:54:47 | 00,155,648 | ---- | M] (Microsoft Corporation)
 msaouahn.dll -> C:\WINDOWS\System32\msaouahn.dll -> [2009/12/24 05:54:37 | 00,032,768 | ---- | M] (USA)
 haypsixd.exe -> C:\haypsixd.exe -> [2009/12/24 05:54:36 | 00,050,688 | ---- | M] ()
 ezdr3.dll -> C:\WINDOWS\System32\ezdr3.dll -> [2009/12/24 05:54:19 | 00,015,000 | ---- | M] ()
 waxfhosk.exe -> C:\waxfhosk.exe -> [2009/12/24 05:54:05 | 00,031,232 | ---- | M] (EaGgfFYBq)
 tuwatoba.exe -> C:\WINDOWS\System32\tuwatoba.exe -> [2009/12/24 04:29:50 | 00,002,098 | -HS- | M] ()
 ragutali.dll -> C:\WINDOWS\System32\ragutali.dll -> [2009/12/24 04:29:50 | 00,002,098 | -HS- | M] ()
 kernel32.dll -> C:\WINDOWS\System32\dllcache\kernel32.dll -> [2009/12/24 04:29:43 | 00,994,304 | ---- | M] (Microsoft Corporation)
 wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2009/12/24 04:29:43 | 00,670,208 | ---- | M] (Microsoft Corporation)
 nsysw.dat -> C:\WINDOWS\System32\nsysw.dat -> [2009/12/24 04:29:43 | 00,670,208 | ---- | M] (Microsoft Corporation)
 notepad.dll -> C:\WINDOWS\System32\notepad.dll -> [2009/12/24 04:29:43 | 00,027,136 | -HS- | M] (Microsoft)
 wincode.res -> C:\WINDOWS\System32\wincode.res -> [2009/12/24 04:29:43 | 00,023,920 | ---- | M] ()
 powrprof.dll -> C:\WINDOWS\System32\powrprof.dll -> [2009/12/24 04:29:43 | 00,021,504 | ---- | M] (Microsoft Corporation)
 nsysp.ini -> C:\WINDOWS\System32\nsysp.ini -> [2009/12/24 04:29:43 | 00,021,504 | ---- | M] (Microsoft Corporation)
 krnkode.res -> C:\WINDOWS\System32\krnkode.res -> [2009/12/24 04:29:43 | 00,006,474 | ---- | M] ()
 pwrcode.res -> C:\WINDOWS\System32\pwrcode.res -> [2009/12/24 04:29:43 | 00,001,617 | ---- | M] ()
 AcroIEHelpe.dll -> C:\WINDOWS\System32\AcroIEHelpe.dll -> [2009/12/24 04:29:34 | 00,191,768 | ---- | M] (Adobe Systems, Incorporated)
 hosms -> C:\WINDOWS\System32\drivers\etc\hosms -> [2009/12/24 04:29:09 | 00,000,767 | ---- | M] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | M] ()
 IconCache.db -> C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db -> [2009/12/18 17:07:10 | 03,285,992 | -H-- | M] ()
 .recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | M] ()
 nsysw.ini -> C:\WINDOWS\System32\nsysw.ini -> [2009/12/14 05:24:07 | 00,670,208 | ---- | M] (Microsoft Corporation)
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/14 05:19:51 | 00,355,944 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/14 05:19:51 | 00,311,604 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/14 05:19:51 | 00,039,992 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/14 03:43:50 | 00,001,393 | ---- | M] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/12/12 11:25:48 | 00,000,049 | ---- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/12/10 12:12:08 | 00,040,952 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/08 18:25:03 | 00,153,176 | ---- | M] ()
 hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:18:17 | 00,160,881 | ---- | M] ()
 HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 | 00,001,018 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
 ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | M] ()
 user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | M] ()
 nsysd.ini -> C:\WINDOWS\System32\nsysd.ini -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
 dnsapi.dll -> C:\WINDOWS\System32\dllcache\dnsapi.dll -> [2009/11/28 01:23:17 | 00,148,992 | ---- | M] (Microsoft Corporation)
 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

blackdra · Dec 26, 2009

part 2

[Files - No Company Name]
pufikere.dll -> C:\WINDOWS\System32\pufikere.dll -> [2009/12/26 05:19:07 | 00,024,225 | -HS- | C] ()
rurirovi.dll -> C:\WINDOWS\System32\rurirovi.dll -> [2009/12/26 05:19:07 | 00,017,426 | -HS- | C] ()
wushskrw.job -> C:\WINDOWS\tasks\wushskrw.job -> [2009/12/26 05:18:50 | 00,000,296 | ---- | C] ()
41.exe -> C:\WINDOWS\System32\41.exe -> [2009/12/26 05:17:31 | 00,000,000 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/12/24 15:08:10 | 13,333,17632 | -HS- | C] ()
AVR10.exe -> C:\WINDOWS\System32\AVR10.exe -> [2009/12/24 05:56:50 | 00,000,000 | ---- | C] ()
winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll -> [2009/12/24 05:56:40 | 00,000,000 | ---- | C] ()
uwlwfa.exe -> C:\uwlwfa.exe -> [2009/12/24 05:54:50 | 00,052,736 | ---- | C] ()
haypsixd.exe -> C:\haypsixd.exe -> [2009/12/24 05:54:22 | 00,050,688 | ---- | C] ()
ezdr3.dll -> C:\WINDOWS\System32\ezdr3.dll -> [2009/12/24 05:54:19 | 00,015,000 | ---- | C] ()
critical_warning.html -> C:\WINDOWS\System32\critical_warning.html -> [2009/12/24 05:54:09 | 00,002,854 | ---- | C] ()
tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll -> [2009/12/24 05:49:41 | 00,025,600 | ---- | C] ()
urhtps.dat -> C:\WINDOWS\System32\urhtps.dat -> [2009/12/24 05:49:32 | 00,000,029 | ---- | C] ()
tuwatoba.exe -> C:\WINDOWS\System32\tuwatoba.exe -> [2009/12/24 04:29:50 | 00,002,098 | -HS- | C] ()
ragutali.dll -> C:\WINDOWS\System32\ragutali.dll -> [2009/12/24 04:29:50 | 00,002,098 | -HS- | C] ()
wincode.res -> C:\WINDOWS\System32\wincode.res -> [2009/12/24 04:29:43 | 00,023,920 | ---- | C] ()
krnkode.res -> C:\WINDOWS\System32\krnkode.res -> [2009/12/24 04:29:43 | 00,006,474 | ---- | C] ()
pwrcode.res -> C:\WINDOWS\System32\pwrcode.res -> [2009/12/24 04:29:43 | 00,001,617 | ---- | C] ()
PCTAppEvent.cat -> C:\WINDOWS\System32\drivers\PCTAppEvent.cat -> [2009/12/20 08:15:31 | 00,007,412 | ---- | C] ()
pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/12/20 08:15:31 | 00,007,383 | ---- | C] ()
pctgntdi.cat -> C:\WINDOWS\System32\drivers\pctgntdi.cat -> [2009/12/20 08:15:29 | 00,007,387 | ---- | C] ()
pctNdis-PacketFilter.cat -> C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat -> [2009/12/20 08:15:08 | 00,007,435 | ---- | C] ()
pctNdis-DNS.cat -> C:\WINDOWS\System32\drivers\pctNdis-DNS.cat -> [2009/12/20 08:15:08 | 00,007,399 | ---- | C] ()
pctplfw.cat -> C:\WINDOWS\System32\drivers\pctplfw.cat -> [2009/12/20 08:15:05 | 00,007,383 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/20 07:14:11 | 00,000,000 | RHS- | C] ()
.recently-used.xbel -> C:\Documents and Settings\Eric\.recently-used.xbel -> [2009/12/17 08:58:52 | 00,000,218 | ---- | C] ()
HP Solution Center.lnk -> C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> [2009/12/04 09:13:11 | 00,001,018 | ---- | C] ()
hpoins44.dat -> C:\WINDOWS\hpoins44.dat -> [2009/12/04 09:07:54 | 00,160,881 | ---- | C] ()
hpomdl44.dat -> C:\WINDOWS\hpomdl44.dat -> [2009/12/04 09:07:53 | 00,000,586 | ---- | C] ()
hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/12/04 08:45:19 | 00,001,043 | ---- | C] ()
ShellFolder -> C:\WINDOWS\System32\ShellFolder -> [2009/12/03 01:36:12 | 00,002,805 | ---- | C] ()
user.cfg -> C:\WINDOWS\System32\user.cfg -> [2009/12/02 12:35:20 | 00,000,017 | ---- | C] ()
timinebe.dll -> C:\WINDOWS\System32\timinebe.dll -> [2009/09/26 05:16:59 | 00,045,568 | -HS- | C] ()
sehameyi.dll -> C:\WINDOWS\System32\sehameyi.dll -> [2009/09/26 05:16:37 | 00,039,424 | -HS- | C] ()
lidanufu.dll -> C:\WINDOWS\System32\lidanufu.dll -> [2009/09/26 05:16:36 | 00,061,440 | -HS- | C] ()
vuzofafu.dll -> C:\WINDOWS\System32\vuzofafu.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | C] ()
nefavega.dll -> C:\WINDOWS\System32\nefavega.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | C] ()
hidumule.dll -> C:\WINDOWS\System32\hidumule.dll -> [2009/09/24 05:55:03 | 00,052,736 | -HS- | C] ()
ALBUM.INI -> C:\WINDOWS\ALBUM.INI -> [2006/12/07 17:28:03 | 00,000,086 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2006/12/02 15:37:38 | 00,363,520 | ---- | C] ()
DC2110a.ini -> C:\WINDOWS\DC2110a.ini -> [2006/11/27 16:06:06 | 00,000,321 | R--- | C] ()
dcccp106.dll -> C:\WINDOWS\System32\dcccp106.dll -> [2006/11/27 16:06:05 | 00,061,440 | R--- | C] ()
cccp106.ini -> C:\WINDOWS\cccp106.ini -> [2006/11/27 16:06:05 | 00,015,542 | R--- | C] ()
vcccp106.dll -> C:\WINDOWS\System32\vcccp106.dll -> [2006/11/27 16:06:04 | 00,045,056 | R--- | C] ()
cccp106.sys -> C:\WINDOWS\System32\drivers\cccp106.sys -> [2006/11/27 16:06:03 | 00,227,200 | R--- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2006/11/11 22:01:59 | 00,000,029 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2006/11/11 20:13:22 | 00,000,049 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/11/11 16:31:39 | 00,000,002 | ---- | C] ()
DIV_IYUV.DLL -> C:\WINDOWS\DIV_IYUV.DLL -> [2006/11/11 16:27:34 | 00,032,768 | ---- | C] ()
JPGL.DLL -> C:\WINDOWS\JPGL.DLL -> [2006/11/11 16:27:33 | 00,036,864 | ---- | C] ()
videoimp.ini -> C:\WINDOWS\videoimp.ini -> [2006/11/11 16:26:37 | 00,000,746 | ---- | C] ()
vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/11/11 16:26:20 | 00,010,240 | ---- | C] ()
IECodecPlg.dll -> C:\WINDOWS\IECodecPlg.dll -> [2005/12/01 17:39:22 | 00,113,152 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2004/12/19 07:29:40 | 00,106,496 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2004/12/19 07:17:10 | 00,614,400 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/01/03 21:00:49 | 00,000,061 | ---- | C] ()
winamp.ini -> C:\WINDOWS\winamp.ini -> [2004/01/01 05:46:42 | 00,000,132 | ---- | C] ()
net2fone.ini -> C:\WINDOWS\net2fone.ini -> [2004/01/01 05:46:08 | 00,000,310 | ---- | C] ()
avrack.ini -> C:\WINDOWS\avrack.ini -> [2004/01/01 04:55:12 | 00,000,164 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/01/01 03:06:58 | 00,001,094 | ---- | C] ()
emver.ini -> C:\WINDOWS\System32\emver.ini -> [2004/01/01 03:06:58 | 00,000,467 | ---- | C] ()
Iasv32.dll -> C:\WINDOWS\System32\Iasv32.dll -> [2004/01/01 03:06:27 | 00,061,440 | ---- | C] ()
6to4v32.dll -> C:\WINDOWS\System32\6to4v32.dll -> [2004/01/01 03:06:27 | 00,061,440 | ---- | C] ()
winsts.sys -> C:\WINDOWS\System32\winsts.sys -> [2004/01/01 03:06:27 | 00,002,304 | ---- | C] ()
ndisdrv.sys -> C:\WINDOWS\System32\ndisdrv.sys -> [2004/01/01 03:06:27 | 00,002,304 | ---- | C] ()
FInstall.sys -> C:\WINDOWS\System32\FInstall.sys -> [2003/03/31 06:00:00 | 00,000,004 | ---- | C] ()
OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 12:42:56 | 00,237,568 | ---- | C] ()
VorbisEnc.dll -> C:\WINDOWS\System32\VorbisEnc.dll -> [2002/10/04 17:04:24 | 00,921,600 | ---- | C] ()
vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/10/04 17:04:24 | 00,188,416 | ---- | C] ()
ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/10/04 17:04:16 | 00,045,056 | ---- | C] ()
mp4fil32.dll -> C:\WINDOWS\System32\mp4fil32.dll -> [2002/05/15 17:38:40 | 00,091,136 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 2956 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >
[/code]

peku006 · Dec 26, 2009

Hi blackdra

Start OTS. Copy/Paste the information in the Code box below into the panel where it says Paste fix here and then click the Run Fix button.

Code:

[Win32 Services - Safe List]
YY -> (6to4) Network Security [Auto | Running] -> C:\WINDOWS\system32\6to4v32.dll
[Driver Services - Safe List]
YY -> (winsts) winsts [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\winsts.sys
YY -> (ndisdrv) ndisdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\ndisdrv.sys
[Registry - Safe List]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "asg984jgkfmgasi8ug98jgkfgfb" -> C:\WINDOWS\TEMP\smss.exe [C:\WINDOWS\TEMP\smss.exe]
YN -> "ygua8e7yhuiesfha876yfauy8fe" -> C:\WINDOWS\TEMP\vvhhaul1od.exe [C:\WINDOWS\TEMP\vvhhaul1od.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "asg984jgkfmgasi8ug98jgkfgfb" -> C:\WINDOWS\TEMP\smss.exe [C:\WINDOWS\TEMP\smss.exe]
YN -> "ygua8e7yhuiesfha876yfauy8fe" -> C:\WINDOWS\TEMP\vvhhaul1od.exe [C:\WINDOWS\TEMP\vvhhaul1od.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> c:\windows\system32\yobiseha.dll -> C:\WINDOWS\System32\yobiseha.dll
YN -> fepabavi.dll -> 
YY -> vuzofafu.dll -> C:\WINDOWS\System32\vuzofafu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\winlogon86.exe -> C:\WINDOWS\system32\winlogon86.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> "{3c80fcc8-b88d-4740-bcec-d2d122abcbe9}" [HKLM] -> C:\WINDOWS\System32\yobiseha.dll [mujuzedij]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\InternetSecurity2010\IS2010.exe" -> C:\Program Files\InternetSecurity2010\IS2010.exe [C:\Program Files\InternetSecurity2010\IS2010.exe:*:Enabled:is2010]
[Files/Folders - Created Within 30 Days]
NY -> msaouahn.dll -> C:\WINDOWS\System32\msaouahn.dll
NY -> winupdate86.exe -> C:\WINDOWS\System32\winupdate86.exe
NY -> winlogon86.exe -> C:\WINDOWS\System32\winlogon86.exe
NY -> waxfhosk.exe -> C:\waxfhosk.exe
NY -> cock -> C:\WINDOWS\System32\cock
NY -> nsysd.ini -> C:\WINDOWS\System32\nsysd.ini
NY -> olsysk.dat -> C:\WINDOWS\System32\olsysk.dat
NY -> nsysw.ini -> C:\WINDOWS\System32\nsysw.ini
NY -> olsysw.dat -> C:\WINDOWS\System32\olsysw.dat
NY -> nsysp.ini -> C:\WINDOWS\System32\nsysp.ini
NY -> olsysp.dat -> C:\WINDOWS\System32\olsysp.dat
[Files/Folders - Modified Within 30 Days]
NY -> dufubuga -> C:\WINDOWS\System32\dufubuga
NY -> winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll
NY -> AVR10.exe -> C:\WINDOWS\System32\AVR10.exe
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> wushskrw.job -> C:\WINDOWS\tasks\wushskrw.job
NY -> tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll
NY -> pufikere.dll -> C:\WINDOWS\System32\pufikere.dll
NY -> rurirovi.dll -> C:\WINDOWS\System32\rurirovi.dll
NY -> uwlwfa.exe -> C:\uwlwfa.exe
NY -> msaouahn.dll -> C:\WINDOWS\System32\msaouahn.dll
NY -> haypsixd.exe -> C:\haypsixd.exe
NY -> ezdr3.dll -> C:\WINDOWS\System32\ezdr3.dll
NY -> waxfhosk.exe -> C:\waxfhosk.exe
NY -> tuwatoba.exe -> C:\WINDOWS\System32\tuwatoba.exe
NY -> ragutali.dll -> C:\WINDOWS\System32\ragutali.dll
NY -> wincode.res -> C:\WINDOWS\System32\wincode.res
NY -> krnkode.res -> C:\WINDOWS\System32\krnkode.res
NY -> pwrcode.res -> C:\WINDOWS\System32\pwrcode.res
[Files - No Company Name]
NY -> pufikere.dll -> C:\WINDOWS\System32\pufikere.dll
NY -> rurirovi.dll -> C:\WINDOWS\System32\rurirovi.dll
NY -> wushskrw.job -> C:\WINDOWS\tasks\wushskrw.job
NY -> 41.exe -> C:\WINDOWS\System32\41.exe
NY -> AVR10.exe -> C:\WINDOWS\System32\AVR10.exe
NY -> winhelper86.dll -> C:\WINDOWS\System32\winhelper86.dll
NY -> uwlwfa.exe -> C:\uwlwfa.exe
NY -> haypsixd.exe -> C:\haypsixd.exe
NY -> ezdr3.dll -> C:\WINDOWS\System32\ezdr3.dll
NY -> tdlcmd.dll -> C:\WINDOWS\System32\tdlcmd.dll
NY -> urhtps.dat -> C:\WINDOWS\System32\urhtps.dat
NY -> tuwatoba.exe -> C:\WINDOWS\System32\tuwatoba.exe
NY -> ragutali.dll -> C:\WINDOWS\System32\ragutali.dll
NY -> wincode.res -> C:\WINDOWS\System32\wincode.res
NY -> krnkode.res -> C:\WINDOWS\System32\krnkode.res
NY -> pwrcode.res -> C:\WINDOWS\System32\pwrcode.res
NY -> user.cfg -> C:\WINDOWS\System32\user.cfg
NY -> timinebe.dll -> C:\WINDOWS\System32\timinebe.dll
NY -> sehameyi.dll -> C:\WINDOWS\System32\sehameyi.dll
NY -> lidanufu.dll -> C:\WINDOWS\System32\lidanufu.dll
NY -> vuzofafu.dll -> C:\WINDOWS\System32\vuzofafu.dll
NY -> nefavega.dll -> C:\WINDOWS\System32\nefavega.dll
NY -> hidumule.dll -> C:\WINDOWS\System32\hidumule.dll
NY -> psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll
NY -> DC2110a.ini -> C:\WINDOWS\DC2110a.ini
NY -> atid.ini -> C:\WINDOWS\atid.ini

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here.

peku006

AHHHHH......i need help!!

New member

New member

Emeritus- Security Expert

New member

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

New member

Emeritus- Security Expert