WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] HJT Log

Started by oooicu812o , Nov 09 2009 11:28 PM

This topic is locked

24 replies to this topic

#1 oooicu812o

Authentic Member

Authentic Member
20 posts

Posted 09 November 2009 - 11:28 PM

This is the second time in a month and it is getting old. What do I need to do to fix this and what do I need to do to never have to deal with this stuff again.

================================================================================
===========================================
Log was analyzed using HijackThis Analyzer - Updated on 12/27/04
Get updates at http://www.greyknigh...ad.htm#programs

***Security Programs Detected***

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:28 PM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\DOCUME~1\Kevin\LOCALS~1\Temp\system.exe
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fddg.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\BHPS\lic\bin\lmgrd.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\BHPS\lic\bin\bhepcls.exe
C:\Documents and Settings\Kevin\Application Data\mjusbsp\magicJack.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\v0zrsrmhqq.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\mdm.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\setup.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\winamp.exe
C:\WINDOWS\System32\mshta.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\489.exe
c:\orah.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\tqzxv3.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\cmd.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\smss.exe
C:\Documents and Settings\Kevin\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: C:\WINDOWS\system32\azh4sxwk.dll - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\azh4sxwk.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [ropopepuk] Rundll32.exe "c:\windows\system32\botapepe.dll",a
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Kevin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [A00F44A73.exe] C:\DOCUME~1\Kevin\LOCALS~1\Temp\_A00F44A73.exe
O4 - HKCU\..\Run: [BackUp Windows 2009] C:\DOCUME~1\Kevin\LOCALS~1\Temp\v0zrsrmhqq.exe
O4 - HKCU\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Kevin\LOCALS~1\Temp\setup.exe
O4 - HKCU\..\Run: [Tji771] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fddg.exe
O4 - HKCU\..\Run: [A00F587A6.exe] C:\DOCUME~1\Kevin\LOCALS~1\Temp\_A00F587A6.exe
O4 - HKCU\..\Run: [A00F72817.exe] C:\DOCUME~1\Kevin\LOCALS~1\Temp\_A00F72817.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: c:\windows\system32\botapepe.dll,zugowuva.dll
O20 - Winlogon Notify: __c002B41 - C:\WINDOWS\system32\__c002B41.dat
O21 - SSODL: mahuripub - {d7293f30-fa9a-43ff-bd79-db154c9e94c5} - c:\windows\system32\botapepe.dll
O22 - SharedTaskScheduler: kjaf83hfriunf3sf9sfinoi\sufh\87sefhuhdd - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\azh4sxwk.dll
O22 - SharedTaskScheduler: tokatiluy - {d7293f30-fa9a-43ff-bd79-db154c9e94c5} - c:\windows\system32\botapepe.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProQuest Product License Manager - Macrovision Corporation - C:\PROGRA~1\BHPS\lic\\bin\lmgrd.exe

--
End of file - 4632 bytes

End of HijackThis Analyzer Log.
================================================================================
===========================================

Advertisements

Register to Remove

#2 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 10 November 2009 - 08:20 AM

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT

Posted Image

Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#3 oooicu812o

Authentic Member

Authentic Member
20 posts

Posted 10 November 2009 - 05:17 PM

Gmer will not stay running for me to get a file. It starts scanning and then closes. Also I can not get to regedit or safemode. Files are attached. I got Gmer to work by killing and blocking all runing programs in task manager. I also don't have folder options and it will not let me see hidden files

Attached Files

Attach.txt 7.95KB 831 downloads
DDS.txt 21.4KB 289 downloads
GMER.txt 2.82KB 371 downloads

Edited by oooicu812o, 10 November 2009 - 07:35 PM.

#4 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 10 November 2009 - 08:37 PM

Hi,

Please do the following:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#5 oooicu812o

Authentic Member

Authentic Member
20 posts

Posted 10 November 2009 - 09:50 PM

OTL Extras logfile created on: 9/19/2003 4:23:50 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 58.57% Memory free
2.69 Gb Paging File | 2.32 Gb Available in Paging File | 86.19% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 28.16 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 109.69 Gb Free Space | 47.10% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 58.75 Gb Free Space | 39.41% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 17.59 Mb Total Space | 17.09 Mb Free Space | 97.12% Space Free | Partition Type: FAT
Drive K: | 247.46 Mb Total Space | 66.09 Mb Free Space | 26.71% Space Free | Partition Type: FAT

Computer Name: DESKTOP
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\RECYCLER\S-1-5-21-4126161917-5399697724-792121681-4947\wnzip32.exe" = C:\RECYCLER\S-1-5-21-4126161917-5399697724-792121681-4947\wnzip32.exe:*:Enabled:wnzip32 -- ()
"C:\Documents and Settings\Kevin\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Kevin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2466ABED-9FFB-472C-8F9C-64227E4D6FF5}" = Gtech PASS RR 2.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39E9516D-9846-4E6F-979C-8B28BECE9104}" = NTI CD & DVD-Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4E9E953A-D5C1-4E84-A693-A70F4DE65A6F}" = ProQuestPalmDependsMSI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69CA6BE2-A39A-447B-812D-73DE710EEAEA}" = NTI CD & DVD-Maker
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B78823CD-488F-43B4-80D6-FAEADAE40EC4}" = Instant Wireless USB Adapter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}" = Prospector
"076A5638850BB660C9206283848DD0A114C03B7F" = Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Bell & Howell Product Licenser III" = ProQuest Product Licenser
"BitTorrent" = BitTorrent
"CARSOFT BMW V6.5" = CARSOFT BMW V6.5
"CYPI3" = Chrysler PAIS DVD International EPC 3.3.0
"HalwinX V1.26" = HalwinX V1.26
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{39E9516D-9846-4E6F-979C-8B28BECE9104}" = NTI CD & DVD-Maker Platinum Trial
"InstallShield_{69CA6BE2-A39A-447B-812D-73DE710EEAEA}" = NTI CD & DVD-Maker 7 Titanium
"LogWorks3" = LogWorks3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PQJRE1.4.2" = Proquest Private JRE 1.4.2
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SafetyCenter" = SafetyCenter
"VirtualCloneDrive" = VirtualCloneDrive
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2009 9:07:26 PM | Computer Name = DESKTOP | Source = ASP.NET 1.0.3705.6018 | ID = 1031
Description =

Error - 11/9/2009 9:22:23 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application wscsvc32.exe, version 1.0.0.1, faulting module
unknown, version 0.0.0.0, fault address 0x3d964023.

Error - 11/9/2009 9:22:35 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application wscsvc32.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2009 9:40:39 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x77124ba2.

Error - 11/9/2009 9:40:54 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application magicjack.exe, version 1.80.499.2, faulting module
unknown, version 0.0.0.0, fault address 0x7816411d.

Error - 11/9/2009 9:42:39 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application b7idm.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x3d953081.

Error - 11/9/2009 9:44:10 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 10.0.2616.0, faulting module
unknown, version 0.0.0.0, fault address 0x781319d8.

Error - 11/9/2009 11:23:20 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Error - 11/10/2009 12:46:45 AM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2003 2:50:46 AM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ Application Events ]
Error - 11/5/2009 9:07:26 PM | Computer Name = DESKTOP | Source = ASP.NET 1.0.3705.6018 | ID = 1031
Description =

Error - 11/9/2009 9:22:23 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application wscsvc32.exe, version 1.0.0.1, faulting module
unknown, version 0.0.0.0, fault address 0x3d964023.

Error - 11/9/2009 9:22:35 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application wscsvc32.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2009 9:40:39 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x77124ba2.

Error - 11/9/2009 9:40:54 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application magicjack.exe, version 1.80.499.2, faulting module
unknown, version 0.0.0.0, fault address 0x7816411d.

Error - 11/9/2009 9:42:39 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application b7idm.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x3d953081.

Error - 11/9/2009 9:44:10 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 10.0.2616.0, faulting module
unknown, version 0.0.0.0, fault address 0x781319d8.

Error - 11/9/2009 11:23:20 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Error - 11/10/2009 12:46:45 AM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2003 2:50:46 AM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ System Events ]
Error - 11/10/2009 12:46:12 AM | Computer Name = DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
000C41597A5D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 11/10/2009 3:16:06 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 4:16:13 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 4:16:44 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 5:16:24 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 5:16:55 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 6:16:34 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 6:17:05 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 7:16:48 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 7:17:18 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

[ System Events ]
Error - 11/10/2009 12:46:12 AM | Computer Name = DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
000C41597A5D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 11/10/2009 3:16:06 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 4:16:13 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 4:16:44 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 5:16:24 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 5:16:55 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 6:16:34 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 6:17:05 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 7:16:48 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/10/2009 7:17:18 PM | Computer Name = DESKTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

< End of report >
OTL logfile created on: 9/19/2003 4:23:50 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 58.57% Memory free
2.69 Gb Paging File | 2.32 Gb Available in Paging File | 86.19% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 28.16 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 109.69 Gb Free Space | 47.10% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 58.75 Gb Free Space | 39.41% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 17.59 Mb Total Space | 17.09 Mb Free Space | 97.12% Space Free | Partition Type: FAT
Drive K: | 247.46 Mb Total Space | 66.09 Mb Free Space | 26.71% Space Free | Partition Type: FAT

Computer Name: DESKTOP
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/02 18:49:21 | 00,704,512 | ---- | M] () -- C:\Program Files\BHPS\lic\bin\bhepcls.exe
PRC - [2009/11/02 18:49:21 | 00,630,272 | ---- | M] (Macrovision Corporation) -- C:\Program Files\BHPS\lic\bin\lmgrd.exe
PRC - [2009/08/01 11:13:44 | 12,231,512 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Kevin\Application Data\mjusbsp\magicJack.exe
PRC - [2009/03/05 17:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/22 16:36:16 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2003/07/28 15:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

========== Modules (SafeList) ==========

MOD - [2009/08/09 23:42:22 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\botapepe.dll
MOD - [2009/08/09 20:08:43 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\system32\zugowuva.dll
MOD - [2009/03/21 09:06:58 | 00,024,064 | -HS- | M] (Microsoft) -- C:\WINDOWS\system32\calc.dll
MOD - [2008/08/22 16:36:16 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2001/08/23 10:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lz32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/02 18:49:21 | 00,630,272 | ---- | M] () -- C:\PROGRA~1\BHPS\lic\\bin\lmgrd.exe -- (ProQuest Product License Manager)
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2003/07/28 15:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/30 00:02:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C0ABC75D-BEC3-4B9A-AD79-4AD5CE905567}: C:\Documents and Settings\Kevin\Local Settings\Application Data\{C0ABC75D-BEC3-4B9A-AD79-4AD5CE905567}\ [2009/11/09 20:12:27 | 00,000,000 | ---D | M]

O1 HOSTS File: (350700 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12023 more lines...
O2 - BHO: (C:\WINDOWS\system32\azh4sxwk.dll) - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\azh4sxwk.dll ()
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [ropopepuk] C:\WINDOWS\System32\botapepe.DLL ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
O4 - HKCU..\Run: [A00F44A73.exe] C:\Documents and Settings\Kevin\Local Settings\Temp\_A00F44A73.exe ()
O4 - HKCU..\Run: [A00F587A6.exe] C:\Documents and Settings\Kevin\Local Settings\Temp\_A00F587A6.exe ()
O4 - HKCU..\Run: [A00F72817.exe] C:\Documents and Settings\Kevin\Local Settings\Temp\_A00F72817.exe ()
O4 - HKCU..\Run: [BackUp Windows 2009] C:\Documents and Settings\Kevin\Local Settings\Temp\tqzxv3.exe ()
O4 - HKCU..\Run: [calc] C:\WINDOWS\system32\config\systemprofile\ntuser.dll (Microsoft)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Kevin\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Tji771] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fddg.exe ()
O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\Documents and Settings\Kevin\Local Settings\Temp\mdm.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\botapepe.dll) - C:\WINDOWS\system32\botapepe.dll ()
O20 - AppInit_DLLs: (zugowuva.dll) - C:\WINDOWS\System32\zugowuva.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4126161917-5399697724-792121681-4947\wnzip32.exe) - C:\RECYCLER\S-1-5-21-4126161917-5399697724-792121681-4947\wnzip32.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4126161917-5399697724-792121681-4947\wnzip32.exe) - C:\RECYCLER\S-1-5-21-4126161917-5399697724-792121681-4947\wnzip32.exe ()
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fddg.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fddg.exe ()
O20 - Winlogon\Notify\__c002B41: DllName - C:\WINDOWS\system32\__c002B41.dat - C:\WINDOWS\system32\__c002B41.dat ()
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: mahuripub - {d7293f30-fa9a-43ff-bd79-db154c9e94c5} - C:\WINDOWS\system32\botapepe.dll ()
O22 - SharedTaskScheduler: {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - kjaf83hfriunf3sf9sfinoi\sufh\87sefhuhdd - C:\WINDOWS\system32\azh4sxwk.dll ()
O22 - SharedTaskScheduler: {d7293f30-fa9a-43ff-bd79-db154c9e94c5} - tokatiluy - C:\WINDOWS\system32\botapepe.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/31 23:08:45 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - I:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 00,016,158 | R--- | M] () - I:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 00,000,308 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - I:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2009/08/01 10:55:38 | 00,000,270 | ---- | M] () - J:\autorun.inf -- [ FAT ]
O32 - Unable to obtain root file information for disk K:\
O33 - MountPoints2\{a1373da5-bde4-11de-986e-000c41597a5d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1373da5-bde4-11de-986e-000c41597a5d}\Shell\AutoRun\command - "" = I:\autorun.exe -- [2008/07/21 08:20:07 | 00,027,992 | R--- | M] (magicJack L.P.)
O33 - MountPoints2\{a1373da5-bde4-11de-986e-000c41597a5d}\Shell\phone\command - "" = I:\autorun.exe -- [2008/07/21 08:20:07 | 00,027,992 | R--- | M] (magicJack L.P.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/20 15:16:01 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/10 18:08:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\gmer
[2009/11/10 00:03:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Windows Search
[2009/11/09 20:12:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\{C0ABC75D-BEC3-4B9A-AD79-4AD5CE905567}
[2009/11/09 20:11:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fontatmgfx
[2009/11/08 17:44:03 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Kevin\My Documents\My Webs
[2009/11/05 20:16:25 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/05 20:15:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/11/05 20:15:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/11/05 20:13:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/11/05 20:13:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/11/05 20:13:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/11/02 18:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/11/02 18:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BHPS
[2009/11/02 18:28:05 | 00,000,000 | ---D | C] -- C:\Program Files\BHPS
[2009/11/01 20:59:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Adobe
[2009/11/01 18:04:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/01 18:04:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/31 23:20:56 | 01,056,768 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2009/10/31 23:19:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/10/31 23:18:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\SendTo
[2009/10/31 23:08:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\NewTech Infosystems
[2009/10/31 23:06:14 | 00,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2009/10/31 22:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/30 00:01:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\ApplicationHistory
[2009/10/29 23:57:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2009/10/29 23:53:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities
[2009/10/29 23:53:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Windows Desktop Search
[2009/10/29 23:53:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/29 23:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/29 20:38:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
[2009/10/29 20:38:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/29 20:38:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/29 20:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/27 23:50:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/27 23:50:18 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/27 23:50:01 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/27 23:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/27 22:15:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/10/27 22:15:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/27 22:15:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/10/27 22:15:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/27 22:10:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/10/27 21:30:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2009/10/27 21:30:19 | 00,226,816 | ---- | C] (honest technology) -- C:\WINDOWS\System32\htvcdsvcd.ax
[2009/10/27 21:30:03 | 00,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2009/10/27 21:29:26 | 00,006,144 | ---- | C] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2009/10/27 21:25:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\WinRAR
[2009/10/27 21:23:43 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/27 14:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\DivX
[2009/10/26 15:44:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Downloads
[2009/10/26 15:42:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\My eBooks
[2009/10/26 15:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/10/26 15:36:56 | 00,000,000 | ---D | C] -- C:\Program Files\Gtech PASS RR 2.0
[2009/10/26 14:33:44 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/10/26 14:33:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/26 14:33:27 | 00,000,000 | ---D | C] -- C:\Program Files\LogWorks3
[2009/10/26 14:30:46 | 00,000,000 | ---D | C] -- C:\Program Files\Haltech
[2009/10/26 14:30:32 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2009/10/26 14:30:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\WINDOWS
[2009/10/26 13:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/10/26 13:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/10/26 13:52:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/10/26 13:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2009/10/26 13:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/10/21 20:01:25 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\My Documents\My Videos
[2009/10/21 19:48:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\IsolatedStorage
[2009/10/21 19:48:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ProspectorV5
[2009/10/21 19:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\MoxieProxy
[2009/10/21 18:20:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/10/21 18:12:53 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/10/21 17:31:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2009/10/21 07:23:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\tjnet
[2009/10/20 23:59:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\mjusbsp
[2009/10/20 23:44:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/20 23:43:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2009/10/20 23:38:15 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/10/20 23:38:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/10/20 23:37:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/10/20 23:35:38 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/20 23:35:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/20 23:35:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/10/20 22:56:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/10/20 22:56:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/10/20 22:56:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/10/20 22:54:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/20 22:45:58 | 00,000,000 | ---D | C] -- C:\Program Files\CARSOFT
[2009/10/20 22:45:49 | 00,000,000 | ---D | C] -- C:\cm75f
[2009/10/20 22:43:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\FlashFXP
[2009/10/20 22:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\XBSM45
[2009/10/20 22:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Winmx
[2009/10/20 22:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\TMPEGnc
[2009/10/20 22:42:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Snead
[2009/10/20 22:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Emulators
[2009/10/20 22:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Car software
[2009/10/20 22:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Need For Speed 5 - Porsche Unleashed
[2009/10/20 22:42:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\KTJ Trading
[2009/10/20 22:41:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\hijackthis
[2009/10/20 22:41:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Car
[2009/10/20 22:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/10/20 22:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/10/20 22:29:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\BitTorrent
[2009/10/20 22:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/10/20 22:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/20 22:13:27 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/20 22:13:27 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/10/20 22:13:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/10/20 22:13:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Real
[2009/10/20 22:13:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/20 22:11:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/10/20 22:11:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/10/20 22:07:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/10/20 22:06:47 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/10/20 22:05:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2009/10/20 21:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Macromedia
[2009/10/20 21:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Adobe
[2009/10/20 21:47:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/20 21:41:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/10/20 21:39:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/10/20 21:39:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Kevin\UserData
[2009/10/20 21:13:58 | 00,000,000 | RHSD | C] -- C:\RECYCLER
[2009/10/20 21:03:33 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/10/20 21:02:10 | 00,107,648 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnetusbl.sys
[2009/10/20 21:02:09 | 00,122,112 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnet58lx.sys
[2009/10/20 21:02:09 | 00,122,112 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnet58l.sys
[2009/10/20 21:02:09 | 00,107,648 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnetu9xl.sys
[2009/10/20 21:02:09 | 00,072,704 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\NETUSBXP.SYS
[2009/10/20 21:02:09 | 00,070,016 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\NETUSB.SYS
[2009/10/20 21:02:09 | 00,069,376 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnetusbxp.sys
[2009/10/20 21:02:09 | 00,066,816 | ---- | C] (Cisco Linksys LLC.) -- C:\WINDOWS\System32\drivers\VNETUSBA.SYS
[2009/10/20 21:02:09 | 00,049,936 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\PRISM9x.SYS
[2009/10/20 21:02:09 | 00,049,752 | ---- | C] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\PRISMXP.SYS
[2009/10/20 21:02:09 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/20 21:02:09 | 00,000,000 | ---D | C] -- C:\Program Files\WUSB11 WLAN Monitor
[2009/10/20 21:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/10/20 20:59:50 | 00,000,000 | ---D | C] -- C:\Linksys Driver
[2009/10/20 20:58:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/20 20:54:20 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/10/20 20:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Identities
[2009/10/20 20:54:14 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/10/20 20:54:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\My Documents\My Pictures
[2009/10/20 20:54:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\My Documents\My Music
[2009/10/20 20:54:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft
[2009/10/20 20:54:08 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Kevin\Application Data\Microsoft
[2009/10/20 20:54:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\SendTo
[2009/10/20 20:54:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Recent
[2009/10/20 20:54:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Application Data
[2009/10/20 20:54:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\Start Menu
[2009/10/20 20:54:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\My Documents
[2009/10/20 20:54:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\Favorites
[2009/10/20 20:54:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Kevin\Cookies
[2009/10/20 20:54:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Kevin\Templates
[2009/10/20 20:54:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Kevin\PrintHood
[2009/10/20 20:54:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Kevin\NetHood
[2009/10/20 20:54:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Kevin\Local Settings
[2009/10/20 20:54:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop
[2009/10/20 20:53:26 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/10/20 20:44:31 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/10/20 20:44:31 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/10/20 20:43:52 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/10/20 20:43:52 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/10/20 20:43:52 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/10/20 20:43:43 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/20 20:43:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/10/20 20:43:24 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/10/20 20:43:24 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/10/20 20:42:17 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2009/10/20 20:42:09 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/10/20 20:42:09 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/10/20 20:41:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/10/20 20:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/10/20 20:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/10/20 20:41:28 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/10/20 20:34:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/10/20 20:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/10/20 20:34:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2009/10/20 20:34:28 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/10/20 20:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/10/20 20:34:23 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/10/20 20:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/10/20 20:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/10/20 20:34:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/10/20 20:34:14 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/10/20 20:34:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/10/20 20:34:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/10/20 20:33:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/10/20 20:33:31 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/10/20 20:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/10/20 20:33:21 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/20 20:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/10/20 20:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/10/20 20:33:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/10/20 20:32:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/10/20 15:28:41 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\BCMDM.sys
[2009/10/20 15:27:14 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2009/10/20 15:27:14 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2009/10/20 15:27:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2009/10/20 15:27:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2009/10/20 15:27:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2009/10/20 15:26:56 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/10/20 15:26:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/10/20 15:26:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/10/20 15:18:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/10/20 15:18:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/10/20 15:18:36 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/20 15:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/10/20 15:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/20 15:18:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/10/20 15:18:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/10/20 15:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/10/20 15:06:53 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/10/20 15:06:53 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/10/20 15:06:53 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/10/20 15:06:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/10/20 15:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/09/25 11:41:28 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/09/25 11:41:26 | 00,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2009/09/25 11:41:26 | 00,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2009/09/25 11:41:26 | 00,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2009/09/25 11:41:26 | 00,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2009/09/25 11:41:26 | 00,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2009/09/25 11:41:26 | 00,696,320 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2009/05/25 07:16:28 | 00,134,312 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyVCD.dll
[2009/05/25 07:01:38 | 00,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2009/05/22 18:08:32 | 00,029,696 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\VClone.sys
[2009/05/12 06:32:46 | 01,769,800 | ---- | C] (Softel vdm, Inc.) -- C:\WINDOWS\System32\SftBox_IX86_U_45.ocx
[2009/02/17 12:11:30 | 00,024,232 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2008/08/22 16:36:13 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2002/04/11 00:41:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 14 Days ==========

[2009/11/10 00:17:12 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\cbkpew.dll
[2009/11/10 00:15:30 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\w3h7to9.dll
[2009/11/10 00:08:22 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Kevin\NTUSER.DAT
[2009/11/10 00:08:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Kevin\ntuser.ini
[2009/11/10 00:05:08 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\feqio394si.dll
[2009/11/09 23:52:47 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\__c002B41.dat
[2009/11/09 23:52:24 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\azh4sxwk.dll
[2009/11/09 23:45:18 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/11/09 23:44:32 | 00,000,599 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/09 23:44:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/09 23:44:32 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/09 23:41:53 | 00,000,656 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/09 23:41:24 | 00,350,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/09 22:22:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/11/09 22:22:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/11/09 22:22:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/11/09 22:19:52 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 20:12:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Gxujutih.bin
[2009/11/09 20:12:29 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Asofulicaken.dat
[2009/11/09 20:10:01 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/11/09 20:09:27 | 00,000,826 | ---- | M] () -- C:\WINDOWS\System32\wininit.dll
[2009/11/05 20:16:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 19:10:04 | 00,000,128 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat
[2009/11/02 18:52:11 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Chrysler PAIS DVD International EPC.lnk
[2009/11/01 20:59:22 | 00,020,328 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/01 18:11:26 | 00,348,900 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091109-224124.backup
[2009/11/01 08:40:23 | 00,020,328 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/31 23:20:43 | 00,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2009/10/31 23:20:22 | 00,000,320 | ---- | M] () -- C:\WINDOWS\setup.iss
[2009/10/31 23:18:41 | 00,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2009/10/31 23:18:41 | 00,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTIMP3.dll
[2009/10/31 23:18:41 | 00,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTIJCMK5.dll
[2009/10/31 23:18:41 | 00,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2009/10/31 23:18:41 | 00,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2009/10/31 23:18:32 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2009/10/31 23:12:10 | 00,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTIDBD32.dll
[2009/10/31 23:08:45 | 00,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/30 08:18:17 | 00,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/27 23:27:21 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/27 23:25:37 | 05,355,886 | -H-- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\IconCache.db
[2009/10/27 22:10:02 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/10/26 14:33:30 | 00,125,670 | ---- | M] () -- C:\WINDOWS\LogWorks3 Uninstaller.exe
[2009/10/26 13:55:06 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/10/21 17:24:57 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/20 23:53:38 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/20 23:53:38 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/20 22:28:56 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/10/20 22:15:16 | 00,000,781 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091101-171126.backup
[2009/10/20 22:13:27 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/20 20:54:19 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/10/20 20:45:44 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/20 20:44:54 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/20 20:43:06 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/20 20:43:06 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/20 20:43:06 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/20 20:43:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/10/20 20:43:06 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/20 20:43:03 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2009/10/20 20:42:57 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/20 20:42:08 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/20 20:42:08 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/20 20:33:54 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/20 20:33:41 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/10/20 20:33:41 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/09/25 11:41:28 | 00,090,112 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/09/25 11:41:26 | 00,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2009/09/25 11:41:26 | 00,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2009/09/25 11:41:26 | 00,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2009/09/25 11:41:26 | 00,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2009/09/25 11:41:26 | 00,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2009/09/25 11:41:26 | 00,696,320 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2009/09/10 15:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 15:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/07 01:30:02 | 01,481,728 | ---- | M] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/09/07 01:30:02 | 00,414,208 | ---- | M] () -- C:\WINDOWS\System32\WgaTray.exe
[2009/09/07 01:30:02 | 00,190,976 | ---- | M] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/08/09 23:42:23 | 00,045,056 | -HS- | M] () -- C:\WINDOWS\System32\fudimapo.dll
[2009/08/09 23:42:22 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\System32\botapepe.dll
[2009/08/09 23:42:22 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\lewabenu.dll
[2009/08/09 20:14:20 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yagerumu.dll
[2009/08/09 20:14:18 | 00,115,200 | -HS- | M] () -- C:\WINDOWS\System32\seretisa.exe
[2009/08/09 20:14:18 | 00,045,056 | -HS- | M] () -- C:\WINDOWS\System32\bojigenu.dll
[2009/08/09 20:08:43 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\zugowuva.dll
[2009/08/09 20:08:43 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\nelufuyu.dll
[2009/08/09 20:08:43 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\guromome.dll
[2009/06/03 14:09:37 | 01,291,264 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2009/06/03 14:09:37 | 01,291,264 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/05/25 07:16:28 | 00,134,312 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyVCD.dll
[2009/05/25 07:01:38 | 00,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2009/05/22 18:08:32 | 00,029,696 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\VClone.sys
[2009/05/17 12:59:10 | 05,258,387 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\E_911_83_KATALOG.pdf
[2009/05/12 06:32:46 | 01,769,800 | ---- | M] (Softel vdm, Inc.) -- C:\WINDOWS\System32\SftBox_IX86_U_45.ocx
[2009/03/27 01:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/02/17 12:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2009/01/09 14:19:28 | 01,089,593 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2008/08/22 16:36:16 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2008/07/19 23:09:55 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\House.xls
[2008/06/13 20:03:52 | 03,062,635 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\OM_CDE-9874.pdf
[2008/05/29 22:49:21 | 05,036,032 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Pistons.doc
[2008/05/26 22:59:42 | 00,018,904 | ---- | M] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 00,106,605 | ---- | M] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/13 19:25:26 | 00,001,804 | ---- | M] () -- C:\WINDOWS\System32\dcache.bin
[2008/04/13 19:12:43 | 00,239,616 | ---- | M] () -- C:\WINDOWS\System32\wstrenderer.ax
[2008/04/13 19:12:43 | 00,164,352 | ---- | M] () -- C:\WINDOWS\System32\wstpager.ax
[2008/04/13 19:12:42 | 00,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax
[2008/04/13 19:12:42 | 00,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax
[2008/04/13 19:12:42 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\vbicodec.ax
[2008/04/13 19:12:04 | 00,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll
[2008/04/13 19:12:03 | 00,562,176 | ---- | M] () -- C:\WINDOWS\System32\qedit.dll
[2008/04/13 19:12:03 | 00,386,048 | ---- | M] () -- C:\WINDOWS\System32\qdvd.dll
[2008/04/13 19:12:03 | 00,279,040 | ---- | M] () -- C:\WINDOWS\System32\qdv.dll
[2008/04/13 19:12:03 | 00,192,512 | ---- | M] () -- C:\WINDOWS\System32\qcap.dll
[2008/04/13 19:11:59 | 00,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll
[2008/04/13 19:11:56 | 00,035,328 | ---- | M] () -- C:\WINDOWS\System32\mciqtz32.dll
[2008/04/13 19:11:53 | 00,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll
[2008/04/13 19:11:52 | 00,498,742 | ---- | M] () -- C:\WINDOWS\System32\dxmasf.dll
[2008/04/13 19:11:51 | 00,252,928 | ---- | M] () -- C:\WINDOWS\System32\compatui.dll
[2008/04/13 19:11:51 | 00,059,904 | ---- | M] () -- C:\WINDOWS\System32\devenum.dll
[2008/04/13 19:11:49 | 00,070,656 | ---- | M] () -- C:\WINDOWS\System32\amstream.dll
[2008/04/13 19:10:08 | 00,844,314 | ---- | M] () -- C:\WINDOWS\System32\msdxm.ocx
[2008/04/13 19:10:08 | 00,004,126 | ---- | M] () -- C:\WINDOWS\System32\msdxmlc.dll
[2008/04/13 19:09:39 | 13,463,552 | ---- | M] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/04/13 12:26:09 | 00,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp
[2008/04/13 12:21:32 | 00,733,696 | ---- | M] () -- C:\WINDOWS\System32\qedwipes.dll
[2008/02/29 04:09:58 | 00,265,948 | ---- | M] () -- C:\WINDOWS\System32\locale.nls
[2007/09/27 11:51:02 | 00,020,698 | ---- | M] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:51:02 | 00,004,640 | ---- | M] () -- C:\WINDOWS\System32\idxcntrs.h
[2007/09/27 11:48:48 | 00,030,628 | ---- | M] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:48 | 00,002,590 | ---- | M] () -- C:\WINDOWS\System32\gsrvctr.h
[2007/09/27 11:48:28 | 00,031,698 | ---- | M] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/27 11:48:28 | 00,003,100 | ---- | M] () -- C:\WINDOWS\System32\gthrctr.h
[2007/08/13 19:06:32 | 00,056,700 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2007/06/21 00:52:36 | 00,000,974 | ---- | M] () -- C:\WINDOWS\System32\pid.inf
[2007/04/02 07:49:20 | 00,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006/12/29 13:08:31 | 00,023,044 | ---- | M] () -- C:\WINDOWS\System32\sorttbls.nls
[2006/12/14 17:53:36 | 02,819,584 | ---- | M] () -- C:\WINDOWS\System32\LS_HSI.msi
[2006/09/23 14:12:38 | 00,074,715 | ---- | M] () -- C:\WINDOWS\System32\IE7Eula.rtf
[2006/09/01 09:44:04 | 00,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat
[2006/09/01 09:44:04 | 00,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat
[2006/08/12 17:19:17 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\US Supply and Demand.xls
[2006/06/08 13:06:50 | 00,066,384 | ---- | M] () -- C:\WINDOWS\System32\normnfkc.nls
[2006/06/08 13:06:50 | 00,060,294 | ---- | M] () -- C:\WINDOWS\System32\normnfkd.nls
[2006/06/08 13:06:50 | 00,059,342 | ---- | M] () -- C:\WINDOWS\System32\normidna.nls
[2006/06/08 13:06:50 | 00,045,794 | ---- | M] () -- C:\WINDOWS\System32\normnfc.nls
[2006/06/08 13:06:50 | 00,039,284 | ---- | M] () -- C:\WINDOWS\System32\normnfd.nls
[2005/09/03 09:04:30 | 00,196,096 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Loan table.xls
[2005/05/19 07:38:26 | 00,005,178 | ---- | M] () -- C:\WINDOWS\System32\e100b325.din
[2004/12/17 16:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 00:51:21 | 00,053,840 | ---- | M] () -- C:\WINDOWS\System32\dosx.exe
[2004/08/04 00:48:44 | 00,003,338 | ---- | M] () -- C:\WINDOWS\System32\redir.exe
[2004/08/02 14:20:40 | 00,007,208 | ---- | M] () -- C:\WINDOWS\System32\secupd.sig
[2004/08/02 14:20:40 | 00,004,569 | ---- | M] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/18 00:55:22 | 00,129,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2004/07/17 13:46:13 | 00,053,478 | ---- | M] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/07/17 13:38:21 | 00,956,990 | ---- | M] () -- C:\WINDOWS\System32\instcat.sql
[2004/07/17 13:36:22 | 00,064,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2004/07/17 13:35:24 | 01,326,080 | ---- | M] () -- C:\WINDOWS\System32\webfldrs.msi
[2004/05/17 17:43:09 | 00,035,424 | ---- | M] () -- C:\WINDOWS\System32\ntio412.sys
[2004/05/17 17:43:09 | 00,035,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2004/05/17 17:43:07 | 00,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio404.sys
[2004/05/17 17:43:07 | 00,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2004/05/17 17:43:06 | 00,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio804.sys
[2004/05/17 17:43:06 | 00,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2004/05/17 17:43:04 | 00,035,648 | ---- | M] () -- C:\WINDOWS\System32\ntio411.sys
[2004/05/17 17:43:04 | 00,035,648 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2004/05/17 17:43:02 | 00,033,840 | ---- | M] () -- C:\WINDOWS\System32\ntio.sys
[2004/03/26 14:08:54 | 00,122,112 | ---- | M] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnet58lx.sys
[2004/03/26 14:08:14 | 00,107,648 | ---- | M] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnetusbl.sys
[2004/03/26 14:06:48 | 00,122,112 | ---- | M] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnet58l.sys
[2004/03/26 14:06:10 | 00,107,648 | ---- | M] (Cisco-Linksys LLC.) -- C:\WINDOWS\System32\drivers\vnetu9xl.sys
[2003/09/19 04:22:58 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\rehuwido
[2003/09/19 01:31:40 | 00,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2003/09/19 01:31:40 | 00,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2003/09/19 01:31:40 | 00,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2003/09/19 01:28:25 | 00,001,004 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\magicJack.lnk
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2003/09/19 01:27:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2003/09/19 01:27:18 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2003/09/19 01:27:18 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2003/09/19 01:27:18 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2003/09/19 01:27:17 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2003/09/19 01:27:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

========== Files Created - No Company Name ==========

[2009/11/10 00:17:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c005694C.dat
[2009/11/10 00:17:12 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\cbkpew.dll
[2009/11/10 00:15:30 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\w3h7to9.dll
[2009/11/10 00:15:28 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c00AB78E.dat
[2009/11/10 00:05:08 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c00EB614.dat
[2009/11/10 00:05:08 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\feqio394si.dll
[2009/11/09 23:52:35 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c002B41.dat
[2009/11/09 23:52:24 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\azh4sxwk.dll
[2009/11/09 23:42:11 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\rehuwido
[2009/11/09 23:41:24 | 00,348,900 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091109-224124.backup
[2009/11/09 22:14:04 | 00,000,656 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/09 20:12:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Gxujutih.bin
[2009/11/09 20:12:29 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Asofulicaken.dat
[2009/11/09 20:10:01 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2009/11/09 20:10:01 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2009/11/09 20:10:00 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2009/11/09 20:09:59 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2009/11/09 20:09:58 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2009/11/09 20:09:58 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/11/09 20:09:27 | 00,000,826 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2009/11/02 19:10:04 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat
[2009/11/02 18:52:11 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Chrysler PAIS DVD International EPC.lnk
[2009/11/01 20:59:22 | 00,020,328 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/01 18:11:26 | 00,000,781 | RHS- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091101-171126.backup
[2009/10/31 23:20:27 | 00,000,320 | ---- | C] () -- C:\WINDOWS\setup.iss
[2009/10/31 23:19:49 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2009/10/31 23:19:43 | 02,819,584 | ---- | C] () -- C:\WINDOWS\System32\LS_HSI.msi
[2009/10/31 23:18:41 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2009/10/31 23:18:41 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIJCMK5.dll
[2009/10/31 23:12:10 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDBD32.dll
[2009/10/31 23:10:01 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2009/10/31 23:07:45 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2009/10/29 23:40:17 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/10/29 23:39:27 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/27 22:00:27 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/10/27 21:29:31 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2009/10/27 21:29:31 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2009/10/27 13:35:33 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/26 14:33:29 | 00,125,670 | ---- | C] () -- C:\WINDOWS\LogWorks3 Uninstaller.exe
[2009/10/26 14:30:47 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\BCBSMP50.BPL
[2009/10/21 20:12:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/21 18:13:03 | 00,020,328 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/21 07:57:52 | 00,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2009/10/21 07:57:52 | 00,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/10/21 00:00:28 | 00,001,004 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\magicJack.lnk
[2009/10/20 23:53:14 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/20 22:54:00 | 00,414,208 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2009/10/20 22:54:00 | 00,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/10/20 22:41:52 | 05,036,032 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Pistons.doc
[2009/10/20 22:41:52 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\US Supply and Demand.xls
[2009/10/20 22:41:51 | 05,258,387 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\E_911_83_KATALOG.pdf
[2009/10/20 22:41:51 | 03,062,635 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\OM_CDE-9874.pdf
[2009/10/20 22:41:51 | 00,196,096 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Loan table.xls
[2009/10/20 22:41:51 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\House.xls
[2009/10/20 22:28:56 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/10/20 22:17:59 | 05,355,886 | -H-- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\IconCache.db
[2009/10/20 22:15:16 | 00,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts1.bak
[2009/10/20 22:11:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/10/20 22:10:52 | 00,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/10/20 22:10:46 | 00,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2009/10/20 22:10:43 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2009/10/20 22:10:31 | 00,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2009/10/20 22:10:28 | 00,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2009/10/20 22:10:14 | 01,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2009/10/20 21:02:09 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2009/10/20 20:54:10 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\Kevin\ntuser.ini
[2009/10/20 20:54:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kevin\Application Data\desktop.ini
[2009/10/20 20:54:08 | 06,029,312 | -H-- | C] () -- C:\Documents and Settings\Kevin\NTUSER.DAT
[2009/10/20 20:45:44 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/20 20:44:54 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/20 20:44:15 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/10/20 20:44:07 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/10/20 20:44:00 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/10/20 20:43:56 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/10/20 20:43:06 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/20 20:43:06 | 00,000,100 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/10/20 20:43:06 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/10/20 20:43:06 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/10/20 20:43:06 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/10/20 20:43:04 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/10/20 20:43:04 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/20 20:43:04 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/20 20:43:03 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2009/10/20 20:42:57 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/20 20:42:08 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/20 20:42:08 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/20 20:42:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/20 20:42:03 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/20 20:41:48 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/10/20 20:34:39 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/10/20 20:34:39 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/10/20 20:34:33 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/10/20 20:33:54 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/20 20:33:06 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/10/20 20:33:06 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/10/20 20:33:06 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/10/20 20:33:06 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/10/20 20:33:06 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/10/20 20:33:06 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/10/20 20:33:06 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/10/20 20:33:06 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/10/20 20:33:06 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/10/20 20:33:06 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/10/20 20:33:06 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/10/20 20:33:05 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/10/20 20:33:05 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/10/20 20:33:05 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/10/20 20:33:05 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/10/20 20:33:05 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/10/20 20:33:05 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/10/20 20:33:05 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/10/20 20:33:05 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/10/20 20:33:02 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/10/20 20:33:02 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/10/20 20:33:00 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/10/20 20:32:49 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/10/20 15:27:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/10/20 15:18:44 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/20 15:18:37 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/10/20 15:18:37 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/10/20 15:18:37 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/10/20 15:18:37 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/10/20 15:18:34 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/10/20 15:18:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/10/20 15:18:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/10/20 15:18:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/10/20 15:18:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/10/20 15:18:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/10/20 15:18:31 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/10/20 15:18:31 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/10/20 15:18:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/10/20 15:18:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/10/20 15:18:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/10/20 15:18:30 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/10/20 15:18:30 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/10/20 15:18:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/10/20 15:18:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/10/20 15:18:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/10/20 15:18:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/10/20 15:18:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/10/20 15:18:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/10/20 15:18:24 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/10/20 15:18:15 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/10/20 15:18:15 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/10/20 15:18:15 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/10/20 15:18:15 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/10/20 15:18:15 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/10/20 15:18:15 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/10/20 15:17:45 | 00,119,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/20 15:17:06 | 00,000,211 | RHS- | C] () -- C:\boot.ini
[2009/10/20 15:17:03 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/09 23:42:23 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\fudimapo.dll
[2009/08/09 23:42:22 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\botapepe.dll
[2009/08/09 23:42:22 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lewabenu.dll
[2009/08/09 20:14:20 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yagerumu.dll
[2009/08/09 20:14:18 | 00,115,200 | -HS- | C] () -- C:\WINDOWS\System32\seretisa.exe
[2009/08/09 20:14:18 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\bojigenu.dll
[2009/08/09 20:08:43 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\zugowuva.dll
[2009/08/09 20:08:43 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\nelufuyu.dll
[2009/08/09 20:08:43 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\guromome.dll
[2009/06/03 14:09:37 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/05/26 22:59:42 | 00,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 00,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/20 18:06:36 | 01,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:51:02 | 00,004,640 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.h
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:48 | 00,002,590 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.h
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/27 11:48:28 | 00,003,100 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.h
[2006/09/23 14:12:38 | 00,074,715 | ---- | C] () -- C:\WINDOWS\System32\IE7Eula.rtf
[2006/09/01 09:44:04 | 00,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat
[2006/09/01 09:44:04 | 00,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2006/06/29 15:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 15:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/08 13:06:50 | 00,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls
[2006/06/08 13:06:50 | 00,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls
[2006/06/08 13:06:50 | 00,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls
[2006/06/08 13:06:50 | 00,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls
[2006/06/08 13:06:50 | 00,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls
[2006/04/18 16:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 16:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/05/19 07:38:26 | 00,005,178 | ---- | C] () -- C:\WINDOWS\System32\e100b325.din
[2004/08/04 02:56:57 | 00,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2004/08/04 02:56:57 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2004/08/04 02:56:57 | 00,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2004/08/04 02:56:57 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2004/08/04 00:22:24 | 00,056,700 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2004/07/18 00:55:22 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2004/07/17 13:36:22 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2004/05/17 17:43:09 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2004/05/17 17:43:07 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2004/05/17 17:43:06 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2004/05/17 17:43:04 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2003/09/17 11:01:28 | 00,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2003/07/08 13:41:48 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/06/27 16:47:16 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2002/06/27 16:47:14 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2002/06/27 16:47:14 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2002/06/27 16:47:14 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/23 10:00:00 | 00,000,599 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 10:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/11/09 20:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\BitTorrent
[2003/09/19 01:28:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mjusbsp
[2009/10/26 13:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ProspectorV5
[2009/10/29 23:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Desktop Search
[2009/11/10 00:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Search
[2003/09/19 01:27:18 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2003/09/19 01:27:18 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2003/09/19 01:27:18 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2009/11/09 20:10:01 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2009/11/09 22:22:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2009/11/09 22:22:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2009/11/09 22:22:41 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2009/11/09 23:45:18 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2003/09/19 01:27:19 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2001/08/23 10:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2003/09/19 01:27:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >

#6 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 10 November 2009 - 10:50 PM

Hi,

Your machine is very heavily infected.

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#7 oooicu812o

Authentic Member

Authentic Member
20 posts

Posted 10 November 2009 - 11:20 PM

like i was saying at the start this is the second backdoor in a month. The first time I deleted the partions and cleaned the drive and did a reinstall. What do I need to do to stop this after we get it fixed? Also I have been doing what the tech forum on another computer using a thumb drive and the infected one i killed the internet conection until it gets fixed. I don't mind cleaning it again and starting over but I don't want it to comeback ever. I have a combofix folder on my c drive but no txt file

#8 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 10 November 2009 - 11:45 PM

Hi, did combofix appear to run properly? please do a search for C:\combofix.txt with windows explorer

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#9 oooicu812o

Authentic Member

Authentic Member
20 posts

Posted 11 November 2009 - 08:19 AM

it looks like it ran ok but there is not a combofix.txt file. There is a combofix folder but not a text file.

#10 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 11 November 2009 - 08:34 AM

Hi, Please delete the copy of combofix that you have on your desktop. Download a fresh copy from one of the previous links provided and run it. Please allow it lots of time to create a log when it has done scanning make certain your security programs are totally disabled so they don't interfere

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Advertisements

Register to Remove

#11 oooicu812o

Authentic Member

Authentic Member
20 posts

Posted 11 November 2009 - 09:18 AM

ComboFix 09-11-09.02 - Kevin 11/10/2009 15:49.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.686 [GMT -6:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))))))
.

2009-11-10 12:39 . 2009-11-10 12:39 -------- d-----w- C:\$WINDOWS.~BT
2009-11-10 11:56 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\in00000\setup.exe
2009-11-10 11:56 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\ar00000\install.exe
2009-11-10 05:03 . 2009-11-10 05:03 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-11-10 01:12 . 2009-11-10 01:12 0 ----a-w- c:\windows\Gxujutih.bin
2009-11-10 01:12 . 2009-11-10 01:12 120 ----a-w- c:\windows\Asofulicaken.dat
2009-11-10 01:11 . 2009-11-10 01:11 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\fontatmgfx
2009-11-10 01:09 . 2009-11-10 01:09 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-06 01:16 . 2009-11-06 01:16 -------- d-----w- c:\program files\MSXML 4.0
2009-11-06 01:15 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-06 01:15 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-06 01:15 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-06 01:15 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-06 01:15 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-11-06 01:15 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-06 01:15 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-11-06 01:15 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-03 01:10 . 2009-11-03 01:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-03 00:10 . 2009-11-03 00:10 128 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\fusioncache.dat
2009-11-02 23:50 . 2009-11-02 23:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-02 23:49 . 2009-11-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-11-02 23:28 . 2009-11-03 00:10 -------- d-----w- c:\program files\Common Files\BHPS
2009-11-02 23:28 . 2009-11-02 23:51 -------- d-----w- c:\program files\BHPS
2009-11-02 01:59 . 2009-11-02 02:19 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Adobe
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 04:20 . 2000-08-03 01:50 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-11-01 04:19 . 2004-12-17 21:14 13952 ------w- c:\windows\system32\drivers\UBHelper.sys
2009-11-01 04:19 . 2009-11-01 04:19 -------- d-----w- c:\program files\Common Files\LightScribe
2009-11-01 04:19 . 2006-12-14 22:53 2819584 ------w- c:\windows\system32\LS_HSI.msi
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIJCMK5.dll
2009-11-01 04:12 . 2009-11-01 04:12 1024 ---h--r- c:\windows\system32\NTIDBD32.dll
2009-11-01 04:10 . 2009-11-01 04:20 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2009-11-01 04:08 . 2009-11-01 04:20 -------- d-----w- c:\program files\Common Files\NewTech Infosystems
2009-11-01 04:07 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2009-11-01 04:06 . 2009-11-01 04:06 -------- d-----w- c:\program files\Elaborate Bytes
2009-10-30 05:01 . 2009-11-06 01:09 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\ApplicationHistory
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Identities
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Desktop Search
2009-10-30 04:53 . 2009-11-01 04:22 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-30 04:53 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-30 04:53 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-30 04:53 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-30 04:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-30 04:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-30 04:39 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-30 04:37 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-30 04:37 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-30 04:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-30 04:37 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-30 04:36 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-30 04:34 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-30 04:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\MSBuild
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\scripting
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\l2schemas
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\en
2009-10-28 03:01 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-28 03:01 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-28 03:01 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-28 03:01 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-28 03:01 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2009-10-28 03:01 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-10-28 03:01 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-10-28 03:01 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-28 02:30 . 2009-10-28 02:30 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-10-28 02:30 . 2009-11-01 04:20 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2009-10-28 02:29 . 2009-11-01 04:18 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2009-10-27 19:08 . 2009-10-27 19:08 -------- d-----w- c:\documents and settings\Kevin\Application Data\DivX
2009-10-26 20:42 . 2009-11-01 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-26 20:36 . 2009-10-26 20:36 -------- d-----w- c:\program files\Gtech PASS RR 2.0
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\DIFX
2009-10-26 19:33 . 2009-10-26 19:33 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-26 19:33 . 2009-10-26 19:33 125670 ----a-w- c:\windows\LogWorks3 Uninstaller.exe
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\LogWorks3
2009-10-26 19:30 . 2000-01-31 11:00 25600 ----a-w- c:\windows\system32\borlndmm.dll
2009-10-26 19:30 . 2000-01-31 11:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\program files\Haltech
2009-10-26 19:30 . 1999-03-23 15:12 299520 ----a-w- c:\windows\uninst.exe
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\documents and settings\Kevin\WINDOWS
2009-10-26 18:52 . 2009-10-26 18:53 -------- d-----w- c:\windows\ShellNew
2009-10-26 18:52 . 2009-10-26 18:52 -------- d-----w- c:\program files\Common Files\L&H
2009-10-22 00:48 . 2009-10-26 18:51 -------- d-----w- c:\documents and settings\Kevin\Application Data\ProspectorV5
2009-10-22 00:48 . 2009-10-22 00:48 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\IsolatedStorage
2009-10-22 00:47 . 2009-10-22 00:47 9062 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\UNINST_Uninstall_P_0EFD655105AD409EA61C7E7C0DD2C138.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut3_D2FF824E9001418EA3D2B3637212BA28.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut2_41A2A34BEFF14C1C9CC9CA3E462D2AD1.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\ARPPRODUCTICON.exe
2009-10-22 00:47 . 2009-10-22 00:47 -------- d-----w- c:\program files\MoxieProxy
2009-10-21 23:20 . 2009-10-21 23:20 -------- d-----w- c:\windows\Downloaded Installations
2009-10-21 23:13 . 2009-11-01 13:40 20328 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 23:12 . 2009-10-30 04:55 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-21 22:31 . 2009-10-21 22:31 -------- d-----w- c:\windows\provisioning
2009-10-21 12:57 . 2008-04-14 11:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-10-21 12:57 . 2004-08-02 19:20 4569 ------w- c:\windows\system32\secupd.dat
2009-10-21 12:23 . 2009-10-21 12:23 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\tjnet
2009-10-21 05:00 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\setup1.exe
2009-10-21 05:00 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\install1.exe
2009-10-21 04:59 . 2009-11-10 11:57 -------- d-----w- c:\documents and settings\Kevin\Application Data\mjusbsp
2009-10-21 04:58 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-21 04:58 . 2008-04-13 19:16 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2009-10-21 04:58 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-21 04:58 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2009-10-21 04:58 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-21 04:58 . 2008-04-13 18:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2009-10-21 04:49 . 2008-04-14 00:11 40960 ----a-w- c:\windows\system32\mf3216.dll
2009-10-21 04:49 . 2008-04-14 00:11 45056 ----a-w- c:\windows\system32\wbem\cmdevtgprov.dll
2009-10-21 04:49 . 2008-04-14 00:11 331264 ----a-w- c:\windows\system32\ipnathlp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 04:20 . 2009-10-21 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 03:19 . 2009-10-21 01:42 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-10-28 02:30 . 2009-10-21 02:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-21 02:02 . 2009-10-21 02:02 -------- d-----w- c:\program files\WUSB11 WLAN Monitor
2009-10-21 01:43 . 2009-10-21 01:43 -------- d-----w- c:\program files\microsoft frontpage
2009-10-21 01:33 . 2009-10-21 01:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 20:57 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-11 14:18 . 2001-08-23 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-06-23 16:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2001-08-23 15:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2009-10-21 03:10 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-10 01:14 . 2009-08-10 01:14 115200 --sha-w- c:\windows\system32\seretisa.exe
2009-03-21 14:06 . 2001-08-23 15:00 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Kevin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-21 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\office.exe
backup=c:\windows\pss\office.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\mjusbsp\\magicJack.exe"=

R2 ProQuest Product License Manager;ProQuest Product License Manager;c:\progra~1\BHPS\lic\bin\lmgrd.exe [11/2/2009 5:49 PM 630272]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
.
- - - - ORPHANS REMOVED - - - -

BHO-{d9062405-9907-4dca-83d5-3f9f44a1a8a8} - nelufuyu.dll
HKLM-Run-ropopepuk - c:\windows\system32\botapepe.dll
HKLM-Run-14653625 - c:\docume~1\ALLUSE~1\APPLIC~1\14653625\14653625.exe
HKLM-Run-senelomaka - guromome.dll
SharedTaskScheduler-{d7293f30-fa9a-43ff-bd79-db154c9e94c5} - c:\windows\system32\botapepe.dll
SSODL-mahuripub-{d7293f30-fa9a-43ff-bd79-db154c9e94c5} - c:\windows\system32\botapepe.dll
Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 15:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-10 15:56
ComboFix-quarantined-files.txt 2009-11-10 21:56

Pre-Run: 29,911,506,944 bytes free
Post-Run: 29,874,057,216 bytes free

- - End Of File - - 86299F5BEB59E0AA985282321C8F2CAE

#12 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 11 November 2009 - 09:48 AM

Hi,

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/HJT_Log_t108200.html&view=findpost&p=609870#entry609870

Collect::
c:\windows\Asofulicaken.dat
c:\windows\system32\seretisa.exe

File::
c:\windows\Gxujutih.bin

Folder::
C:\Documents and Settings\Kevin\Local Settings\Application Data\fontatmgfx

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

NEXT

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#13 oooicu812o

Authentic Member

Authentic Member
20 posts

Posted 11 November 2009 - 11:04 AM

ComboFix 09-11-09.02 - Kevin 11/11/2009 10:22.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.872 [GMT -6:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt

FILE ::
"c:\windows\Gxujutih.bin"

file zipped: c:\windows\Asofulicaken.dat
file zipped: c:\windows\system32\seretisa.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kevin\Local Settings\Application Data\fontatmgfx
c:\documents and settings\Kevin\Local Settings\Application Data\fontatmgfx\fontatmgfx.dll
c:\windows\Asofulicaken.dat
c:\windows\Gxujutih.bin
c:\windows\system32\seretisa.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\windows\Sun
2009-11-10 22:25 . 2009-11-10 22:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\program files\Java
2009-11-10 22:24 . 2009-11-10 22:24 152576 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-11-10 22:23 . 2009-11-10 22:23 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-10 12:39 . 2009-11-10 12:39 -------- d-----w- C:\$WINDOWS.~BT
2009-11-10 11:56 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\in00000\setup.exe
2009-11-10 11:56 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\ar00000\install.exe
2009-11-10 05:03 . 2009-11-10 05:03 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-11-10 01:09 . 2009-11-10 01:09 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-06 01:16 . 2009-11-06 01:16 -------- d-----w- c:\program files\MSXML 4.0
2009-11-06 01:15 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-06 01:15 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-06 01:15 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-06 01:15 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-06 01:15 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-11-06 01:15 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-06 01:15 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-11-06 01:15 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-03 01:10 . 2009-11-03 01:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-03 00:10 . 2009-11-03 00:10 128 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\fusioncache.dat
2009-11-02 23:50 . 2009-11-02 23:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-02 23:49 . 2009-11-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-11-02 23:28 . 2009-11-03 00:10 -------- d-----w- c:\program files\Common Files\BHPS
2009-11-02 23:28 . 2009-11-02 23:51 -------- d-----w- c:\program files\BHPS
2009-11-02 01:59 . 2009-11-02 02:19 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Adobe
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 04:20 . 2000-08-03 01:50 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-11-01 04:19 . 2004-12-17 21:14 13952 ------w- c:\windows\system32\drivers\UBHelper.sys
2009-11-01 04:19 . 2009-11-01 04:19 -------- d-----w- c:\program files\Common Files\LightScribe
2009-11-01 04:19 . 2006-12-14 22:53 2819584 ------w- c:\windows\system32\LS_HSI.msi
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIJCMK5.dll
2009-11-01 04:12 . 2009-11-01 04:12 1024 ---h--r- c:\windows\system32\NTIDBD32.dll
2009-11-01 04:10 . 2009-11-01 04:20 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2009-11-01 04:08 . 2009-11-01 04:20 -------- d-----w- c:\program files\Common Files\NewTech Infosystems
2009-11-01 04:07 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2009-11-01 04:06 . 2009-11-01 04:06 -------- d-----w- c:\program files\Elaborate Bytes
2009-10-30 05:01 . 2009-11-06 01:09 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\ApplicationHistory
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Identities
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Desktop Search
2009-10-30 04:53 . 2009-11-01 04:22 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-30 04:53 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-30 04:53 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-30 04:53 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-30 04:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-30 04:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-30 04:39 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-30 04:37 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-30 04:37 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-30 04:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-30 04:37 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-30 04:36 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-30 04:34 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-30 04:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\MSBuild
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\scripting
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\l2schemas
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\en
2009-10-28 03:01 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-28 03:01 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-28 03:01 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-28 03:01 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-28 03:01 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2009-10-28 03:01 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-10-28 03:01 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-10-28 03:01 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-28 02:30 . 2009-10-28 02:30 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-10-28 02:30 . 2009-11-01 04:20 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2009-10-28 02:29 . 2009-11-01 04:18 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2009-10-27 19:08 . 2009-10-27 19:08 -------- d-----w- c:\documents and settings\Kevin\Application Data\DivX
2009-10-26 20:42 . 2009-11-01 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-26 20:36 . 2009-10-26 20:36 -------- d-----w- c:\program files\Gtech PASS RR 2.0
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\DIFX
2009-10-26 19:33 . 2009-10-26 19:33 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-26 19:33 . 2009-10-26 19:33 125670 ----a-w- c:\windows\LogWorks3 Uninstaller.exe
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\LogWorks3
2009-10-26 19:30 . 2000-01-31 11:00 25600 ----a-w- c:\windows\system32\borlndmm.dll
2009-10-26 19:30 . 2000-01-31 11:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\program files\Haltech
2009-10-26 19:30 . 1999-03-23 15:12 299520 ----a-w- c:\windows\uninst.exe
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\documents and settings\Kevin\WINDOWS
2009-10-26 18:52 . 2009-10-26 18:53 -------- d-----w- c:\windows\ShellNew
2009-10-26 18:52 . 2009-10-26 18:52 -------- d-----w- c:\program files\Common Files\L&H
2009-10-22 00:48 . 2009-10-26 18:51 -------- d-----w- c:\documents and settings\Kevin\Application Data\ProspectorV5
2009-10-22 00:48 . 2009-10-22 00:48 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\IsolatedStorage
2009-10-22 00:47 . 2009-10-22 00:47 9062 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\UNINST_Uninstall_P_0EFD655105AD409EA61C7E7C0DD2C138.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut3_D2FF824E9001418EA3D2B3637212BA28.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut2_41A2A34BEFF14C1C9CC9CA3E462D2AD1.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\ARPPRODUCTICON.exe
2009-10-22 00:47 . 2009-10-22 00:47 -------- d-----w- c:\program files\MoxieProxy
2009-10-21 23:20 . 2009-10-21 23:20 -------- d-----w- c:\windows\Downloaded Installations
2009-10-21 23:13 . 2009-11-01 13:40 20328 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 23:12 . 2009-10-30 04:55 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-21 22:31 . 2009-10-21 22:31 -------- d-----w- c:\windows\provisioning
2009-10-21 12:57 . 2008-04-14 11:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-10-21 12:57 . 2004-08-02 19:20 4569 ------w- c:\windows\system32\secupd.dat
2009-10-21 12:23 . 2009-10-21 12:23 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\tjnet
2009-10-21 05:00 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\setup1.exe
2009-10-21 05:00 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\install1.exe
2009-10-21 04:59 . 2009-11-10 11:57 -------- d-----w- c:\documents and settings\Kevin\Application Data\mjusbsp
2009-10-21 04:58 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-21 04:58 . 2008-04-13 19:16 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2009-10-21 04:58 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-21 04:58 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2009-10-21 04:58 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-21 04:58 . 2008-04-13 18:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2009-10-21 04:49 . 2008-04-14 00:11 40960 ----a-w- c:\windows\system32\mf3216.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 04:20 . 2009-10-21 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 03:19 . 2009-10-21 01:42 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-10-28 02:30 . 2009-10-21 02:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-21 02:02 . 2009-10-21 02:02 -------- d-----w- c:\program files\WUSB11 WLAN Monitor
2009-10-21 01:43 . 2009-10-21 01:43 -------- d-----w- c:\program files\microsoft frontpage
2009-10-21 01:33 . 2009-10-21 01:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 20:57 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-11 14:18 . 2001-08-23 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-06-23 16:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2001-08-23 15:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2009-10-21 03:10 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-03-21 14:06 . 2001-08-23 15:00 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_21.54.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-10 22:25 . 2009-11-10 22:25 16384 c:\windows\temp\Perflib_Perfdata_5d0.dat
+ 2001-08-23 15:00 . 2009-11-11 16:09 78114 c:\windows\system32\perfc009.dat
- 2001-08-23 15:00 . 2009-11-10 11:58 78114 c:\windows\system32\perfc009.dat
+ 2009-10-26 18:54 . 2009-11-10 22:23 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2001-08-23 15:00 . 2009-11-10 11:58 462168 c:\windows\system32\perfh009.dat
+ 2001-08-23 15:00 . 2009-11-11 16:09 462168 c:\windows\system32\perfh009.dat
+ 2009-11-10 22:25 . 2009-11-10 22:25 148888 c:\windows\system32\javaws.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\javaw.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\java.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 598016 c:\windows\Installer\23a3bcb.msi
+ 2009-10-26 18:54 . 2009-11-10 22:23 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-11-10 22:23 . 2009-11-10 22:23 120592 c:\windows\Downloaded Program Files\LiveSound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Kevin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-21 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\office.exe
backup=c:\windows\pss\office.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\mjusbsp\\magicJack.exe"=

R2 ProQuest Product License Manager;ProQuest Product License Manager;c:\progra~1\BHPS\lic\bin\lmgrd.exe [11/2/2009 5:49 PM 630272]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 10:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-11 10:30
ComboFix-quarantined-files.txt 2009-11-11 16:30
ComboFix2.txt 2009-11-10 21:56

Pre-Run: 29,955,604,480 bytes free
Post-Run: 29,934,010,368 bytes free

- - End Of File - - C4568805EA9A926AB9E620550D51A4D9
Upload was successful

Malwarebytes' Anti-Malware 1.41
Database version: 3147
Windows 5.1.2600 Service Pack 3

11/11/2009 11:30:43 AM
mbam-log-2009-11-11 (11-30-43).txt

Scan type: Quick Scan
Objects scanned: 98636
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\Systemprofile\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 11, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 11, 2009 17:19:38
Records in database: 3192082
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 46953
Threats found: 6
Infected objects found: 16
Suspicious objects found: 23
Scan duration: 01:46:41

File name / Threat / Threats count
C:\Documents and Settings\Kevin\Desktop\hijackthis\backups\backup-20060811-181842-381.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.da 1
C:\Documents and Settings\Kevin\Desktop\hijackthis\backups\backup-20091019-180442-819.dll Infected: Packed.Win32.Krap.ah 1
C:\Documents and Settings\Kevin\Desktop\hijackthis\backups\backup-20091109-225710-411.dll Infected: Packed.Win32.Krap.ah 1
C:\Documents and Settings\Kevin\Desktop\hijackthis\backups\backup-20091109-230317-268.dll Infected: Packed.Win32.Krap.ah 1
C:\Documents and Settings\Kevin\Desktop\hijackthis\backups\backup-20091109-230416-355.dll Infected: Packed.Win32.Krap.ah 1
C:\Documents and Settings\Kevin\Desktop\hijackthis\backups\backup-20091109-230538-850.dll Infected: Packed.Win32.Krap.ah 1
C:\System Volume Information\_restore{67C761C7-85F7-41BD-A1A5-9B08077F72BE}\RP1\A0000011.exe Infected: Trojan.Win32.Sasfis.udp 1
C:\System Volume Information\_restore{67C761C7-85F7-41BD-A1A5-9B08077F72BE}\RP1\A0000012.exe Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{67C761C7-85F7-41BD-A1A5-9B08077F72BE}\RP1\A0000013.exe Infected: Packed.Win32.Krap.ah 1
E:\New Folder\hijackthis\backups\backup-20060811-181842-381.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.da 1
E:\New Folder\hijackthis\backups\backup-20091019-180442-819.dll Infected: Packed.Win32.Krap.ah 1
E:\New Folder\hijackthis\backups\backup-20091109-225710-411.dll Infected: Packed.Win32.Krap.ah 1
E:\New Folder\hijackthis\backups\backup-20091109-230317-268.dll Infected: Packed.Win32.Krap.ah 1
E:\New Folder\hijackthis\backups\backup-20091109-230416-355.dll Infected: Packed.Win32.Krap.ah 1
E:\New Folder\hijackthis\backups\backup-20091109-230538-850.dll Infected: Packed.Win32.Krap.ah 1
J:\m.exe Infected: Trojan.Win32.Qhost.aru 1

Selected area has been scanned.

Edited by oooicu812o, 11 November 2009 - 04:39 PM.

#14 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 11 November 2009 - 05:35 PM

Hi,

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "J:\m.exe"

NEXT

Open HJT > select > "View the list of backups" on the main menu

select the "Delete All" option

> OK

close Hijack this.

NEXT

Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#15 oooicu812o

Authentic Member

Authentic Member
20 posts

Posted 11 November 2009 - 08:33 PM

Every things seems to be working fine. DDS (Ver_09-10-26.01) - NTFSx86 Run by Kevin at 20:31:42.89 on Wed 11/11/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.830 [GMT -6:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\BHPS\lic\bin\lmgrd.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\BHPS\lic\bin\bhepcls.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Kevin\Application Data\mjusbsp\magicJack.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Kevin\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore BHO: {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [cdloader] "c:\documents and settings\kevin\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [calc] rundll32.exe c:\windows\system32\config\system~1\ntuser.dll,_IWMPEvents@0 uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe uRun: [A00F44A73.exe] c:\docume~1\kevin\locals~1\temp\_A00F44A73.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\kevin\desktop\hijackthis\new folder\new folder\1\mbam.exe" /runcleanupscript IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast/lib/LiveSound.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ============= SERVICES / DRIVERS =============== R2 ProQuest Product License Manager;ProQuest Product License Manager;c:\progra~1\bhps\lic\bin\lmgrd.exe [2009-11-2 630272] =============== Created Last 30 ================ 2009-11-10 22:25:36 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-11-10 22:25:36 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-11-10 22:23:56 0 d-----w- c:\program files\Microsoft ActiveSync 2009-11-10 12:39:53 0 d-----w- C:\$WINDOWS.~BT 2009-11-10 12:34:04 1908 ----a-w- c:\windows\diagwrn.xml 2009-11-10 12:34:04 1908 ----a-w- c:\windows\diagerr.xml 2009-11-10 11:49:09 0 d-sha-r- C:\cmdcons 2009-11-10 11:45:14 98816 ----a-w- c:\windows\sed.exe 2009-11-10 11:45:14 77312 ----a-w- c:\windows\MBR.exe 2009-11-10 11:45:14 267264 ----a-w- c:\windows\PEV.exe 2009-11-10 11:45:14 161792 ----a-w- c:\windows\SWREG.exe 2009-11-10 05:03:51 0 d-----w- c:\docume~1\kevin\applic~1\Windows Search 2009-11-10 04:42:11 1744 ---ha-w- c:\windows\system32\rehuwido 2009-11-10 03:14:04 656 ----a-w- c:\windows\wininit.ini 2009-11-10 01:09:27 826 ----a-w- c:\windows\system32\wininit.dll 2009-11-06 01:16:25 0 d-----w- c:\program files\MSXML 4.0 2009-11-06 01:15:17 991232 -c----w- c:\windows\system32\dllcache\ieframe.dll.mui 2009-11-06 01:15:17 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-11-06 01:15:17 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-11-06 01:15:17 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-11-06 01:15:17 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-11-06 01:15:17 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-11-06 01:15:17 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-11-06 01:15:17 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-11-06 01:15:17 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-11-02 23:50:12 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-11-02 23:28:19 0 d-----w- c:\program files\common files\BHPS 2009-11-02 23:28:05 0 d-----w- c:\program files\BHPS 2009-11-02 01:59:22 20328 ----a-w- c:\docume~1\kevin\applic~1\GDIPFONTCACHEV1.DAT 2009-11-01 23:04:20 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-01 23:04:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-11-01 04:20:56 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL 2009-11-01 04:20:27 320 ----a-w- c:\windows\setup.iss 2009-11-01 04:19:49 13952 ------w- c:\windows\system32\drivers\UBHelper.sys 2009-11-01 04:19:43 2819584 ------w- c:\windows\system32\LS_HSI.msi 2009-11-01 04:18:41 1024 ---h--r- c:\windows\system32\NTIMP3.dll 2009-11-01 04:18:41 1024 ---h--r- c:\windows\system32\NTIJCMK5.dll 2009-11-01 04:12:10 1024 ---h--r- c:\windows\system32\NTIDBD32.dll 2009-11-01 04:10:01 1024 ---h--r- c:\windows\system32\NTIBUN4.dll 2009-11-01 04:08:19 0 d-----w- c:\program files\common files\NewTech Infosystems 2009-11-01 04:07:45 1024 ---h--r- c:\windows\system32\NTIFCD3.dll 2009-11-01 04:06:14 0 d-----w- c:\program files\Elaborate Bytes 2009-11-01 03:57:11 140288 ----a-w- c:\windows\system32\comdlg32.ocx 2009-10-30 04:53:44 0 d-----w- c:\docume~1\kevin\applic~1\Windows Desktop Search 2009-10-30 04:53:16 0 d-----w- c:\windows\system32\GroupPolicy 2009-10-30 04:53:16 0 d-----w- c:\program files\Windows Desktop Search 2009-10-30 04:53:00 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2009-10-30 04:53:00 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll 2009-10-30 04:53:00 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll 2009-10-30 04:48:17 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-10-30 04:45:34 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-30 04:45:08 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx 2009-10-30 04:39:27 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat 2009-10-30 04:39:19 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-10-30 04:37:49 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-30 04:37:28 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-10-30 04:37:19 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-10-30 04:37:06 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-10-30 04:36:23 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-10-30 04:34:54 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-30 04:34:47 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-10-30 01:38:39 0 d-----w- c:\docume~1\kevin\applic~1\Malwarebytes 2009-10-30 01:38:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-30 01:38:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-30 01:38:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-28 04:50:27 0 d-----w- c:\windows\system32\XPSViewer 2009-10-28 04:49:19 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-10-28 04:49:19 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-10-28 04:49:19 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-10-28 04:49:19 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-10-28 04:49:19 117760 ------w- c:\windows\system32\prntvpt.dll 2009-10-28 04:49:18 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-10-28 04:49:18 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-10-28 03:15:10 0 d-----w- c:\windows\system32\scripting 2009-10-28 03:15:10 0 d-----w- c:\windows\l2schemas 2009-10-28 03:15:09 0 d-----w- c:\windows\system32\en 2009-10-28 03:10:21 0 d-----w- c:\windows\network diagnostic 2009-10-28 03:01:23 276992 ------w- c:\windows\system32\wmphoto.dll 2009-10-28 03:01:22 69120 ------w- c:\windows\system32\wlanapi.dll 2009-10-28 03:01:20 712704 ------w- c:\windows\system32\windowscodecs.dll 2009-10-28 03:01:20 346112 ------w- c:\windows\system32\windowscodecsext.dll 2009-10-28 03:01:12 53248 ------w- c:\windows\system32\tsgqec.dll 2009-10-28 03:01:12 50688 ------w- c:\windows\system32\tspkg.dll 2009-10-28 03:01:03 32768 ------w- c:\windows\system32\setupn.exe 2009-10-28 03:01:03 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2009-10-28 02:30:24 0 d-----w- c:\program files\common files\muvee Technologies 2009-10-28 02:30:19 226816 ------w- c:\windows\system32\htvcdsvcd.ax 2009-10-28 02:30:03 0 d-----w- c:\program files\NewTech Infosystems 2009-10-28 02:29:31 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll 2009-10-28 02:29:31 1024 ---h--r- c:\windows\system32\NTICDMK7.dll 2009-10-28 02:29:26 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys 2009-10-26 20:36:56 0 d-----w- c:\program files\Gtech PASS RR 2.0 2009-10-26 19:33:29 125670 ----a-w- c:\windows\LogWorks3 Uninstaller.exe 2009-10-26 19:33:27 0 d-----w- c:\program files\LogWorks3 2009-10-26 19:30:47 25600 ----a-w- c:\windows\system32\borlndmm.dll 2009-10-26 19:30:47 248832 ----a-w- c:\windows\system32\VCLX50.BPL 2009-10-26 19:30:47 2023424 ----a-w- c:\windows\system32\VCL50.BPL 2009-10-26 19:30:47 1496064 ----a-w- c:\windows\system32\cc3250mt.dll 2009-10-26 19:30:47 147456 ----a-w- c:\windows\system32\BCBSMP50.BPL 2009-10-26 19:30:46 0 d-----w- c:\program files\Haltech 2009-10-26 19:30:32 299520 ----a-w- c:\windows\uninst.exe 2009-10-26 19:30:31 0 d-----w- c:\documents and settings\kevin\WINDOWS 2009-10-26 18:52:25 0 d-----w- c:\windows\ShellNew 2009-10-26 18:52:23 0 d-----w- c:\program files\common files\L&H 2009-10-22 01:12:26 376 ----a-w- c:\windows\ODBC.INI 2009-10-22 00:48:26 0 d-----w- c:\docume~1\kevin\applic~1\ProspectorV5 2009-10-22 00:47:17 0 d-----w- c:\program files\MoxieProxy 2009-10-21 23:20:26 0 d-----w- c:\windows\Downloaded Installations 2009-10-21 23:12:21 0 d-----w- c:\windows\system32\wbem\AutoRecover 2009-10-21 22:31:57 0 d-----w- c:\windows\provisioning 2009-10-21 12:57:52 7208 ------w- c:\windows\system32\secupd.sig 2009-10-21 12:57:52 4569 ------w- c:\windows\system32\secupd.dat 2009-10-21 12:57:52 11264 ------w- c:\windows\system32\spnpinst.exe 2009-10-21 04:59:11 0 d-----w- c:\docume~1\kevin\applic~1\mjusbsp 2009-10-21 04:58:55 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-10-21 04:58:55 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys 2009-10-21 04:58:55 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-10-21 04:58:55 141056 ----a-w- c:\windows\system32\drivers\ks.sys 2009-10-21 04:58:55 129536 ----a-w- c:\windows\system32\ksproxy.ax 2009-10-21 04:58:54 49408 ----a-w- c:\windows\system32\drivers\stream.sys 2009-10-21 04:58:54 146048 ----a-w- c:\windows\system32\drivers\portcls.sys 2009-10-21 04:53:14 316640 ----a-w- c:\windows\WMSysPr9.prx 2009-10-21 04:49:33 45056 ----a-w- c:\windows\system32\wbem\cmdevtgprov.dll 2009-10-21 04:49:33 40960 ----a-w- c:\windows\system32\mf3216.dll 2009-10-21 04:49:32 614912 ----a-w- c:\windows\system32\h323msp.dll 2009-10-21 04:49:32 331264 ----a-w- c:\windows\system32\ipnathlp.dll 2009-10-21 04:49:32 265728 ----a-w- c:\windows\system32\h323.tsp 2009-10-21 04:43:19 0 d-----w- c:\windows\nview 2009-10-21 04:41:46 33792 ------w- c:\windows\system32\msgsvc.dll 2009-10-21 04:39:12 26112 ----a-w- c:\windows\system32\xpsp1hfm.exe 2009-10-21 04:38:07 0 d-----w- c:\windows\PeerNet 2009-10-21 04:37:32 0 d-----w- c:\windows\RegisteredPackages 2009-10-21 04:35:37 0 d-----w- c:\windows\system32\URTTemp 2009-10-21 04:35:26 384512 ----a-w- c:\windows\system32\mp4sdmod.dll 2009-10-21 04:35:26 310272 ----a-w- c:\windows\system32\mp43dmod.dll 2009-10-21 04:35:26 240640 ----a-w- c:\windows\system32\mpg4dmod.dll 2009-10-21 04:22:29 1082368 ----a-w- c:\windows\system32\esent.dll 2009-10-21 04:12:06 274944 ----a-w- c:\windows\system32\mstask.dll 2009-10-21 04:12:06 192512 ------w- c:\windows\system32\schedsvc.dll 2009-10-21 04:12:06 12288 ----a-w- c:\windows\system32\mstinit.exe 2009-10-21 03:56:48 0 d-----w- c:\windows\system32\PreInstall 2009-10-21 03:56:46 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-10-21 03:56:45 0 d--h--w- c:\windows\$hf_mig$ 2009-10-21 03:45:58 0 d-----w- c:\program files\CARSOFT 2009-10-21 03:45:51 306688 ----a-w- c:\windows\IsUninst.exe 2009-10-21 03:45:49 0 d-----w- C:\cm75f 2009-10-21 03:32:26 0 d-----w- c:\program files\DivX 2009-10-21 03:32:22 0 d-----w- c:\program files\common files\DivX Shared 2009-10-21 03:29:02 0 d-----w- c:\docume~1\kevin\applic~1\BitTorrent 2009-10-21 03:28:44 0 d-----w- c:\program files\BitTorrent 2009-10-21 03:13:38 0 d-----w- c:\program files\common files\xing shared 2009-10-21 03:13:27 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-21 03:13:27 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-21 03:13:26 0 d-----w- c:\program files\common files\Real 2009-10-21 03:12:14 102912 ----a-w- c:\windows\system32\dpcdll.dll 2009-10-21 03:10:59 283648 ----a-w- c:\windows\winhlp32.exe 2009-10-21 03:05:40 0 d-----w- c:\windows\Cache 2009-10-21 02:47:18 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2009-10-21 02:47:18 0 d-----w- c:\windows\system32\SoftwareDistribution 2009-10-21 02:41:28 0 d-----w- c:\windows\system32\bits 2009-10-21 02:41:09 8192 ------w- c:\windows\system32\bitsprx2.dll 2009-10-21 02:41:09 7168 ------w- c:\windows\system32\bitsprx3.dll 2009-10-21 02:41:09 354304 ----a-w- c:\windows\system32\winhttp.dll 2009-10-21 02:41:09 18944 ----a-w- c:\windows\system32\qmgrprxy.dll 2009-10-21 02:40:20 217816 ----a-w- c:\windows\system32\wuaucpl.cpl 2009-10-21 02:40:20 21728 ----a-w- c:\windows\system32\wucltui.dll.mui 2009-10-21 02:40:20 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui 2009-10-21 02:40:20 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2009-10-21 02:39:45 0 d-sh--w- c:\documents and settings\kevin\UserData 2009-10-21 02:08:04 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-10-21 02:08:03 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-10-21 02:08:02 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2009-10-21 02:08:01 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-10-21 02:08:00 142592 ------w- c:\windows\system32\drivers\aec.sys 2009-10-21 02:07:59 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2009-10-21 02:07:58 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2009-10-21 02:07:57 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2009-10-21 02:03:33 0 d-s---w- c:\windows\system32\Microsoft 2009-10-21 02:02:10 107648 ----a-w- c:\windows\system32\drivers\vnetusbl.sys 2009-10-21 02:02:09 72704 ----a-w- c:\windows\system32\drivers\NETUSBXP.SYS 2009-10-21 02:02:09 70016 ----a-w- c:\windows\system32\drivers\NETUSB.SYS 2009-10-21 02:02:09 69376 ----a-w- c:\windows\system32\drivers\vnetusbxp.sys 2009-10-21 02:02:09 66816 ----a-w- c:\windows\system32\drivers\VNETUSBA.SYS 2009-10-21 02:02:09 49936 ----a-w- c:\windows\system32\drivers\PRISM9x.SYS 2009-10-21 02:02:09 49752 ----a-w- c:\windows\system32\drivers\PRISMXP.SYS 2009-10-21 02:02:09 40960 ----a-w- c:\windows\system32\IsUser11b.dll 2009-10-21 02:02:09 122112 ----a-w- c:\windows\system32\drivers\vnet58lx.sys 2009-10-21 02:02:09 122112 ----a-w- c:\windows\system32\drivers\vnet58l.sys 2009-10-21 02:02:09 107648 ----a-w- c:\windows\system32\drivers\vnetu9xl.sys 2009-10-21 02:02:09 0 d-----w- c:\program files\WUSB11 WLAN Monitor 2009-10-21 01:42:17 0 d-sh--w- c:\documents and settings\all users\DRM 2009-10-21 01:34:20 0 d-----w- c:\program files\common files\MSSoap 2009-10-21 01:33:31 0 d--h--w- c:\program files\WindowsUpdate 2009-10-21 01:33:26 0 d-----w- c:\program files\Messenger 2009-10-21 01:33:18 0 d-----w- c:\program files\MSN Gaming Zone 2009-10-21 01:33:10 0 d-----w- c:\program files\Windows NT 2009-10-20 20:27:14 0 d-----r- c:\documents and settings\all users\Documents 2009-10-20 20:18:39 0 d-----w- c:\program files\common files\ODBC 2009-10-20 20:18:37 0 d-----w- c:\program files\common files\SpeechEngines ==================== Find3M ==================== 2009-10-21 01:33:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-10-08 20:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2009-10-08 20:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 20:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36:24 78336 ------w- c:\windows\system32\ieencode.dll 2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll ============= FINISH: 20:32:33.32 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/20/2009 8:44:50 PM System Uptime: 11/11/2009 11:32:54 AM (9 hours ago) Motherboard: Dell Computer Corp. | | 0M2035 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 37 GiB total, 27.722 GiB free. D: is FIXED (NTFS) - 233 GiB total, 111.855 GiB free. E: is FIXED (NTFS) - 149 GiB total, 57.025 GiB free. F: is CDROM () G: is CDROM () H: is CDROM () I: is CDROM (CDFS) J: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01571028&REV_02\3&172E68DD&0&EF Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01571028&REV_02\3&172E68DD&0&EF Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Input Device Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&1C660DD6&0&11F0 Manufacturer: Name: PCI Input Device PNP Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&1C660DD6&0&11F0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Audio Controller Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01571028&REV_02\3&172E68DD&0&FD Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01571028&REV_02\3&172E68DD&0&FD Service: ==== System Restore Points =================== RP1: 11/10/2009 3:48:05 PM - System Checkpoint RP2: 11/10/2009 4:25:10 PM - Installed Java™ 6 Update 12 RP3: 11/11/2009 5:22:42 PM - System Checkpoint ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Reader 8.1.3 AutoUpdate BCM V.92 56K Modem BitTorrent CARSOFT BMW V6.5 Chrysler PAIS DVD International EPC 3.3.0 DivX Codec DivX Version Checker Gtech PASS RR 2.0 HalwinX V1.26 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Instant Wireless USB Adapter Intel® PRO Network Connections Drivers Java™ 6 Update 12 LightScribe 1.4.136.1 LogWorks3 Malwarebytes' Anti-Malware Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft Visual J# 2.0 Redistributable Package MSXML 4.0 SP2 (KB954430) NTI Backup NOW! 4.7 NTI CD & DVD-Maker NTI CD & DVD-Maker 7 Titanium NTI CD & DVD-Maker Platinum Trial NVIDIA Windows 2000/XP Display Drivers Proquest Private JRE 1.4.2 ProQuest Product Licenser ProQuestPalmDependsMSI Prospector RealPlayer Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Spybot - Search & Destroy Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Windows (KB971513) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Update for Windows XP (KB976749) VC80CRTRedist - 8.0.50727.4053 VirtualCloneDrive WebFldrs XP Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows PowerShell™ 1.0 Windows PowerShell™ 1.0 MUI pack Windows Search 4.0 Windows XP Service Pack 3 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 11/9/2009 10:45:24 PM, error: Dhcp [1002] - The IP address lease 192.168.2.181 for the Network Card with network address 000C41597A5D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 11/8/2009 11:55:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. 11/6/2009 5:29:18 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 000C41597A5D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 11/6/2009 2:52:36 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000C41597A5D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 11/5/2009 8:25:15 PM, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 000C41597A5D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). ==== End Of File ===========================

Edited by oooicu812o, 11 November 2009 - 08:48 PM.

Body Background

skin color theme