Malwarebytes Forum > Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Full Version: Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs

Chuck Q

Oct 21 2009, 08:02 AM

Hello, i am infected with Windows Police Pro, and Security Tool malware programs, i removed all the files from them that i could find but malwarebytes still wont run. It will run briefly after i install it, then shut down quickly. Then if i try to run it again it says it cant find the .exe file. I'm at my wits end with this thing, can anyone please help me fix this?

Perplexus

Oct 21 2009, 12:12 PM

Hello and Welcome to Malwarebytes.

------------------
Step 1:
------------------

Download OTL by OldTimer to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

------------------
Step 2:
------------------

Download RootRepeal from one of the following locations:

Unzip it to your Desktop.

Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:
- Shadow SSDT
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

------------------
Step 3:
------------------

Please post back with the following:

OTL.txt
Extras.txt
RootRepeal.txt

Chuck Q

Oct 22 2009, 05:53 AM

Ok, neither will run with the computer running normally, so i scanned in safe mode, and even then only root repeal would work, here is the log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 01:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF7DA7000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C39000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF760D000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF8B0B000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF8003000 Size: 61440 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf85afe22

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf8590cdc

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf8590ece

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf85b0610

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf85b08c4

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf85aeb14

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf85b0d30

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf85b00e2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf8590982

==EOF==

Perplexus

Oct 22 2009, 11:15 AM

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. It can take awhile so please be patient

Chuck Q

Oct 23 2009, 05:28 AM

installed and tried to run, same result as the other 2. The window for the scan comes up but closes right away. Ran it in safe mode instead. I attached the log.

Also every time i click a link to download one of the scan programs, a small IE window opens and closes before the download box shows up, not sure if that means anything but i dont remember seeing it before.

Perplexus

Oct 23 2009, 11:16 AM

I will be out of pocket for the weekend, but if I get a chance, I'll check in.

In the future, please do not attach the logs, but post them unless instructed to do otherwise

The log you posted is not complete. The program can take very long pauses and you have to wait it out. When it's complete, it will ask you to exit the DOS window and the log should have "Finished" at the bottom.

Please run it again.

Chuck Q

Oct 24 2009, 05:45 AM

My bad, heres the complete one:

Running from: C:\Documents and Settings\Kellies.KELLIE\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Kellies.KELLIE\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB902400\KB902400

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB913580\KB913580

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Indices\Indices

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85ea9e216393783c9ef11731dd1cea2d\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9540cfdb30eb58666192ecded02fce06\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-10 08:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-10 08:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\Temp\slu19ec.tmp\slu19ec.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1f2c.tmp\slu1f2c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu22c3.tmp\slu22c3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu271e.tmp\slu271e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2b07.tmp\slu2b07.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2d31.tmp\slu2d31.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3122.tmp\slu3122.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3154.tmp\slu3154.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu316c.tmp\slu316c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu32c.tmp\slu32c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu346a.tmp\slu346a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu356b.tmp\slu356b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu375e.tmp\slu375e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3a7e.tmp\slu3a7e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3aac.tmp\slu3aac.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3b0c.tmp\slu3b0c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu402c.tmp\slu402c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu40d8.tmp\slu40d8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu40f7.tmp\slu40f7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu41b.tmp\slu41b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4377.tmp\slu4377.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu44ec.tmp\slu44ec.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu46b0.tmp\slu46b0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu47ad.tmp\slu47ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4b4d.tmp\slu4b4d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4cfc.tmp\slu4cfc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4e56.tmp\slu4e56.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu511d.tmp\slu511d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu54a1.tmp\slu54a1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu56dd.tmp\slu56dd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu57cb.tmp\slu57cb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu589a.tmp\slu589a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5995.tmp\slu5995.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5a2f.tmp\slu5a2f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5c41.tmp\slu5c41.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5cb7.tmp\slu5cb7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5ea9.tmp\slu5ea9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu62e2.tmp\slu62e2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6e5c.tmp\slu6e5c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu71e8.tmp\slu71e8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu782.tmp\slu782.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7bb7.tmp\slu7bb7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu818.tmp\slu818.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu89.tmp\slu89.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slubfb.tmp\slubfb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slucaf.tmp\slucaf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slud5.tmp\slud5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slud75.tmp\slud75.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slufe7.tmp\slufe7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

Perplexus

Oct 24 2009, 01:00 PM

------------------
Step 1:
------------------

We need to create a clean copy of the file we are going to replace.

Open notepad and copy/paste the text in the code box below into it.

CODE

@echo off
copy C:\WINDOWS\system32\logevent.dll c:\eventlog.dll
Exit

Click File > Save As... and in the dropdown box for Save as type select All Files
Then in the File name box type copy.bat and hit Save

This will create a batch file name copy.bat on your desktop.

Double click copy.bat to run it. You may see a black box appear, this is normal.

------------------
Step 2:
------------------

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

CODE

Files to move:
c:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

------------------
Step 3:
------------------

Click on Start->Run, and copy-paste the following command into the "Open:" box, and click OK.

CODE

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

------------------
Step 4:
------------------

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

------------------
Step 5:
------------------

Please post back with the following:

How your machine is running
c:\avenger.txt
Win32kDiag.txt
C:\ComboFix.txt

Perplexus

Oct 26 2009, 01:41 PM

How did that go? Still need assistance?

Chuck Q

Oct 27 2009, 05:52 AM

avenger.txt:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Chuck Q

Oct 27 2009, 06:41 AM

Running from: C:\Documents and Settings\Kellies.KELLIE\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Kellies.KELLIE\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB902400\KB902400

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB902400\KB902400

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Found mount point : C:\WINDOWS\$hf_mig$\KB913580\KB913580

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB913580\KB913580

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Options\CABS\CABS

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Options\Install\Install

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\Indices\Indices

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Indices\Indices

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85ea9e216393783c9ef11731dd1cea2d\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85ea9e216393783c9ef11731dd1cea2d\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9540cfdb30eb58666192ecded02fce06\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9540cfdb30eb58666192ecded02fce06\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\critical_warning.html

Attempting to restore permissions of : C:\WINDOWS\system32\critical_warning.html

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe

Found mount point : C:\WINDOWS\Temp\slu19ec.tmp\slu19ec.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu19ec.tmp\slu19ec.tmp

Found mount point : C:\WINDOWS\Temp\slu1f2c.tmp\slu1f2c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1f2c.tmp\slu1f2c.tmp

Found mount point : C:\WINDOWS\Temp\slu22c3.tmp\slu22c3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu22c3.tmp\slu22c3.tmp

Found mount point : C:\WINDOWS\Temp\slu271e.tmp\slu271e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu271e.tmp\slu271e.tmp

Found mount point : C:\WINDOWS\Temp\slu2b07.tmp\slu2b07.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2b07.tmp\slu2b07.tmp

Found mount point : C:\WINDOWS\Temp\slu2d31.tmp\slu2d31.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2d31.tmp\slu2d31.tmp

Found mount point : C:\WINDOWS\Temp\slu3122.tmp\slu3122.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3122.tmp\slu3122.tmp

Found mount point : C:\WINDOWS\Temp\slu3154.tmp\slu3154.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3154.tmp\slu3154.tmp

Found mount point : C:\WINDOWS\Temp\slu316c.tmp\slu316c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu316c.tmp\slu316c.tmp

Found mount point : C:\WINDOWS\Temp\slu32c.tmp\slu32c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu32c.tmp\slu32c.tmp

Found mount point : C:\WINDOWS\Temp\slu346a.tmp\slu346a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu346a.tmp\slu346a.tmp

Found mount point : C:\WINDOWS\Temp\slu356b.tmp\slu356b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu356b.tmp\slu356b.tmp

Found mount point : C:\WINDOWS\Temp\slu375e.tmp\slu375e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu375e.tmp\slu375e.tmp

Found mount point : C:\WINDOWS\Temp\slu3a7e.tmp\slu3a7e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3a7e.tmp\slu3a7e.tmp

Found mount point : C:\WINDOWS\Temp\slu3aac.tmp\slu3aac.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3aac.tmp\slu3aac.tmp

Found mount point : C:\WINDOWS\Temp\slu3b0c.tmp\slu3b0c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3b0c.tmp\slu3b0c.tmp

Found mount point : C:\WINDOWS\Temp\slu402c.tmp\slu402c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu402c.tmp\slu402c.tmp

Found mount point : C:\WINDOWS\Temp\slu40d8.tmp\slu40d8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu40d8.tmp\slu40d8.tmp

Found mount point : C:\WINDOWS\Temp\slu40f7.tmp\slu40f7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu40f7.tmp\slu40f7.tmp

Found mount point : C:\WINDOWS\Temp\slu41b.tmp\slu41b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu41b.tmp\slu41b.tmp

Found mount point : C:\WINDOWS\Temp\slu4377.tmp\slu4377.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4377.tmp\slu4377.tmp

Found mount point : C:\WINDOWS\Temp\slu44ec.tmp\slu44ec.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu44ec.tmp\slu44ec.tmp

Found mount point : C:\WINDOWS\Temp\slu46b0.tmp\slu46b0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu46b0.tmp\slu46b0.tmp

Found mount point : C:\WINDOWS\Temp\slu47ad.tmp\slu47ad.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu47ad.tmp\slu47ad.tmp

Found mount point : C:\WINDOWS\Temp\slu4b4d.tmp\slu4b4d.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4b4d.tmp\slu4b4d.tmp

Found mount point : C:\WINDOWS\Temp\slu4cfc.tmp\slu4cfc.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4cfc.tmp\slu4cfc.tmp

Found mount point : C:\WINDOWS\Temp\slu4e56.tmp\slu4e56.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4e56.tmp\slu4e56.tmp

Found mount point : C:\WINDOWS\Temp\slu511d.tmp\slu511d.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu511d.tmp\slu511d.tmp

Found mount point : C:\WINDOWS\Temp\slu54a1.tmp\slu54a1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu54a1.tmp\slu54a1.tmp

Found mount point : C:\WINDOWS\Temp\slu56dd.tmp\slu56dd.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu56dd.tmp\slu56dd.tmp

Found mount point : C:\WINDOWS\Temp\slu57cb.tmp\slu57cb.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu57cb.tmp\slu57cb.tmp

Found mount point : C:\WINDOWS\Temp\slu589a.tmp\slu589a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu589a.tmp\slu589a.tmp

Found mount point : C:\WINDOWS\Temp\slu5995.tmp\slu5995.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5995.tmp\slu5995.tmp

Found mount point : C:\WINDOWS\Temp\slu5a2f.tmp\slu5a2f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5a2f.tmp\slu5a2f.tmp

Found mount point : C:\WINDOWS\Temp\slu5c41.tmp\slu5c41.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5c41.tmp\slu5c41.tmp

Found mount point : C:\WINDOWS\Temp\slu5cb7.tmp\slu5cb7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5cb7.tmp\slu5cb7.tmp

Found mount point : C:\WINDOWS\Temp\slu5ea9.tmp\slu5ea9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5ea9.tmp\slu5ea9.tmp

Found mount point : C:\WINDOWS\Temp\slu62e2.tmp\slu62e2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu62e2.tmp\slu62e2.tmp

Found mount point : C:\WINDOWS\Temp\slu6e5c.tmp\slu6e5c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6e5c.tmp\slu6e5c.tmp

Found mount point : C:\WINDOWS\Temp\slu71e8.tmp\slu71e8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu71e8.tmp\slu71e8.tmp

Found mount point : C:\WINDOWS\Temp\slu782.tmp\slu782.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu782.tmp\slu782.tmp

Found mount point : C:\WINDOWS\Temp\slu7bb7.tmp\slu7bb7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7bb7.tmp\slu7bb7.tmp

Found mount point : C:\WINDOWS\Temp\slu818.tmp\slu818.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu818.tmp\slu818.tmp

Found mount point : C:\WINDOWS\Temp\slu89.tmp\slu89.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu89.tmp\slu89.tmp

Found mount point : C:\WINDOWS\Temp\slubfb.tmp\slubfb.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slubfb.tmp\slubfb.tmp

Found mount point : C:\WINDOWS\Temp\slucaf.tmp\slucaf.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slucaf.tmp\slucaf.tmp

Found mount point : C:\WINDOWS\Temp\slud5.tmp\slud5.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slud5.tmp\slud5.tmp

Found mount point : C:\WINDOWS\Temp\slud75.tmp\slud75.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slud75.tmp\slud75.tmp

Found mount point : C:\WINDOWS\Temp\slufe7.tmp\slufe7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slufe7.tmp\slufe7.tmp

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

Chuck Q

Oct 27 2009, 07:52 AM

Ok it ran fine, but now neither internet explorer or firefox will load the malwarebytes website, I'm posting from my blackberry so I can't post the logs unless I email them to myself and post them from here.

Everything else seems to be running just fine though!

Chuck Q

Oct 27 2009, 07:53 AM

well ignore my last post, seems to be loading just fine now on my computer. The machine seems to be running just fine. heres the log from combofix:

ComboFix 09-10-26.03 - Kellies 10/27/2009 3:05.1.1 - NTFSx86 NETWORK
Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\csrss.exe
c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\services.exe
c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\svchost.exe
c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\47447531
c:\documents and settings\All Users\Application Data\47447531\47447531.bat
c:\documents and settings\All Users\Application Data\47447531\47447531.exe
c:\documents and settings\All Users\Application Data\70847026
c:\documents and settings\All Users\Application Data\70847026\70847026.bat
c:\documents and settings\All Users\Application Data\70847026\70847026.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Kellies.KELLIE\Application Data\lizkavd.exe
c:\documents and settings\Kellies.KELLIE\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Kellies.KELLIE\Application Data\seres.exe
c:\documents and settings\Kellies.KELLIE\Application Data\svcst.exe
c:\documents and settings\Kellies.KELLIE\Desktop\Security Tool.lnk
c:\documents and settings\Kellies.KELLIE\ntuser.dll
c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Security Tool.lnk
c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.lnk
c:\recycler\S-1-5-21-3868997124-911790988-508925577-500
c:\windows\kb913800.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\svohost.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\~.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\basezafa.exe
c:\windows\system32\bdjkoi5n.dll
c:\windows\system32\buwapite.exe
c:\windows\system32\calc.dll
c:\windows\system32\config\systemprofile\ntuser.dll
c:\windows\system32\critical_warning.html
c:\windows\system32\fabokenu.exe
c:\windows\system32\himepuka.exe
c:\windows\system32\jepazeje.dll
c:\windows\system32\jogekini.exe
c:\windows\system32\jogopamo.exe
c:\windows\system32\kemituba.exe
c:\windows\system32\lehuguwe.dll
c:\windows\system32\lugatepo.dll
c:\windows\system32\luhuwuji.exe
c:\windows\system32\mivimoru.dll
c:\windows\system32\nasikaje.dll
c:\windows\system32\nezogeju.dll
c:\windows\system32\nifolije.exe
c:\windows\system32\niniyifu.dll
c:\windows\system32\nolomipu.dll
c:\windows\system32\pasaruwe.dll
c:\windows\system32\pezatehe.exe
c:\windows\system32\popiwoba.exe
c:\windows\system32\rizakoyu.exe
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\word.doc
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\tuvafuye.dll
c:\windows\system32\vobulite.exe
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\xa.tmp
c:\windows\system32\zayekofu.exe
c:\windows\Temp\2659976041.exe
c:\windows\usenecek.dll

----- BITS: Possible infected sites -----

hxxp://mastoblastobrevodo.com
hxxp://wsus.findlay.edu
c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Legacy_WDefend
-------\Service_WDefend

((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-27 06:38 . 2009-10-27 06:38 9666 ----a-w- c:\windows\icuholuracanar.dll
2009-10-27 06:29 . 2009-10-27 06:29 9668 ----a-w- c:\windows\erepijaferocohuv.dll
2009-10-27 05:47 . 2009-10-27 05:47 9666 ----a-w- c:\windows\ezicokuvomuyi.dll
2009-10-21 08:50 . 2009-10-21 08:50 -------- d-----w- C:\malwarebytes
2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro
2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap
2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT
2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca
2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes
2009-10-19 05:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 05:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 04:57 . 2009-10-27 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\09475328
2009-10-19 04:31 . 2009-10-08 15:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-19 04:31 . 2009-10-08 15:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-19 04:31 . 2009-10-08 15:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-19 04:31 . 2009-10-08 15:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-19 04:31 . 2009-10-02 18:19 1152470 ----a-w- c:\windows\UDB.zip
2009-10-19 04:31 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2009-10-19 04:30 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-19 04:30 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-19 04:30 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-19 04:30 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-19 04:30 . 2009-10-19 04:39 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-19 04:30 . 2009-10-27 06:54 -------- d-----w- c:\program files\Spyware Doctor
2009-10-19 04:30 . 2009-10-19 04:30 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\PC Tools
2009-10-19 04:30 . 2009-10-19 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471}
2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-18 08:55 . 2009-10-27 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\66857335
2009-10-18 08:54 . 2009-10-27 05:14 0 ----a-w- c:\windows\Bcune.bin
2009-10-18 08:54 . 2009-10-27 06:03 9668 ----a-w- c:\windows\Tbepujumuqoboxe.dat
2009-10-18 08:54 . 2009-10-18 08:54 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}
2009-10-18 07:59 . 2009-10-27 05:13 0 ----a-w- c:\windows\win32k.sys
2009-10-18 07:22 . 2009-10-18 12:30 58 ----a-w- c:\windows\wp4.dat
2009-10-18 07:22 . 2009-10-18 12:30 4 ----a-w- c:\windows\wp3.dat
2009-10-15 06:06 . 2004-08-10 12:00 24576 ----a-w- c:\windows\system32\stu2.exe
2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK
2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files
2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 07:16 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-15 08:33 . 2008-03-07 09:14 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire
2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin
2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-15 06:06 . 2006-02-15 14:04 68096 ----a-w- c:\windows\system32\userinit.exe
2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer
2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes
2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod
2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple
2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime
2009-09-16 07:20 . 2009-10-19 04:30 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 10:20 . 2009-10-19 04:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 06:12 . 2009-10-19 04:30 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-19 04:30 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin
2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-07-27 06:03 . 2009-07-27 06:03 53760 --sha-w- c:\windows\system32\fakubija.dll
2009-07-27 06:03 . 2009-07-27 06:03 39424 --sha-w- c:\windows\system32\gisiyojo.dll
2009-07-18 08:54 . 2009-07-18 08:54 193544 --sha-w- c:\windows\system32\kihinuga.exe
2009-07-18 08:54 . 2009-07-18 08:54 24576 --sha-w- c:\windows\system32\pojovosa.exe
2009-07-27 06:05 . 2009-07-27 06:05 53760 --sha-w- c:\windows\system32\rasawofu.dll
.

------- Sigcheck -------

[-] 2009-10-15 06:06 . 9579FD95E7EF64EF5F5BE2B3D5F95F3B . 68096 . . [------] . . c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ae46f49-6e96-49ca-9003-bd7e9bd3c2fb}]
2009-07-27 06:05 53760 --sha-w- c:\windows\system32\rasawofu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli mcamuq.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk
backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"TAPPSRV"=2 (0x2)
"Swupdtmr"=2 (0x2)
"ose"=3 (0x3)
"odClientService"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Documents and Settings\\Kellies.KELLIE\\My Documents\\My Pictures\\crap\\magic-_the_gathering\\Magic\\Manalink.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56828:TCP"= 56828:TCP:Pando Media Booster
"56828:UDP"= 56828:UDP:Pando Media Booster

R3 cdrmkaun;cdrmkaun;c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\cdrmkaun.sys [x]
R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mbr
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-10-17 c:\windows\Tasks\At1.job
- c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: connwsp.dll
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart
FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: XULRunner: {38512FCB-6B6A-4F35-A22A-FB302BA73DF5} - c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}
FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\bdjkoi5n.dll
HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
HKLM-Run-Acuzogoloputuye - c:\windows\usenecek.dll
HKLM-Run-66857335 - c:\docume~1\ALLUSE~1\APPLIC~1\66857335\66857335.exe
HKLM-Run-09475328 - c:\docume~1\ALLUSE~1\APPLIC~1\09475328\09475328.exe
HKLM-Run-70847026 - c:\documents and settings\All Users\Application Data\70847026\70847026.exe
HKLM-Run-47447531 - c:\documents and settings\All Users\Application Data\47447531\47447531.exe
HKLM-Run-serisejeh - c:\windows\system32\pasaruwe.dll
HKLM-Run-mogiluhehe - tuvafuye.dll
SharedTaskScheduler-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\bdjkoi5n.dll
SharedTaskScheduler-{4473fd11-d88c-4c6e-afe4-33477f20598b} - c:\windows\system32\pasaruwe.dll
SSODL-jadimukut-{e7496247-9478-42cc-b687-f088e3bf6407} - (no file)
SSODL-lihijaros-{4473fd11-d88c-4c6e-afe4-33477f20598b} - c:\windows\system32\pasaruwe.dll
Notify-NavLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 03:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3133354311-158489622-3555420663-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{197D85AF-AAF7-9BC1-7AC7-6813F56B2659}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaadelajlbbflpckfobkcipcdoboch"=hex:64,61,6e,6d,6e,6e,6c,6d,00,80
"oamfefabbddlfpdojmidbbdmcofnfg"=hex:6a,61,61,6e,61,6e,64,6f,70,65,69,65,66,6c,
63,69,6a,61,67,6a,00,ba
"nacfodfgcpolmmalojejkacfaiph"=hex:69,61,61,6e,67,6e,6f,65,61,69,63,6f,63,64,
62,66,63,65,00,00

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ }*2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(176)
c:\windows\system32\odyEvent.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'lsass.exe'(1736)
c:\windows\mcamuq.dll

- - - - - - - > 'explorer.exe'(156)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\ieframe.dll
c:\windows\mcamuq.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\connwsp.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\combofix\CF14879.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\CFXFER.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-27 3:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-27 07:28

Pre-Run: 11,847,905,280 bytes free
Post-Run: 11,441,602,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 948B0CBD972D7929C857DAB120891F72

Perplexus

Oct 27 2009, 12:02 PM

Hi Chuck Q,

This machine is really infected! We have quite a bit to do, so please stick with me until I give the all clear.

------------------
Step 1:
------------------

Too Many Antivirus Programs Installed

You have too many Antivirus programs installed. Antivirus programs often conflict and can cause system slowdowns, crashes, or even leave you unprotected. Select one of these to keep and remove the others:

Norton 360
Spyware Doctor with Antivirus <------- uninstall this one

.

------------------
Step 2:
------------------

P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Click > Start > Control Panel > Add or Remove Programs and uninstall the following programs (if they exist):

Limewire

------------------
Step 3:
------------------

It's very important to disable your antivirus BEFORE running ComboFix. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE

KillAll::

File::
c:\windows\icuholuracanar.dll
c:\windows\erepijaferocohuv.dll
c:\windows\ezicokuvomuyi.dll
c:\windows\Bcune.bin
c:\windows\Tbepujumuqoboxe.dat
c:\windows\win32k.sys
c:\windows\wp4.dat
c:\windows\wp3.dat
c:\windows\system32\stu2.exe
c:\windows\system32\fakubija.dll
c:\windows\system32\gisiyojo.dll
c:\windows\system32\kihinuga.exe
c:\windows\system32\pojovosa.exe
c:\windows\system32\rasawofu.dll

Folder::
c:\documents and settings\All Users\Application Data\66857335
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ae46f49-6e96-49ca-9003-bd7e9bd3c2fb}]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Documents and Settings\\Kellies.KELLIE\\My Documents\\My Pictures\\crap\\magic-_the_gathering\\Magic\\Manalink.exe"=-

RegNull::
[HKEY_USERS\S-1-5-21-3133354311-158489622-3555420663-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{197D85AF-AAF7-9BC1-7AC7-6813F56B2659}*]

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ }*2*]

Driver::
cdrmkaun

SRPeek::
C:\windows\system32\userinit.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

------------------
Step 4:
------------------

Please post back with the following:

How your machine is running
ComboFix.txt

Chuck Q

Oct 28 2009, 06:05 AM

ok folowed all the steps, everything seems to be running normally, heres the combofix log:

ComboFix 09-10-27.04 - Kellies 10/28/2009 1:43.2.1 - NTFSx86
Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kellies.KELLIE\Desktop\CFScript.txt.txt
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
* Created a new restore point

FILE ::
"c:\windows\Bcune.bin"
"c:\windows\erepijaferocohuv.dll"
"c:\windows\ezicokuvomuyi.dll"
"c:\windows\icuholuracanar.dll"
"c:\windows\system32\fakubija.dll"
"c:\windows\system32\gisiyojo.dll"
"c:\windows\system32\kihinuga.exe"
"c:\windows\system32\pojovosa.exe"
"c:\windows\system32\rasawofu.dll"
"c:\windows\system32\stu2.exe"
"c:\windows\Tbepujumuqoboxe.dat"
"c:\windows\win32k.sys"
"c:\windows\wp3.dat"
"c:\windows\wp4.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\66857335
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome.manifest
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome\content\_cfg.js
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome\content\overlay.xul
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\install.rdf
c:\windows\Bcune.bin
c:\windows\erepijaferocohuv.dll
c:\windows\ezicokuvomuyi.dll
c:\windows\icuholuracanar.dll
c:\windows\system32\fakubija.dll
c:\windows\system32\gisiyojo.dll
c:\windows\system32\kihinuga.exe
c:\windows\system32\pojovosa.exe
c:\windows\system32\rasawofu.dll
c:\windows\system32\stu2.exe
c:\windows\system32\zelosubo.dll
c:\windows\Tbepujumuqoboxe.dat
c:\windows\win32k.sys
c:\windows\wp3.dat
c:\windows\wp4.dat

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDRMKAUN
-------\Service_cdrmkaun

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-27 08:02 . 2009-10-27 08:02 9668 ----a-w- c:\windows\eziguzeyaw.dll
2009-10-27 07:41 . 2009-10-27 07:41 9668 ----a-w- c:\windows\unisiyuwamox.dll
2009-10-27 07:27 . 2009-10-27 07:27 9667 ----a-w- c:\windows\oyiderir.dll
2009-10-27 07:19 . 2009-10-27 07:19 9668 ----a-w- c:\windows\iricudez.dll
2009-10-21 08:50 . 2009-10-27 08:09 -------- d-----w- C:\malwarebytes
2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro
2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap
2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT
2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca
2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes
2009-10-19 05:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 05:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 04:57 . 2009-10-27 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\09475328
2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471}
2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK
2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files
2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 08:32 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-15 08:33 . 2008-03-07 09:14 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire
2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin
2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-15 06:06 . 2006-02-15 14:04 68096 ----a-w- c:\windows\system32\userinit.exe
2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer
2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes
2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod
2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple
2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime
2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin
2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-07-28 05:08 . 2009-07-28 05:08 39424 --sha-w- c:\windows\system32\kanerihe.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2009-10-15 06:06 . 9579FD95E7EF64EF5F5BE2B3D5F95F3B . 68096 . . [------] . . c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-27_07.17.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-28 05:54 . 2009-10-28 05:54 16384 c:\windows\temp\Perflib_Perfdata_674.dat
+ 2006-02-15 15:41 . 2009-10-27 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2009-10-27 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-27 07:39 . 2009-10-27 08:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072]
"serisejeh"="c:\windows\system32\zelosubo.dll" [BU]
"Acuzogoloputuye"="c:\windows\ipaboxebodamu.dll" [2007-03-08 173056]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"CFSServ.exe"="CFSServ.exe" [BU]
"mogiluhehe"="tuvafuye.dll" [BU]

c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli mcamuq.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk
backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"TAPPSRV"=2 (0x2)
"Swupdtmr"=2 (0x2)
"ose"=3 (0x3)
"odClientService"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56828:TCP"= 56828:TCP:Pando Media Booster
"56828:UDP"= 56828:UDP:Pando Media Booster

R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208]
S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-10-17 c:\windows\Tasks\At1.job
- c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: connwsp.dll
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471}
FF - HiddenExtension: XULRunner: {6550F1D5-A52F-46D8-828A-13D59CF98945} - c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{05011fec-9346-4627-9894-632980b0428c} - c:\windows\system32\zelosubo.dll
SSODL-figofusun-{05011fec-9346-4627-9894-632980b0428c} - c:\windows\system32\zelosubo.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 01:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ }*2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1904)
c:\windows\system32\odyEvent.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'lsass.exe'(1436)
c:\windows\mcamuq.dll

- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\ieframe.dll
c:\windows\mcamuq.dll
c:\windows\ipaboxebodamu.dll
c:\windows\system32\msi.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\connwsp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\combofix\CF11094.exe
c:\windows\system32\dllhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\eHome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFXFER.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 2:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 06:03
ComboFix2.txt 2009-10-27 07:28

Pre-Run: 11,594,293,248 bytes free
Post-Run: 11,569,471,488 bytes free

- - End Of File - - 9EE0BCB1DE62593D70B30AFE3F09BD61

Perplexus

Oct 28 2009, 11:37 AM

Ok, we have a really persistent one here. I want to run some different scans. We will also need to update your Windows to SP3 so that it will replace the bad userinit.exe file.

------------------
Step 1:
------------------

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Note: It is a good idea to run TFC to clear out all your temp files every now and again. This helps to keep your computer running more efficiently. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

------------------
Step 2:
------------------

Uninstall Malwarebyes and let's get a fresh copy.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

------------------
Step 3:
------------------

Download and install SP3 from here:

http://www.softwarepatch.com/windows/windo...ice-pack-3.html

------------------
Step 4:
------------------

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

------------------
Step 5:
------------------

Please post back with the following:

How your machine is running
MBAM log
OTL.txt
Extras.txt

Chuck Q

Oct 29 2009, 05:40 AM

Ok I did step one, worked fine. Installed new malwarebytes, scanned and hit remove. It said one item couldn't be removed and would be removed on restart, I hit ok and it rebooted the machine, now when windows starts its just a blank background image, no taskbar, no start menu, no icons, nothing. I don't know how to bring it back. I can open the task manager but that's all, I'm posting from my blackberry

Chuck Q

Oct 29 2009, 06:34 AM

nevermind, googled it and found out i had to open task manager and start explorer.exe, continuing with the rest of the steps now

Chuck Q

Oct 29 2009, 07:28 AM

ok installed the service pack, everything seems to be working fine.

I cant post the malware log, when the computer rebooted and the explorer.exe wasnt running it never showed up, is it saved somewhere that i can find it?

when i try to download OTL a window pops up and says i cant copy it, access is denied. And to make sure th disc isnt full or write protected, and that its not currently in use.

Perplexus

Oct 29 2009, 11:24 AM

Sorry about your troubles! I'm glad you got it back up though. The MBAM log should be available by starting Malwarebytes and selecting the Logs tab. If it's not there, we'll re-run it a little later. I'm not sure what's going on with OTL at the moment, but make sure you deleted any version of OTL you have already before trying the download.

Are you able to reboot ok now?

Let's go ahead and get another ComboFix run as I want to see what changed after the steps you completed. Just double-click ComboFix.exe and post back the log.

Chuck Q

Nov 2 2009, 04:35 AM

ok sorry i was out of town thed past few days away from the computer. I tried to delete the OTL file, but it said i dont have appropriate permission to access it.

Chuck Q

Nov 2 2009, 04:36 AM

heresthe MBAM log file:

Malwarebytes' Anti-Malware 1.41
Database version: 3051
Windows 5.1.2600 Service Pack 2

10/29/2009 1:25:10 AM
mbam-log-2009-10-29 (01-25-10).txt

Scan type: Quick Scan
Objects scanned: 115939
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\serisejeh (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mogiluhehe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mcamuq.dll -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\09475328 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\mcamuq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kanerihe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\Systemprofile\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Chuck Q

Nov 2 2009, 05:10 AM

I tried to copy/paste the comboxfix log, but it was too long, so i attached it instead

Perplexus

Nov 2 2009, 04:32 PM

I think we're making progress!

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE

KillAll::

File::
c:\windows\Bcune.bin
c:\windows\Tbepujumuqoboxe.dat
c:\windows\eziguzeyaw.dll
c:\windows\unisiyuwamox.dll
c:\windows\oyiderir.dll
c:\windows\iricudez.dll

Folder::
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Chuck Q

Nov 3 2009, 06:52 AM

combofix log:

ComboFix 09-10-30.01 - Kellies 11/03/2009 1:27.4.1 - NTFSx86
Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kellies.KELLIE\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
* Created a new restore point

FILE ::
"c:\windows\Bcune.bin"
"c:\windows\eziguzeyaw.dll"
"c:\windows\iricudez.dll"
"c:\windows\oyiderir.dll"
"c:\windows\Tbepujumuqoboxe.dat"
"c:\windows\unisiyuwamox.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\downloads.dat
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\filters.props
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\gnutella.net
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\installation.props
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\library.dat
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\library5.dat
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\limewire.props
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mojito.props
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\0E6B8B2Ad01
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\480E3FA7d01
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\75B8DBA3d01
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\questions.props
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\responses.cache
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\simpp.xml
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\spam.dat
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\tables.props
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\version.xml
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\versions.props
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome.manifest
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome\content\_cfg.js
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome\content\overlay.xul
c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\install.rdf
c:\windows\Bcune.bin
c:\windows\eziguzeyaw.dll
c:\windows\iricudez.dll
c:\windows\oyiderir.dll
c:\windows\Tbepujumuqoboxe.dat
c:\windows\unisiyuwamox.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-03 06:26 . 2008-04-14 04:10 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-03 06:26 . 2008-04-14 04:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-03 06:26 . 2005-01-12 08:05 204160 ----a-w- c:\windows\system32\drivers\KR10N.sys
2009-10-29 07:04 . 2008-04-14 09:42 32866 ------w- c:\windows\slrundll.exe
2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\scripting
2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\l2schemas
2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\en
2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\bits
2009-10-29 06:59 . 2009-10-29 07:05 -------- d-----w- c:\windows\ServicePackFiles
2009-10-29 05:18 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 05:18 . 2009-10-29 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 05:18 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro
2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap
2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT
2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca
2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes
2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471}
2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK
2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files
2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 08:32 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin
2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer
2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes
2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod
2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple
2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime
2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin
2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-02_04.55.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-03 06:40 . 2009-11-03 06:40 16384 c:\windows\temp\Perflib_Perfdata_7d4.dat
+ 2006-02-15 14:03 . 2009-11-02 04:59 72042 c:\windows\system32\perfc009.dat
- 2006-02-15 14:03 . 2009-10-29 07:20 72042 c:\windows\system32\perfc009.dat
+ 2006-02-15 14:03 . 2009-11-02 04:59 441174 c:\windows\system32\perfh009.dat
- 2006-02-15 14:03 . 2009-10-29 07:20 441174 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072]
"Acuzogoloputuye"="c:\windows\ipaboxebodamu.dll" [BU]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk
backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"TAPPSRV"=2 (0x2)
"Swupdtmr"=2 (0x2)
"ose"=3 (0x3)
"odClientService"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56828:TCP"= 56828:TCP:Pando Media Booster
"56828:UDP"= 56828:UDP:Pando Media Booster

R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208]
S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-10-17 c:\windows\Tasks\At1.job
- c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: connwsp.dll
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 01:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sdcplh.sys atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0xF86E8000 0x17900 bytes

\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xF86F2712 != 0xF89B7A7C sdcplh.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xF86EE852 != 0xF89B76F8 sdcplh.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ }*2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1684)
c:\windows\system32\odyEvent.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\eHome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFXFER.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-03 1:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-03 06:49
ComboFix2.txt 2009-11-02 05:04
ComboFix3.txt 2009-10-28 06:03
ComboFix4.txt 2009-10-27 07:28

Pre-Run: 9,535,770,624 bytes free
Post-Run: 9,571,651,584 bytes free

- - End Of File - - E9C687F13CE32881A081CF75B9B00DB3

Perplexus

Nov 3 2009, 12:22 PM

It's looking alot better!

I still want to get a couple more scans to check on some things and check for orphans. Be sure and to disable all real-time protection before doing Step 5 as it will speed things up. (It's a slow scan to start with).

------------------
Step 1:
------------------

For applications that don't want to run please do the following:

Download this file to your desktop.

Drag each of the exe files that you are unable to run onto Inherit.exe. (Do this for OTL.exe)

Then wait for it to say "OK".

------------------
Step 2:
------------------

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

------------------
Step 3:
------------------

Run Malwarebytes' Anti-Malware

Select the Update tab and then click Check for Updates.
If an update is found, it will download and install the latest version.
Once the program has loaded, select the Scanner tab and "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

------------------
Step 4:
------------------

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

------------------
Step 5:
------------------

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

------------------
Step 6:
------------------

Please post back with the following:

How your machine is running
OTL.txt
Extras.txt
fresh MBAM log
KasReport.txt

Chuck Q

Nov 4 2009, 06:33 AM

OTL logfile created on: 11/4/2009 1:19:17 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Kellies.KELLIE\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.98 Mb Total Physical Memory | 198.39 Mb Available Physical Memory | 39.52% Memory free
1.20 Gb Paging File | 0.97 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 9.11 Gb Free Space | 9.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: quinnk
Current User Name: Kellies
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kellies.KELLIE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kellies.KELLIE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (odClientService) -- C:\Program Files\Funk Software\Odyssey Client\odClientService.exe (Funk Software, Inc.)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPH11) -- C:\WINDOWS\system32\hphipm11.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090729.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090729.005\NAVENG.SYS (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090722.001\SymIDSco.sys (Symantec Corporation)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (X4HSX32) -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys (Exent Technologies Ltd.)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (odFips) -- C:\WINDOWS\system32\drivers\odFips.sys (Funk Software, Inc.)
DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - (SAMFILT) -- C:\WINDOWS\system32\drivers\samfilt.sys (Dolphin, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (Eacfilt) -- C:\WINDOWS\system32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys ()
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Dot4 HPH11) -- C:\WINDOWS\system32\drivers\hphid411.sys (HP)
DRV - (Dot4Usb HPH11) -- C:\WINDOWS\system32\drivers\hphius11.sys (HP)
DRV - (Dot4Print HPH11) -- C:\WINDOWS\system32\drivers\hphipr11.sys (HP)
DRV - (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (MASPINT) -- C:\WINDOWS\system32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.toshibadirect.com/dpdstart"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/09 01:09:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}: C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}
FF - HKLM\software\mozilla\Firefox\extensions\\{E363803E-0D71-400E-8024-591C38995471}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} [2009/10/18 22:56:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6550F1D5-A52F-46D8-828A-13D59CF98945}: C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Components: C:\PROGRA~1\MOZILL~1\components\ [2009/09/18 20:48:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Plugins: C:\PROGRA~1\MOZILL~1\plugins\ [2009/09/18 20:48:51 | 00,000,000 | ---D | M]

[2009/03/09 01:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Mozilla\Extensions
[2009/03/09 01:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2006/08/25 13:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\extensions
[2009/10/27 02:43:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/26 16:14:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/08 22:09:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/09 01:11:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2007/06/26 16:14:56 | 00,061,038 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/06/26 16:14:56 | 00,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/06/26 16:14:56 | 00,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2009/03/09 01:09:04 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/06/26 16:14:59 | 00,017,032 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/15 01:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/07/15 00:39:39 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006/11/08 13:06:07 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/09/18 20:48:50 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/18 20:48:50 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/18 20:48:50 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/18 20:48:50 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/18 20:48:50 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/18 20:48:51 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/18 20:48:51 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/11/08 13:06:30 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2006/11/08 13:05:59 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2006/11/13 12:05:40 | 00,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2006/11/13 12:05:40 | 00,000,741 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2006/11/13 12:05:40 | 00,001,150 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.png
[2006/11/13 12:05:40 | 00,000,539 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.src
[2006/11/13 12:05:40 | 00,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2006/11/13 12:05:40 | 00,001,007 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2006/11/13 12:05:40 | 00,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2006/11/13 12:05:40 | 00,001,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2006/11/13 12:05:40 | 00,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2006/11/13 12:05:40 | 00,000,718 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2006/11/13 12:05:40 | 00,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2006/11/13 12:05:40 | 00,001,122 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [Acuzogoloputuye] C:\WINDOWS\ipaboxebodamu.DLL File not found
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\agrsmmsg.exe (Agere Systems)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Kellies.KELLIE\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Funk Software, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 10:38:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/15 10:38:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/03 01:38:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/03 01:26:55 | 00,204,160 | ---- | C] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\drivers\KR10N.sys
[2009/11/03 01:26:55 | 00,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/11/03 01:26:55 | 00,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/10/29 02:15:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/29 02:05:48 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/10/29 02:05:48 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/10/29 02:05:26 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/10/29 02:05:25 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/10/29 02:05:25 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/10/29 02:05:18 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/10/29 02:05:18 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/10/29 02:05:18 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/10/29 02:05:18 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/10/29 02:05:18 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/10/29 02:05:17 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/10/29 02:05:17 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/10/29 02:05:17 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/10/29 02:05:17 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/10/29 02:05:17 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/10/29 02:05:17 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/10/29 02:05:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/10/29 02:05:16 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/10/29 02:05:15 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/10/29 02:05:15 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/10/29 02:05:15 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/10/29 02:05:15 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/10/29 02:05:15 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/10/29 02:05:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/10/29 02:05:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/10/29 02:05:15 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/10/29 02:05:15 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/10/29 02:05:15 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/10/29 02:05:14 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/10/29 02:05:14 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/10/29 02:05:14 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/10/29 02:05:14 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/10/29 02:05:14 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/10/29 02:05:14 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/10/29 02:05:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/10/29 02:05:14 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/10/29 02:05:12 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/10/29 02:05:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/10/29 02:05:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/10/29 02:05:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/10/29 02:05:09 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/10/29 02:05:09 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/10/29 02:05:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/10/29 02:05:08 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/10/29 02:05:08 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/10/29 02:05:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/10/29 02:05:08 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2009/10/29 02:05:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/10/29 02:05:07 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/10/29 02:05:07 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/10/29 02:05:07 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/10/29 02:05:06 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/10/29 02:05:06 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/10/29 02:05:06 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/10/29 02:05:06 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/10/29 02:05:05 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/10/29 02:05:04 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/10/29 02:05:04 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/10/29 02:05:04 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/10/29 02:05:04 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/10/29 02:05:04 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/10/29 02:05:04 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/10/29 02:05:04 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/10/29 02:05:03 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/10/29 02:05:03 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/10/29 02:05:03 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/10/29 02:05:03 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/10/29 02:05:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/10/29 02:05:03 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/10/29 02:05:03 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/10/29 02:05:03 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/10/29 02:05:00 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/10/29 02:04:58 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2009/10/29 02:04:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/29 02:04:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/10/29 02:04:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/29 02:04:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/10/29 01:59:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/10/29 01:55:12 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/10/29 01:55:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/10/29 01:55:11 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/10/29 01:55:11 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/10/29 01:55:11 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2009/10/29 01:55:11 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/10/29 01:55:11 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/10/29 01:55:11 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/10/29 01:55:11 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/10/29 01:55:11 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/10/29 01:55:11 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/10/29 01:55:11 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/10/29 01:55:11 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/10/29 01:55:11 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/10/29 01:55:10 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/10/29 01:55:10 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/10/29 01:55:10 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/10/29 01:55:10 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/10/29 01:55:10 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/10/29 01:55:10 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/10/29 01:55:10 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/10/29 01:55:10 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/10/29 01:55:10 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/10/29 01:55:09 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/10/29 01:55:09 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/10/29 01:55:09 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/10/29 01:55:09 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/10/29 01:55:09 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/10/29 01:55:09 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/10/29 01:55:09 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/10/29 01:55:09 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/10/29 01:55:09 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/10/29 01:55:09 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/10/29 01:55:09 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/10/29 01:55:08 | 00,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/10/29 01:55:08 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/10/29 01:55:08 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/10/29 01:55:08 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/10/29 01:55:08 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/10/29 01:55:08 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/10/29 01:55:08 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/10/29 01:55:08 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/10/29 01:55:08 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/10/29 01:55:07 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/10/29 01:55:07 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/10/29 01:55:07 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/10/29 01:55:07 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/10/29 01:55:07 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/10/29 01:55:06 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/10/29 01:55:06 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/10/29 01:55:06 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/10/29 01:55:05 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/10/29 01:55:05 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/10/29 01:55:05 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/10/29 01:55:04 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/10/29 01:55:04 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/10/29 01:55:04 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/10/29 01:55:04 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/10/29 01:55:04 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/10/29 01:55:04 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/10/29 01:55:04 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/10/29 01:55:03 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/10/29 01:55:03 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/10/29 01:55:03 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2009/10/29 01:55:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/10/29 01:55:03 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/10/29 01:55:02 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/10/29 01:55:02 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/10/29 01:55:02 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/10/29 01:55:02 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/10/29 01:55:02 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/10/29 01:55:02 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/10/29 01:55:01 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/10/29 01:55:01 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/10/29 01:55:01 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/10/29 01:55:01 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/10/29 01:55:01 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/10/29 01:55:01 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/10/29 01:55:01 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/10/29 01:55:00 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/10/29 01:55:00 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/10/29 01:47:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/10/29 01:38:09 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe
[2009/10/29 00:18:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/29 00:18:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/29 00:18:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/29 00:11:20 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\TFC.exe
[2009/10/28 00:41:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/27 02:03:01 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/27 01:57:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/27 01:57:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/27 01:57:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/27 01:42:40 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/27 00:39:19 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/10/27 00:34:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kellies.KELLIE\Desktop\avenger
[2009/10/22 00:33:30 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\RootRepeal.exe
[2009/10/22 00:23:56 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\OTL.exe
[2009/10/21 03:12:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/21 02:07:19 | 00,000,000 | ---D | C] -- C:\malwarecrap
[2009/10/21 01:10:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/21 01:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/20 01:09:45 | 00,000,000 | ---D | C] -- C:\6e5d4cfe5733aeda209e6bdb61f3ca
[2009/10/20 01:04:27 | 09,092,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\windows-kb890830-v3.0.exe
[2009/10/19 00:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Malwarebytes
[2009/10/19 00:09:03 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\mbam-setup.exe
[2009/10/19 00:07:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/18 23:28:45 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/10/18 23:20:54 | 34,102,304 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\sdasetup_aff.exe
[2009/10/18 07:14:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/14 08:42:29 | 00,000,000 | ---D | C] -- C:\Program Files\BBSAK
[2009/10/14 06:24:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/10/14 06:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/14 00:17:31 | 00,000,000 | ---D | C] -- C:\Program Files\Magic Workstation
[2006/02/15 11:25:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/04 01:15:47 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\OTL.exe
[2009/11/04 01:15:10 | 00,085,504 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\Inherit.exe
[2009/11/03 09:51:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/03 09:51:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 09:51:08 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/03 01:41:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/03 01:41:11 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/03 01:40:17 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Kellies.KELLIE\NTUSER.DAT
[2009/11/03 01:40:03 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Kellies.KELLIE\ntuser.ini
[2009/11/01 23:59:37 | 00,522,264 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 23:59:37 | 00,441,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 23:59:37 | 00,072,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 23:54:18 | 00,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/01 23:38:16 | 03,430,299 | R--- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\ComboFix.exe
[2009/10/29 02:15:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/29 01:54:26 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/10/29 01:39:57 | 33,180,5736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe
[2009/10/29 00:18:55 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/29 00:18:19 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\mbam-setup.exe
[2009/10/29 00:11:20 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\TFC.exe
[2009/10/28 00:42:51 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jinowavu
[2009/10/27 02:03:13 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/10/27 00:33:55 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\avenger.zip
[2009/10/27 00:32:55 | 00,000,070 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\copy.bat
[2009/10/27 00:28:05 | 00,000,070 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\My Documents\copy.bat
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/23 00:21:14 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\Win32kDiag.exe
[2009/10/22 00:32:50 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\RootRepeal.zip
[2009/10/21 03:23:33 | 00,001,754 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\HijackThis.lnk
[2009/10/21 01:30:32 | 00,000,596 | RHS- | M] () -- C:\Documents and Settings\Kellies.KELLIE\ntuser.pol
[2009/10/21 01:30:09 | 00,000,416 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/10/20 19:08:06 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\iTunes.lnk
[2009/10/20 01:44:45 | 00,000,075 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\FixExe.reg
[2009/10/20 01:06:39 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2009/10/20 01:04:29 | 09,092,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\windows-kb890830-v3.0.exe
[2009/10/19 00:34:36 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\IconCache.db
[2009/10/19 00:31:03 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/18 23:20:59 | 34,102,304 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Kellies.KELLIE\Desktop\sdasetup_aff.exe
[2009/10/18 07:26:13 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 07:01:33 | 00,000,109 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\fixtm.reg
[2009/10/18 02:22:09 | 00,000,097 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/17 00:11:05 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/10/16 14:10:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/15 02:44:07 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/10/15 01:34:46 | 00,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BBSAK.lnk
[2009/10/14 06:45:20 | 00,919,914 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\My Documents\LoaderBackup-(2009-10-14).ipd
[2009/10/14 06:25:03 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/10/14 00:17:33 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\Magic Workstation.lnk
[2009/10/14 00:17:33 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\MWS Online Play.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/04 01:15:10 | 00,085,504 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\Inherit.exe
[2009/10/29 01:55:08 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/10/29 01:55:07 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/10/29 01:55:04 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/10/29 01:30:34 | 52,643,8400 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/29 00:18:55 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 02:03:13 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/10/27 02:03:06 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/27 01:57:32 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/27 01:57:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/27 01:57:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/27 01:57:32 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/27 01:57:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/27 01:42:07 | 03,430,299 | R--- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\ComboFix.exe
[2009/10/27 00:33:50 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\avenger.zip
[2009/10/27 00:32:54 | 00,000,070 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\copy.bat
[2009/10/27 00:28:04 | 00,000,070 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\My Documents\copy.bat
[2009/10/23 00:20:30 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\Win32kDiag.exe
[2009/10/22 00:32:46 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\RootRepeal.zip
[2009/10/21 03:12:30 | 00,001,754 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\HijackThis.lnk
[2009/10/21 00:49:33 | 00,000,416 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/10/20 01:44:43 | 00,000,075 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\FixExe.reg
[2009/10/20 01:41:59 | 00,000,596 | RHS- | C] () -- C:\Documents and Settings\Kellies.KELLIE\ntuser.pol
[2009/10/20 01:06:39 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2009/10/18 07:01:21 | 00,000,109 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\fixtm.reg
[2009/10/18 02:22:09 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/14 08:42:30 | 00,002,201 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BBSAK.lnk
[2009/10/14 06:45:20 | 00,919,914 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\My Documents\LoaderBackup-(2009-10-14).ipd
[2009/10/14 06:25:03 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/10/14 00:17:33 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\Magic Workstation.lnk
[2009/10/14 00:17:33 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Desktop\MWS Online Play.lnk
[2009/08/26 04:31:42 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/26 04:31:42 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/24 04:28:15 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Application Data\winscp.rnd
[2009/02/25 03:07:54 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2008/10/09 14:10:00 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2008/08/01 03:21:56 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Application Data\F4CD61
[2008/08/01 03:21:55 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Application Data\mcs.rma
[2007/09/03 09:24:26 | 00,002,238 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Application Data\wklnhst.dat
[2007/01/06 12:00:10 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2007/01/06 11:48:21 | 00,000,029 | ---- | C] () -- C:\WINDOWS\TSMLite.ini
[2006/12/22 15:42:59 | 03,184,656 | -H-- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\IconCache.db
[2006/11/20 23:42:35 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/11/08 13:13:02 | 00,034,370 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/25 13:47:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/08/25 13:16:07 | 00,000,070 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/08/24 08:07:26 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/08/24 08:07:25 | 00,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/08/20 12:53:23 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/08/20 12:43:55 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/20 12:40:32 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/16 09:13:34 | 01,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2006/08/14 11:51:35 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/08/08 09:58:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Application Data\desktop.ini
[2006/08/08 09:58:04 | 00,034,288 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/08/08 09:58:04 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Kellies.KELLIE\Local Settings\Application Data\fusioncache.dat
[2006/07/02 21:37:12 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/07/02 21:37:10 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/05 22:40:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/24 14:58:04 | 00,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\odFIPS.sys.icv
[2006/04/19 19:21:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/19 19:21:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/24 23:28:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 10:07:58 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 04:50:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 04:25:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 04:25:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 04:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 04:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 04:25:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 04:25:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 11:41:53 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 11:41:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 11:40:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 11:28:50 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 11:28:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 11:28:50 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 11:28:50 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 11:25:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 11:21:53 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 10:44:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 10:34:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 09:09:00 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/15 09:04:21 | 00,000,689 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/15 09:04:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/02/15 02:30:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/11/28 23:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 17:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 00:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/20 14:09:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll

========== LOP Check ==========

[2007/01/06 12:00:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/02/17 04:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/04/24 02:04:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/06/16 04:48:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2009/08/26 04:32:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPodtoComputer
[2009/07/15 00:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/10/27 03:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/15 22:44:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/26 04:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2006/12/12 21:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2008/10/08 18:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/18 20:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/23 02:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/09/14 22:22:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Aim
[2009/02/18 15:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Any Video Converter Professional
[2009/07/15 01:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Atari
[2009/01/25 14:36:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Canon
[2009/08/26 04:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\CopyTrans
[2009/08/26 04:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\CopyTransDoctor
[2006/08/24 08:10:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\FUJIFILM
[2006/08/25 13:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Funk Software
[2007/02/22 19:14:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\InterVideo
[2006/08/14 11:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Leadertech
[2009/08/01 19:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\NetMedia Providers
[2009/02/25 03:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Plazmic
[2009/08/01 19:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Publish Providers
[2009/02/24 01:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Research In Motion
[2009/08/01 20:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Sony
[2007/09/15 11:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Template
[2007/05/19 00:40:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\toshiba
[2007/01/11 19:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Viewpoint
[2009/08/26 04:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\WindSolutions
[2009/06/25 02:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kellies.KELLIE\Application Data\Wizards of the Coast
[2009/10/17 00:11:05 | 00,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/03 09:51:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/10 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/10 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/10 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >
[2004/08/10 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\logevent.dll

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 01:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >

Chuck Q

Nov 4 2009, 06:34 AM

OTL Extras logfile created on: 11/4/2009 1:19:17 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Kellies.KELLIE\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.98 Mb Total Physical Memory | 198.39 Mb Available Physical Memory | 39.52% Memory free
1.20 Gb Paging File | 0.97 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 9.11 Gb Free Space | 9.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: quinnk
Current User Name: Kellies
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56828:TCP" = 56828:TCP:*:Enabled:Pando Media Booster
"56828:UDP" = 56828:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"56828:TCP" = 56828:TCP:*:Enabled:Pando Media Booster
"56828:UDP" = 56828:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Sierra\Empire Earth Gold\Empire Earth\Empire Earth.exe" = C:\Program Files\Sierra\Empire Earth Gold\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" = C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe:*:Enabled:NDSTray -- (TOSHIBA CORPORATION)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{0489333B-76EF-4E87-B986-9B374EB78C0B}" = Symantec Real Time Storage Protection Component
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 1.0 - HP Photosmart Printer Series
"{0DD76815-048A-4995-AC07-C2C8469FB416}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{193428D8-940D-4351-88F6-0AFA7D1E3CB8}" = MapleStory
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{1FD0CC81-1A07-49DB-8E0A-433A680AD86A}_is1" = UFNet Installer 1.4.2
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2877881B-0736-42AB-B312-D4457D57E56D}" = BlackBerry Device Software Updater
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.07
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7822CFC5-6D52-4E55-BFB0-2BA64368542D}" = BBSAK
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate™ II - Shadows of Amn™
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}" = MyConnect Special Offer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}" = Microsoft .NET Framework 3.0
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A74C1699-4BCE-433F-82D6-F11207A0581B}" = Sony ACID Music Studio 7.0
"{A792AB94-AC78-4792-8815-583E13BC74A8}" = Odyssey Client
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B21BF93F-14EE-44EA-9689-42EE54ADA276}" = SAM 2003
"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D7447B32-518C-442F-A8E4-DCF12D8A6D75}" = Station LaunchPad
"{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}" = My Wal-Mart Digital Photo Center
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E853B73C-6993-47B0-AB8F-3F4DDD8AC80E}" = Hanes© T-ShirtMake© Lite
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online (Choose which version to remove)
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.1
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar 2.0
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Cucusoft iPhone/iTouch/iPod to Computer Transfer_is1" = iPhone/iTouch/iPod to Computer Transfer 5.5.5
"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter 3.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Empire Earth Gold" = Empire Earth Gold
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MID Converter 4.2" = MID Converter 4.2
"Mixxx" = NSIS Mixxx
"Mozilla Firefox (1.5.0.12)" = Mozilla Firefox (1.5.0.12)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Photo Viewer_is1" = Photo Viewer s2.5
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"Pro Media Director_is1" = Pro Media Director Version 2.0.0.1
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Super Mp3 Converter_is1" = Super Mp3 Converter 4.0
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.3 beta
"WMFDist11" = Windows Media Format 11 runtime
"WT004722" = Bejeweled 2 Deluxe
"WT004723" = Blasterball 2 Revolution
"WT004725" = SCRABBLE
"WT004829" = Polar Golfer
"WT006066" = FATE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD4PSP5" = XviD4PSP 5.0
"Yahoo! Music Engine" = Yahoo! Music Engine
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2009 3:29:53 AM | Computer Name = quinnk | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
unknown, version 0.0.0.0, fault address 0x76f2344a.

Error - 10/21/2009 3:30:19 AM | Computer Name = quinnk | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
unknown, version 0.0.0.0, fault address 0x76f2344a.

Error - 10/21/2009 4:30:20 AM | Computer Name = quinnk | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 10/22/2009 1:15:37 AM | Computer Name = quinnk | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80070005: InitEventCollector fail

Error - 10/22/2009 1:41:17 AM | Computer Name = quinnk | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 10/23/2009 1:12:59 AM | Computer Name = quinnk | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 10/27/2009 2:08:57 AM | Computer Name = quinnk | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/27/2009 2:25:08 AM | Computer Name = quinnk | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 10/27/2009 2:49:49 AM | Computer Name = quinnk | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 11/2/2009 12:41:29 AM | Computer Name = quinnk | Source = Application Error | ID = 1000
Description = Faulting application onenotem.exe, version 11.0.6360.0, faulting module
unknown, version 0.0.0.0, fault address 0x7ca2a65c.

[ System Events ]
Error - 10/27/2009 2:06:14 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:14 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:14 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:14 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:14 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:14 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:14 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:15 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:15 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/27/2009 2:06:15 AM | Computer Name = quinnk | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

< End of report >

Chuck Q

Nov 4 2009, 06:42 AM

Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 5.1.2600 Service Pack 3

11/4/2009 1:42:27 AM
mbam-log-2009-11-04 (01-42-27).txt

Scan type: Quick Scan
Objects scanned: 118037
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Perplexus

Nov 4 2009, 12:43 PM

This is looking very good. Let's see what Kaspersky brings back then we'll finish wiping the floor!

How is everything working?

Chuck Q

Nov 5 2009, 06:13 AM

Everything is working just fine. I tried doing that online scan and it froze at 51% for almost 8 hours I dont know whats wrong, ill try it again right now hopefully it will work

Perplexus

Nov 5 2009, 12:18 PM

Ok. If it works, just post the log. If it fails, try this one:

Go to ESET Online Scanner to perorm an online scan.

Note: You will need to use Internet Explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

Chuck Q

Nov 11 2009, 08:10 AM

ok heres the log from the online scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=49453d945bdbd340b4df98bfb507defa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-11 08:01:22
# local_time=2009-11-11 03:01:23 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 885138 885138 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=202291
# found=33
# cleaned=0
# scan_time=6332
C:\Documents and Settings\Kellies.KELLIE\My Documents\LimeWire\Saved\T.I. - Paper Trail - Let My Beat Pound(1).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Kellies.KELLIE\My Documents\LimeWire\Saved\T.I. - Paper Trail - Let My Beat Pound.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\My Downloads\EmpireEarthGoldSetup-dm.exe Win32/Adware.Trymedia application 00000000000000000000000000000000 I
C:\Nexon\MapleStory\MapleStory.exe probably a variant of Win32/PSW.Agent trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\[4]-Submit_2009-10-28_01.42.58.zip multiple threats 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\47447531\47447531.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\70847026\70847026.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\ntuser.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\lizkavd.exe.vir Win32/Adware.XPAntiSpyware.AA application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\seres.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\svcst.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.AWD trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir a variant of Win32/Kryptik.AWD trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\buwapite.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.ADG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fabokenu.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\himepuka.exe.vir a variant of Win32/Kryptik.AWF trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jogopamo.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lehuguwe.dll.vir Win32/KillAV.NFM trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\luhuwuji.exe.vir a variant of Win32/Kryptik.AVX trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nifolije.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\popiwoba.exe.vir a variant of Win32/Kryptik.AWF trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xa.tmp.vir probably a variant of Win32/TrojanDownloader.Agent.OYU trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir Win32/Adware.XPSecurityCenter application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\ntuser.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP2\A0005304.dll a variant of Win32/Kryptik.AAG trojan 00000000000000000000000000000000 I
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe a variant of Win32/Kryptik.AAG trojan 00000000000000000000000000000000 I

everything seems to be working just fine

Perplexus

Nov 11 2009, 12:44 PM

Hi Chuck Q,

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\Documents and Settings\Kellies.KELLIE\My Documents\LimeWire\Saved\T.I. - Paper Trail - Let My Beat Pound(1).mp3
C:\Documents and Settings\Kellies.KELLIE\My Documents\LimeWire\Saved\T.I. - Paper Trail - Let My Beat Pound.mp3
C:\My Downloads\EmpireEarthGoldSetup-dm.exe
C:\Nexon\MapleStory\MapleStory.exe
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

:Commands
[purity]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

AdvancedSetup

Nov 17 2009, 05:00 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.