Malware Defense Removal

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Malware Defense Removal22nd January 2010, 6:30 am

Hi there,
I've tried Spydoctor, Malbytes, Zilla something, Pareto, and a couple others. They won't even run. In safe mode, my keyboard refuses to work. I'm getting tons of shit popping up, all since
malware defense showed up today. I'm at my wits end!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:32 AM, on 22/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\extrac64_cab.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\winhlp64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\Installer.exe
C:\Documents and Settings\Wayne Noble\My Documents\Downloads\HJTInstall.exe
C:\Documents and Settings\Wayne Noble\My Documents\Downloads\HJTInstall.exe
C:\Documents and Settings\Wayne Noble\My Documents\Downloads\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: searchersmart search enhancer - {94082E2E-49C0-C862-8BCC-8E49D550DF45} - C:\WINDOWS\system32\bcnxmsgqqbuefv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\extrac64_cab.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg SchedulerV2.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg SchedulerV2.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200698036687
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Downloads/updates/MapCreate/MapCreate620/isetup.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8F40B61-B4B5-4A75-A39C-E26A7929A67E}: NameServer = 10.4.40.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Helodrmkipbd - Google - (no file)
O23 - Service: Helodrmkipbd - Google - (no file)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

--
End of file - 14253 bytes

I'm hoping I'm doing this correctly. Please help!!

Re: Malware Defense Removal22nd January 2010, 10:29 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
O2 - BHO: searchersmart search enhancer - {94082E2E-49C0-C862-8BCC-8E49D550DF45} - C:\WINDOWS\system32\bcnxmsgqqbuefv.dll (file missing)
O4 - HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\extrac64_cab.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O23 - Service: Helodrmkipbd - Google - (no file)
O23 - Service: Helodrmkipbd - Google - (no file)
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Malware Defense Removal DXwU4

Re: Malware Defense Removal22nd January 2010, 11:53 pm

My computer refuses to open the Malwarebytes exe file. It thinks for a momment, then nothing happens??

Re: Malware Defense Removal23rd January 2010, 1:41 am

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Malware Defense Removal23rd January 2010, 2:08 am

ComboFix is not working. In fact now there's something else on my computer,
Anti Virus plus, and everything is totally f*** up....
I tried to find combofix other places, but it generally blocked me at every turn.
I'm very confused, and angry, and AHHHHHHH!

Re: Malware Defense Removal23rd January 2010, 11:00 pm

Try this instead.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: Malware Defense Removal24th January 2010, 12:59 am

It won't let me access that either. I think I'm f***.
Is there any way to prevent the virus from preventing me?
It says it can't find it or it redirects me to something totally useless.

Re: Malware Defense Removal24th January 2010, 1:11 am

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then try downloading OTL in Safe Mode.

Re: Malware Defense Removal24th January 2010, 3:22 am

Okay, So I downloaded a Zip file, not from your source, beacuse I couldn't make it work.
I opened it in Winzip and there's a million files, mostly HTMLs but no exe.
I take it this might not be right.
Do you have another source for OTL.exe?

Re: Malware Defense Removal24th January 2010, 3:24 am

By the way, I should say that you guys rock.
I can't tell you how appreciative I am.
If this works, and you guys happen to live in Montreal, I'm buying you beers.

Re: Malware Defense Removal24th January 2010, 5:49 pm

Will Combofix work in Safe Mode? did you try that?

Re: Malware Defense Removal24th January 2010, 8:55 pm

It says it can't open the file, the file is infected, and asks me to activate my anitivirus software.
Do I need to deactivate something first? Unfortunately the link you put up to deactivate my AV doesn't work. It's blocked.

Re: Malware Defense Removal24th January 2010, 11:46 pm

Please download Ice Sword from HERE

Download the zip to your desktop and extract it.
Open the Ice Sword folder and then launch IceSword.exe.
Will IceSword open?

Re: Malware Defense Removal25th January 2010, 5:13 pm

I downloaded it, it won't open: error code 1073741762

Re: Malware Defense Removal25th January 2010, 9:30 pm

Please rename OTL to winlogon and see if it will run.

Re: Malware Defense Removal25th January 2010, 9:59 pm

OTL didn't run, couldn't download it. But now I'm out of safe mode, it SEEMS like ice sword is working.
IF it is, what should I do?

Re: Malware Defense Removal25th January 2010, 10:14 pm

Hello.

Now, on the left hand side tool, hit the Process button at the top of the list.
Just above the list, there is a log button, press that and save the log to your Desktop.
Next, hit the Startup on the left side list.
Press the log button again.
Post the two logs in your next reply.

Re: Malware Defense Removal25th January 2010, 10:53 pm

Process:

System Idle Process
System
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\smss.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\SYSTEM32\smss32.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en\IceSword.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\umonit.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\smss.exe
C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
C:\Program Files\WinZip\WZQKPICK.EXE
and then.....
Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DwlClient
c:\Program Files\Common Files\Dell\EUSW\Support.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdateManager
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCMService
"C:\Program Files\Dell\Media Experience\PCMService.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Omnipage
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelMeM
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HotKeysCmds
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DVDSentry
C:\WINDOWS\System32\DSentry.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
dla
C:\WINDOWS\system32\dla\tfswctrl.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UMonit
C:\WINDOWS\system32\umonit.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
osCheck
"C:\Program Files\Norton Internet Security\osCheck.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AppleSyncNotifier
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LifeCam
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
VX3000
C:\WINDOWS\vVX3000.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISTray
"C:\Program Files\Spyware Doctor\pctsTray.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ParetoLogic Anti-Virus PLUS
"C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
net
"C:\WINDOWS\system32\net.net"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AntiVirus Plus
"C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Administrator.DBQMM051\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
smss32.exe
C:\WINDOWS\system32\smss32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Eyale
rundll32.exe "C:\WINDOWS\enokawasaxoveseb.dll",Startup

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
updateMgr
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AntiVirus Plus
"C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Administrator.DBQMM051\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
asg984jgkfmgasi8ug98jgkfgfb
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\smss.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AntiVirus Plus.lnk
C:\WINDOWS\SYSTEM32\rundll32.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Corel MEDIA FOLDERS INDEXER 8.LNK
C:\Corel\Graphics8\Programs\MFIndexer.exe (Remark£ºCorel MEDIA FOLDERS INDEXER 8)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DESKTOP.INI

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EPSON Status Monitor 3 Environment Check 2.lnk
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk
C:\Program Files\WinZip\WZQKPICK.EXE (Remark£ºWinZip Quick Pick)

C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup
AntiVirus Plus.lnk
C:\WINDOWS\SYSTEM32\rundll32.exe (Remark£º)

C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup
DESKTOP.INI

C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup
Picture Motion Browser Media Check Tool.lnk
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Remark£ºPicture Motion Browser Media Check Tool)

C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup
PowerReg SchedulerV2.exe

Re: Malware Defense Removal29th January 2010, 11:52 pm

Hey there,
just wondering if you've had time to look this stuff over?
What should I do next?

Re: Malware Defense Removal30th January 2010, 6:03 pm

Hello.

In IceSword, press the Registry button on the bottom left of the program.
Drag the middle bar further to the right so you can see the paths.
Follow this path to the Run key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Left click once on the Run key, then in the right side pane, find the run following run values:

net
AntiVirus Plus
smss32.exe
Eyale
Right click each one, hit delete.
Now follow the path for the next Run key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Left click once on the Run key, then in the right side pane, find the run following run values:

AntiVirus Plus
asg984jgkfmgasi8ug98jgkfgfb
Delete the same exact named run values as before.
Now reboot normally, can you run MBAM now?

Re: Malware Defense Removal30th January 2010, 11:57 pm

I still can't run it, it freezes during the instalation, right when it says "extracting files"
Also, when I try to go into task manager or regedit, it says it has been disabled by the administrator. How do I fix that?

Re: Malware Defense Removal31st January 2010, 2:09 am

Can you try OTL for me please?
http://www.GeekPolice.net/virus-spyware-malware-removal-f11/malware-defense-removal-t18480.htm#117843

Re: Malware Defense Removal31st January 2010, 6:03 pm

OTL file
OTL logfile created on: 31/01/2010 12:57:57 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Wayne Noble\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 9.65 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBQMM051
Current User Name: Wayne Noble
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
PRC - [2010/01/22 20:34:39 | 000,147,456 | -HS- | M] (HellFire) -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe
PRC - [2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\SYSTEM32\smss32.exe
PRC - [2010/01/08 19:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/12/11 14:00:44 | 013,006,104 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/08/06 10:44:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
PRC - [2005/11/14 08:05:05 | 000,083,456 | R--- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe
PRC - [2005/10/19 07:59:12 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2004/12/17 08:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2004/01/05 08:59:06 | 000,053,248 | ---- | M] (General) -- C:\WINDOWS\SYSTEM32\umonit.exe
PRC - [2003/10/07 16:21:10 | 000,294,912 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/09/26 00:04:00 | 000,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2003/09/03 20:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/26 19:47:34 | 000,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2003/08/13 10:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/06/03 10:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

========== Modules (SafeList) ==========

MOD - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
MOD - [2007/03/08 10:36:28 | 000,140,800 | ---- | M] () -- C:\WINDOWS\enokawasaxoveseb.dll
MOD - [2007/03/08 10:36:28 | 000,037,376 | ---- | M] () -- C:\WINDOWS\kbet70A.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/06/03 10:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Savradm)
SRV - File not found [On_Demand | Stopped] -- -- (Helodrmkipbd)
SRV - [2010/01/17 05:27:20 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/01/08 19:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) [Auto | Running] -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe -- (ZeppelinService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc)
SRV - [2005/01/03 19:22:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [2000/05/24 14:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ATMsrvc.exe -- (ATMsrvc)

========== Driver Services (SafeList) ==========

DRV - [2009/11/12 16:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\taphss.sys -- (taphss)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vx3000.sys -- (VX3000)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eraserutilrebootdrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\navex15.sys -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\naveng.sys -- (NAVENG)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\symidsco.sys -- (SYMIDSCO)
DRV - [2009/01/09 13:01:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symevent.sys -- (SymEvent)
DRV - [2008/09/15 19:14:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\coh_mon.sys -- (COH_Mon)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\co_mon.sys -- (CO_Mon)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys -- (grmnusb)
DRV - [2006/08/31 12:03:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/10/19 07:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 02:09:58 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mstape.sys -- (MSTAPE)
DRV - [2004/08/04 02:09:58 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 01:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2004/08/04 01:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2004/08/04 01:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/01/05 09:23:16 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fixustor.sys -- (fixustor)
DRV - [2003/11/18 11:38:32 | 000,591,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/09/26 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/09/26 00:04:00 | 000,098,164 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/09/26 00:04:00 | 000,083,572 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/09/26 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/09/26 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/09/26 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/09/26 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/09/26 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/09/26 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/09/19 02:21:00 | 000,084,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/08/11 09:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 10:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/04/15 10:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/08 00:18:49 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Wayne Noble\Local Settings\Temp\ddxgb.sys -- (ddxgb)
DRV - [2002/08/29 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2002/01/24 10:23:40 | 000,013,545 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Stltrk2k.sys -- (Stltrk2k)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\modemcsa.sys -- (MODEMCSA)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvu1.sys -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {4a4f15aa-8569-f02e-7cb6-b10fe045b81c}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {47D99070-1169-4A6B-AA14-DB1810417EF5}:1.9.1
FF - prefs.js..extensions.enabledItems: {3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}:1.9.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{47D99070-1169-4A6B-AA14-DB1810417EF5}: C:\Documents and Settings\Administrator.DBQMM051\Local Settings\Application Data\{47D99070-1169-4A6B-AA14-DB1810417EF5} [2010/01/22 20:09:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} [2010/01/22 20:32:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 03:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 04:19:11 | 000,000,000 | ---D | M]

[2008/12/10 10:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Extensions
[2010/01/22 21:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\extensions
[2009/07/01 14:20:48 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\searchplugins\conduit.xml
[2010/01/30 23:47:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/22 20:06:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{4a4f15aa-8569-f02e-7cb6-b10fe045b81c}
[2010/01/22 20:06:09 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2009/12/05 19:27:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/05 19:27:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/05 19:27:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/05 19:27:10 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\system32\k8efzgigz.dll) - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\SYSTEM32\k8efzgigz.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [Eyale] C:\WINDOWS\enokawasaxoveseb.DLL ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (UiRXgyfcN)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\SYSTEM32\umonit.exe (General)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe (HellFire)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/activedata/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200698036687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.lowrance.com/Downloads/updates/MapCreate/MapCreate620/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/24/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\SYSTEM32\winlogon32.exe (UiRXgyfcN)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\SYSTEM32\k8efzgigz.dll ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/31 00:02:52 | 000,110,953 | ---- | M] () - C:\autoexec.exe -- [ NTFS ]
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell - "" = AutoRun
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

Re: Malware Defense Removal31st January 2010, 6:03 pm

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 00:24:11 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 22:06:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\PrivacIE
[2010/01/30 22:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\IETldCache
[2010/01/30 21:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/30 21:54:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/30 18:51:50 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 14:51:40 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/01/25 12:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en
[2010/01/22 21:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Desktop\ComboFixT
[2010/01/22 20:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc
[2010/01/22 20:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}
[2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\kkalf.exe
[2010/01/22 19:54:02 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/01/22 19:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 00:08:13 | 000,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/22 00:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Downloaded Installations
[2010/01/21 23:20:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/21 23:01:03 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/21 23:01:03 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/21 23:00:57 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Application Data\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/21 23:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/21 22:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 21:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/20 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/13 03:33:43 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/21 16:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Hotspot_Shield
[2008/07/10 05:59:27 | 000,642,540 | ---- | C] (Xvid team ) -- C:\Program Files\Xvid-1.1.3-27042008.exe
[2007/12/20 15:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/28 07:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2004/09/12 13:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 12:54:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/01/31 12:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2010/01/31 12:41:03 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/31 12:40:00 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/01/31 12:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2010/01/31 12:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2010/01/31 11:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2010/01/31 11:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2010/01/31 11:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2010/01/31 10:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2010/01/31 10:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2010/01/31 10:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2010/01/31 09:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2010/01/31 09:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010/01/31 09:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010/01/31 08:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010/01/31 08:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010/01/31 08:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010/01/31 07:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010/01/31 07:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010/01/31 07:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010/01/31 06:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010/01/31 06:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010/01/31 06:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010/01/31 05:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/01/31 05:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/01/31 05:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/01/31 04:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/01/31 04:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/31 04:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/01/31 03:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/31 03:34:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/31 03:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/31 03:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/31 02:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/31 02:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/31 02:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/31 01:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/31 01:31:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/31 01:11:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/31 00:51:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/31 00:33:06 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/31 00:31:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/31 00:10:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/31 00:02:52 | 000,110,953 | ---- | M] () -- C:\autoexec.exe
[2010/01/30 23:50:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/30 23:49:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 23:30:43 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/30 23:30:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/30 23:29:30 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/30 23:29:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/30 23:29:13 | 000,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/30 23:28:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/30 23:28:16 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/30 23:14:46 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\ntuser.dat
[2010/01/30 22:03:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Wayne Noble\NTUSER.INI
[2010/01/30 21:58:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 21:07:37 | 000,000,648 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/30 21:07:37 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/30 20:51:15 | 000,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/01/30 20:47:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/30 19:20:34 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 18:51:51 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 18:30:33 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/30 18:30:32 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/30 16:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/30 14:51:41 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/01/30 12:52:04 | 000,004,286 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/30 12:52:04 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk
[2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/30 12:51:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/01/29 19:15:13 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\O9I033SIX1.dat
[2010/01/29 18:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19589.exe
[2010/01/29 18:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15281.exe
[2010/01/29 18:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14798.exe
[2010/01/29 17:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19796.exe
[2010/01/29 17:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20580.exe
[2010/01/29 17:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6618.exe
[2010/01/29 16:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13458.exe
[2010/01/29 16:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25200.exe
[2010/01/29 16:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7448.exe
[2010/01/29 15:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9503.exe
[2010/01/29 15:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29314.exe
[2010/01/29 15:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1587.exe
[2010/01/29 14:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30523.exe
[2010/01/29 14:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14343.exe
[2010/01/29 14:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3093.exe
[2010/01/29 13:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20485.exe
[2010/01/29 13:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3195.exe
[2010/01/29 13:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32702.exe
[2010/01/29 12:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14989.exe
[2010/01/29 12:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32609.exe
[2010/01/29 12:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5844.exe
[2010/01/29 11:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11008.exe
[2010/01/29 11:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6224.exe
[2010/01/29 11:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30303.exe
[2010/01/29 10:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22798.exe
[2010/01/29 10:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31556.exe
[2010/01/29 10:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16519.exe
[2010/01/29 09:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5249.exe
[2010/01/29 09:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20600.exe
[2010/01/29 09:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17451.exe
[2010/01/29 08:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18935.exe
[2010/01/29 08:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7616.exe
[2010/01/29 08:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14309.exe
[2010/01/29 07:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9514.exe
[2010/01/29 07:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22813.exe
[2010/01/29 07:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6617.exe
[2010/01/29 06:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14310.exe
[2010/01/29 06:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2421.exe
[2010/01/29 06:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17807.exe
[2010/01/29 05:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22483.exe
[2010/01/29 05:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24648.exe
[2010/01/29 05:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14893.exe
[2010/01/29 04:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3728.exe
[2010/01/29 04:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\467.exe
[2010/01/29 04:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18127.exe
[2010/01/29 03:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3788.exe
[2010/01/29 03:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6900.exe
[2010/01/29 03:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27938.exe
[2010/01/29 02:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26418.exe
[2010/01/29 02:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1999.exe
[2010/01/29 02:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\53.exe
[2010/01/29 01:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4734.exe
[2010/01/29 01:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8281.exe
[2010/01/29 01:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24484.exe
[2010/01/29 00:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19668.exe
[2010/01/29 00:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23199.exe
[2010/01/29 00:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27348.exe
[2010/01/28 23:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24021.exe
[2010/01/28 23:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4596.exe
[2010/01/28 23:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11020.exe
[2010/01/28 22:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9374.exe
[2010/01/28 22:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30836.exe
[2010/01/28 22:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10291.exe
[2010/01/28 21:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24350.exe
[2010/01/28 21:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3602.exe
[2010/01/28 21:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4041.exe
[2010/01/28 20:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27595.exe
[2010/01/28 20:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6483.exe
[2010/01/28 20:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21548.exe
[2010/01/28 19:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20537.exe
[2010/01/28 19:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27624.exe
[2010/01/28 19:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6359.exe
[2010/01/28 18:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17410.exe
[2010/01/28 18:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1655.exe
[2010/01/28 18:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18762.exe
[2010/01/28 17:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32591.exe
[2010/01/28 17:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\900.exe
[2010/01/28 17:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29168.exe
[2010/01/28 16:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16413.exe
[2010/01/28 16:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13030.exe
[2010/01/28 16:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27506.exe
[2010/01/28 15:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24946.exe
[2010/01/28 15:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6422.exe
[2010/01/28 15:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18588.exe
[2010/01/28 14:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24221.exe
[2010/01/28 14:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9758.exe
[2010/01/28 14:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32209.exe
[2010/01/28 13:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8909.exe
[2010/01/28 13:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14945.exe
[2010/01/28 13:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10383.exe
[2010/01/28 12:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27753.exe
[2010/01/28 12:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12287.exe
[2010/01/28 12:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15457.exe
[2010/01/28 11:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11337.exe
[2010/01/28 11:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18007.exe
[2010/01/28 11:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30191.exe
[2010/01/28 10:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31107.exe
[2010/01/28 10:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3430.exe
[2010/01/28 10:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13966.exe
[2010/01/28 09:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21724.exe
[2010/01/28 09:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16941.exe
[2010/01/28 09:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1150.exe
[2010/01/28 08:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27350.exe
[2010/01/28 08:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12052.exe
[2010/01/28 08:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4031.exe
[2010/01/28 07:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15574.exe
[2010/01/28 07:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23655.exe
[2010/01/28 07:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24767.exe
[2010/01/28 06:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22355.exe
[2010/01/28 06:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18636.exe
[2010/01/28 06:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9161.exe
[2010/01/28 05:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13290.exe
[2010/01/28 05:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23986.exe
[2010/01/28 05:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16512.exe
[2010/01/28 04:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5097.exe
[2010/01/28 04:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15573.exe
[2010/01/28 04:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26777.exe
[2010/01/28 03:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5829.exe
[2010/01/28 03:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6270.exe
[2010/01/28 03:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19072.exe
[2010/01/28 02:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26924.exe
[2010/01/28 02:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28745.exe
[2010/01/28 02:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5021.exe
[2010/01/28 01:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22386.exe
[2010/01/28 01:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31673.exe
[2010/01/28 01:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2306.exe
[2010/01/28 00:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13977.exe
[2010/01/28 00:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9930.exe
[2010/01/28 00:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22704.exe
[2010/01/27 23:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29658.exe
[2010/01/27 23:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4639.exe
[2010/01/27 23:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31115.exe
[2010/01/27 22:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4833.exe
[2010/01/27 22:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16541.exe
[2010/01/27 22:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
[2010/01/27 21:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
[2010/01/27 21:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
[2010/01/27 21:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
[2010/01/27 20:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
[2010/01/27 20:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
[2010/01/27 20:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
[2010/01/27 19:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
[2010/01/27 19:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
[2010/01/27 19:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
[2010/01/27 18:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
[2010/01/27 18:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
[2010/01/27 18:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
[2010/01/27 17:53:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
[2010/01/27 17:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
[2010/01/27 17:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
[2010/01/27 16:53:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
[2010/01/27 16:33:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
[2010/01/27 16:13:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
[2010/01/27 15:53:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
[2010/01/27 15:33:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
[2010/01/27 15:13:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
[2010/01/27 14:53:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
[2010/01/27 14:33:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
[2010/01/27 14:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
[2010/01/27 13:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
[2010/01/27 13:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
[2010/01/27 13:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
[2010/01/27 12:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
[2010/01/27 12:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
[2010/01/27 12:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
[2010/01/27 11:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
[2010/01/27 11:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
[2010/01/27 11:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
[2010/01/27 10:53:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
[2010/01/27 10:33:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
[2010/01/27 10:12:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
[2010/01/27 09:52:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
[2010/01/27 09:32:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
[2010/01/27 09:12:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
[2010/01/27 08:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
[2010/01/27 08:31:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2010/01/27 08:11:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2010/01/27 07:50:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2010/01/27 07:30:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2010/01/27 07:10:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
[2010/01/27 06:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
[2010/01/27 06:29:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
[2010/01/27 06:09:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2010/01/27 05:49:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
[2010/01/27 05:28:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2010/01/27 05:08:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2010/01/27 04:48:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2010/01/27 04:27:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2010/01/27 04:07:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2010/01/27 03:47:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2010/01/27 03:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2010/01/27 03:06:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2010/01/25 20:05:17 | 000,000,634 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Wayne Noble.job
[2010/01/25 16:42:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:10:23 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/24 01:58:58 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 20:56:33 | 001,088,512 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/01/22 20:06:45 | 000,118,256 | ---- | M] () -- C:\WINDOWS\System32\7Pb5AGmfE-.exe
[2010/01/22 20:06:11 | 000,180,224 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010/01/22 20:06:07 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\kkalf.exe
[2010/01/22 20:06:02 | 000,015,000 | ---- | M] () -- C:\WINDOWS\System32\k8efzgigz.dll
[2010/01/22 20:05:39 | 000,057,356 | ---- | M] () -- C:\WINDOWS\System32\net.net
[2010/01/22 19:49:17 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2010/01/22 18:49:24 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:55 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/21 21:50:01 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/21 12:24:16 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/31 00:02:51 | 000,110,953 | ---- | C] () -- C:\autoexec.exe
[2010/01/30 23:49:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe
[2010/01/30 21:21:14 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/29 19:14:27 | 000,028,409 | ---- | C] () -- C:\WINDOWS\System32\O9I033SIX1.dat
[2010/01/29 18:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19589.exe
[2010/01/29 18:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15281.exe
[2010/01/29 18:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14798.exe
[2010/01/29 17:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19796.exe
[2010/01/29 17:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20580.exe
[2010/01/29 17:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6618.exe
[2010/01/29 16:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13458.exe
[2010/01/29 16:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25200.exe
[2010/01/29 16:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7448.exe
[2010/01/29 15:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9503.exe
[2010/01/29 15:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29314.exe
[2010/01/29 15:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1587.exe
[2010/01/29 14:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30523.exe
[2010/01/29 14:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14343.exe
[2010/01/29 14:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3093.exe
[2010/01/29 13:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20485.exe
[2010/01/29 13:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3195.exe
[2010/01/29 13:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32702.exe
[2010/01/29 12:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14989.exe
[2010/01/29 12:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32609.exe
[2010/01/29 12:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5844.exe
[2010/01/29 11:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11008.exe
[2010/01/29 11:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6224.exe
[2010/01/29 11:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30303.exe
[2010/01/29 10:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22798.exe
[2010/01/29 10:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31556.exe
[2010/01/29 10:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16519.exe
[2010/01/29 09:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5249.exe
[2010/01/29 09:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20600.exe
[2010/01/29 09:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17451.exe
[2010/01/29 08:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18935.exe
[2010/01/29 08:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7616.exe
[2010/01/29 08:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14309.exe
[2010/01/29 07:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9514.exe
[2010/01/29 07:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22813.exe
[2010/01/29 07:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6617.exe
[2010/01/29 06:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14310.exe
[2010/01/29 06:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2421.exe
[2010/01/29 06:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17807.exe
[2010/01/29 05:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22483.exe
[2010/01/29 05:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24648.exe
[2010/01/29 05:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14893.exe
[2010/01/29 04:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3728.exe
[2010/01/29 04:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\467.exe
[2010/01/29 04:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18127.exe
[2010/01/29 03:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3788.exe
[2010/01/29 03:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6900.exe
[2010/01/29 03:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27938.exe
[2010/01/29 02:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26418.exe
[2010/01/29 02:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1999.exe
[2010/01/29 02:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\53.exe
[2010/01/29 01:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4734.exe
[2010/01/29 01:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8281.exe
[2010/01/29 01:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24484.exe
[2010/01/29 00:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19668.exe
[2010/01/29 00:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23199.exe
[2010/01/29 00:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27348.exe
[2010/01/28 23:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24021.exe
[2010/01/28 23:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4596.exe
[2010/01/28 23:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11020.exe
[2010/01/28 22:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9374.exe
[2010/01/28 22:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30836.exe
[2010/01/28 22:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10291.exe
[2010/01/28 21:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24350.exe
[2010/01/28 21:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3602.exe
[2010/01/28 21:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4041.exe
[2010/01/28 20:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27595.exe
[2010/01/28 20:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6483.exe
[2010/01/28 20:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21548.exe
[2010/01/28 19:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20537.exe
[2010/01/28 19:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27624.exe
[2010/01/28 19:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6359.exe
[2010/01/28 18:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17410.exe
[2010/01/28 18:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1655.exe
[2010/01/28 18:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18762.exe
[2010/01/28 17:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32591.exe
[2010/01/28 17:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\900.exe
[2010/01/28 17:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29168.exe
[2010/01/28 16:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16413.exe
[2010/01/28 16:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13030.exe
[2010/01/28 16:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27506.exe
[2010/01/28 15:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24946.exe
[2010/01/28 15:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6422.exe
[2010/01/28 15:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18588.exe
[2010/01/28 14:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24221.exe
[2010/01/28 14:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9758.exe
[2010/01/28 14:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32209.exe
[2010/01/28 13:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8909.exe
[2010/01/28 13:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14945.exe
[2010/01/28 13:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10383.exe
[2010/01/28 12:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27753.exe
[2010/01/28 12:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12287.exe
[2010/01/28 12:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15457.exe
[2010/01/28 11:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11337.exe
[2010/01/28 11:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18007.exe
[2010/01/28 11:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30191.exe
[2010/01/28 10:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31107.exe
[2010/01/28 10:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3430.exe
[2010/01/28 10:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13966.exe
[2010/01/28 09:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21724.exe
[2010/01/28 09:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16941.exe
[2010/01/28 09:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1150.exe
[2010/01/28 08:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27350.exe
[2010/01/28 08:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12052.exe
[2010/01/28 08:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4031.exe
[2010/01/28 07:53:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15574.exe
[2010/01/25 16:45:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23655.exe
[2010/01/25 16:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24767.exe
[2010/01/25 16:04:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22355.exe
[2010/01/25 15:44:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18636.exe
[2010/01/25 15:24:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9161.exe
[2010/01/25 15:03:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13290.exe
[2010/01/25 14:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23986.exe
[2010/01/25 14:23:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16512.exe
[2010/01/25 14:02:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5097.exe
[2010/01/25 13:42:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15573.exe
[2010/01/25 13:21:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26777.exe
[2010/01/25 13:01:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5829.exe
[2010/01/25 12:41:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6270.exe
[2010/01/25 12:34:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:20:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19072.exe
[2010/01/25 12:10:22 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/25 12:00:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26924.exe
[2010/01/25 11:40:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28745.exe
[2010/01/25 11:20:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5021.exe
[2010/01/25 10:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22386.exe
[2010/01/25 10:39:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31673.exe
[2010/01/25 10:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2306.exe
[2010/01/25 09:58:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13977.exe
[2010/01/25 09:38:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9930.exe
[2010/01/25 09:18:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22704.exe
[2010/01/25 08:57:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29658.exe
[2010/01/25 08:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4639.exe
[2010/01/25 08:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31115.exe
[2010/01/25 07:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4833.exe
[2010/01/25 07:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16541.exe
[2010/01/25 07:15:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22929.exe
[2010/01/25 06:55:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2082.exe
[2010/01/25 06:35:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16118.exe
[2010/01/25 06:14:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21538.exe
[2010/01/25 05:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5537.exe
[2010/01/25 05:34:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11323.exe
[2010/01/25 05:13:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24626.exe
[2010/01/25 04:53:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32439.exe
[2010/01/25 04:33:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16944.exe
[2010/01/25 04:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26308.exe
[2010/01/25 03:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13931.exe
[2010/01/25 03:32:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7376.exe
[2010/01/25 03:11:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4966.exe
[2010/01/25 02:51:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11840.exe
[2010/01/25 02:31:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18756.exe
[2010/01/25 02:10:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19954.exe
[2010/01/25 01:50:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24084.exe
[2010/01/25 01:30:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12623.exe
[2010/01/25 01:09:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19629.exe
[2010/01/25 00:49:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3548.exe
[2010/01/25 00:29:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24393.exe
[2010/01/25 00:08:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31101.exe
[2010/01/24 01:58:58 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/23 21:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15006.exe
[2010/01/23 21:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15350.exe
[2010/01/23 21:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24370.exe
[2010/01/23 20:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6729.exe
[2010/01/23 20:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15890.exe
[2010/01/23 20:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23805.exe
[2010/01/23 19:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27446.exe
[2010/01/23 19:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22648.exe
[2010/01/23 19:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19264.exe
[2010/01/23 18:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8942.exe
[2010/01/23 18:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9040.exe
[2010/01/23 18:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30106.exe
[2010/01/23 17:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\288.exe
[2010/01/23 17:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1842.exe
[2010/01/23 17:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22190.exe
[2010/01/23 16:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3035.exe
[2010/01/23 16:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12316.exe
[2010/01/23 16:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\778.exe
[2010/01/23 15:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27529.exe
[2010/01/23 15:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9741.exe
[2010/01/23 15:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8723.exe
[2010/01/23 14:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12859.exe
[2010/01/23 14:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20037.exe
[2010/01/23 14:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32757.exe
[2010/01/23 13:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32662.exe
[2010/01/23 13:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27644.exe
[2010/01/23 13:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25547.exe
[2010/01/23 12:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6868.exe
[2010/01/23 12:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28253.exe
[2010/01/23 12:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7711.exe
[2010/01/23 11:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15141.exe
[2010/01/23 11:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4664.exe
[2010/01/23 11:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17673.exe
[2010/01/23 10:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30333.exe
[2010/01/23 10:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31322.exe
[2010/01/23 10:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23811.exe
[2010/01/23 09:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28703.exe
[2010/01/23 09:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9894.exe
[2010/01/23 09:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17035.exe
[2010/01/23 08:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26299.exe
[2010/01/23 08:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25667.exe
[2010/01/23 08:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19912.exe
[2010/01/23 07:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1869.exe
[2010/01/23 07:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11538.exe
[2010/01/23 07:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14771.exe
[2010/01/23 06:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21726.exe
[2010/01/23 06:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2010/01/23 06:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2010/01/23 05:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2010/01/23 05:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2010/01/23 05:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2010/01/23 04:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2010/01/23 04:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2010/01/23 04:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2010/01/23 03:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2010/01/23 03:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2010/01/23 03:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2010/01/23 02:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010/01/23 02:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010/01/23 02:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010/01/23 01:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010/01/23 01:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/23 01:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/01/23 00:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/23 00:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/23 00:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/22 23:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/22 23:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/22 23:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/22 22:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/22 22:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/22 22:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/22 21:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/22 21:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/22 21:13:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/22 21:03:41 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\Start.bat
[2010/01/22 20:56:33 | 001,088,512 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:53:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | C] () -- C:\confin.sys
[2010/01/22 20:33:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/22 20:33:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/22 20:33:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/22 20:33:07 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk
[2010/01/22 20:33:06 | 000,004,286 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/22 20:33:06 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/22 20:32:56 | 000,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/22 20:09:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/22 20:09:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/01/22 20:06:58 | 000,000,648 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/22 20:06:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/22 20:06:45 | 000,118,256 | ---- | C] () -- C:\WINDOWS\System32\7Pb5AGmfE-.exe
[2010/01/22 20:06:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\msa.exe
[2010/01/22 20:06:23 | 000,000,312 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/01/22 20:06:15 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/01/22 20:06:07 | 000,000,001 | ---- | C] () -- C:\s
[2010/01/22 20:06:02 | 000,015,000 | ---- | C] () -- C:\WINDOWS\System32\k8efzgigz.dll
[2010/01/22 20:06:01 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/22 20:05:39 | 000,057,356 | ---- | C] () -- C:\WINDOWS\System32\net.net
[2010/01/22 18:49:24 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:54 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/22 00:08:16 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/22 00:08:15 | 000,000,478 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/22 00:08:15 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/22 00:08:03 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2010/01/21 23:20:59 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/21 23:01:03 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/21 23:01:03 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/21 23:00:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/21 21:50:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/21 21:50:11 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/21 21:50:11 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/21 12:24:16 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2009/12/26 00:07:24 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\Dr--iXA0_rR.dll
[2009/02/18 14:43:08 | 000,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2008/08/28 10:03:20 | 000,024,155 | ---- | C] () -- C:\Program Files\orilliapic.jpg
[2008/08/10 12:33:11 | 000,016,190 | ---- | C] () -- C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent
[2008/08/10 12:30:38 | 000,017,276 | ---- | C] () -- C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent
[2008/07/11 10:35:54 | 000,014,006 | ---- | C] () -- C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent
[2008/07/10 08:49:37 | 000,012,732 | ---- | C] () -- C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent
[2008/07/10 06:00:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/10 06:00:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/08 09:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2008/03/17 09:02:44 | 000,022,764 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\Microsoft Excel.ADR
[2007/11/18 11:07:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/01 10:16:19 | 000,000,396 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
[2007/03/31 13:22:11 | 000,000,703 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007/03/27 10:54:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/26 13:41:42 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2007/03/26 13:41:42 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\DMAPI.dll
[2006/09/09 16:05:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/04/14 21:30:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006/01/31 14:26:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/01/12 19:51:52 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005/07/15 05:33:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/02/19 09:15:11 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2005/02/09 20:24:56 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2005/02/09 17:24:29 | 003,691,666 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\imageCache.db
[2005/02/09 16:20:49 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2005/01/09 13:19:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/09 16:45:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JPR.{PB
[2004/12/09 16:45:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JCM.{PB
[2004/09/11 15:44:12 | 000,000,613 | ---- | C] () -- C:\WINDOWS\pmontage.ini
[2004/09/11 15:44:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Pm_setup.ini
[2004/09/11 15:43:42 | 000,000,745 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2004/09/11 15:10:20 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson880.ini
[2004/09/09 14:27:04 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/09/09 14:27:04 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7651CD09DA.sys
[2004/07/09 14:41:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/09 14:38:32 | 000,000,184 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2004/07/09 14:27:59 | 000,043,786 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004/07/09 14:23:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2004/07/09 14:23:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2004/07/09 14:23:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2004/07/09 14:23:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2004/07/09 14:22:39 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/07/09 10:32:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\dm.ini
[2004/06/26 07:05:02 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/22 11:23:22 | 000,001,908 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/18 20:48:07 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/06/18 20:37:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/18 20:32:09 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/06/18 20:31:57 | 000,000,123 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/06/09 13:17:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/09 13:09:17 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/06/09 13:08:36 | 000,000,516 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/09 13:04:35 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/09 12:55:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/09 12:55:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/09 12:42:04 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/13 08:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 05:00:00 | 000,140,800 | ---- | C] () -- C:\WINDOWS\enokawasaxoveseb.dll
[2002/08/29 05:00:00 | 000,037,376 | ---- | C] () -- C:\WINDOWS\kbet70A.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Wayne Noble\Desktop\~:SummaryInformation
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Re: Malware Defense Removal31st January 2010, 6:04 pm

and Extras
OTL Extras logfile created on: 31/01/2010 12:57:57 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Wayne Noble\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 9.65 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBQMM051
Current User Name: Wayne Noble
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DDB451-69B4-417C-A5A1-470648AB5E38}" = MapSource - MetroGuide Canada v4
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40FC0E46-52DB-0B66-B31B-C9B0F8EE6F51}" = Search Assistant Searchersmart
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4B04C8A6-8282-420B-A9CD-62E68E8A47C2}" = URL.BIZ ip blocker 1.0
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}" = Microsoft LifeCam
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{580183A6-FF92-11D5-9294-0050BA073EEC}" = Presto! PageManager 6
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DF68560-292A-11D5-99D1-00010256D40E}" = DV Studio3
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80B744FE-8712-4D44-A239-EBB7B8979F7E}" = ParetoLogic Anti-Virus PLUS
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9196D6F6-340D-4D10-A8D4-FCB6AF7DDA25}" = MapCreate U.S.A Hunting w/ Topo 6.3
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53AB16A-8DC1-11D6-B494-008048C29C40}" = USB MMC-SD Reader
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = USB 2.0 MMC/SD Card Reader
"{BC03FCE8-388F-48C0-9600-B53ACB297B5F}" = ArcSoft Software Suite
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C4FE00AF-E29D-4220-B118-0B453F3539E0}" = Garmin TOPO Great Britain v2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E2F46A9E-11FD-47A3-A8B8-73B085BB7EBC}" = SymNet
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"7Pb5AGmfE-" = LoudMo Contextual Ad Assistant
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"BB_is1" = Band-in-a-Box 2005
"Cakewalk Pro Audio 7.0" = Cakewalk Pro Audio 7.0
"Chessmaster 9000" = Chessmaster 9000
"Corel Uninstaller" = Corel Uninstaller
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"Graboid Video" = Graboid Video 1.3
"HijackThis" = HijackThis 2.0.2
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 1.37
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{35DDB451-69B4-417C-A5A1-470648AB5E38}" = MapSource - MetroGuide Canada v4
"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"InstallShield_{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"Intel(R) 537EP V9x DFV PCI Modem" = Intel(R) 537EP V9x DFV PCI Modem
"LiveReg" = LiveReg (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"net" = Advertisement Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCFriendly" = PCFriendly
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.3.1
"PhotoMontage 2000" = PhotoMontage 2000
"Power MP3 WMA Converter 1.14" = Power MP3 WMA Converter 1.14
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RegCure" = RegCure
"rvtpznduvtpo" = RON Tool Offersfortoday
"Shockwave" = Shockwave
"Spyware Doctor" = Spyware Doctor 7.0
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/01/2010 9:05:37 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.33.0.1000, faulting
module superantispyware.exe, version 4.33.0.1000, fault address 0x00004387.

Error - 22/01/2010 9:05:48 PM | Computer Name = DBQMM051 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: An internal certificate chaining error has occurred.

Error - 24/01/2010 1:09:52 AM | Computer Name = DBQMM051 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/01/2010 1:09:52 AM | Computer Name = DBQMM051 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/01/2010 1:10:07 AM | Computer Name = DBQMM051 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 26/01/2010 2:13:40 PM | Computer Name = DBQMM051 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/01/2010 2:19:04 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application mfindexer.exe, version 8.232.0.0, faulting module
user32.dll, version 5.1.2600.3099, fault address 0x0001356f.

Error - 30/01/2010 7:41:22 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application mfindexer.exe, version 8.232.0.0, faulting module
user32.dll, version 5.1.2600.3099, fault address 0x0001356f.

Error - 30/01/2010 10:52:41 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 3.3.3302.0, faulting module
unknown, version 0.0.0.0, fault address 0x008c6578.

Error - 30/01/2010 11:59:40 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
enokawasaxoveseb.dll, version 0.0.0.0, fault address 0x0001d4bb.

[ System Events ]
Error - 31/01/2010 12:25:12 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 31/01/2010 12:25:12 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Lic NetConnect
service service to connect.

Error - 31/01/2010 12:25:12 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
P3 Processor

Error - 31/01/2010 12:30:19 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Settings Manager
service to connect.

Error - 31/01/2010 12:30:19 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate Notice service
to connect.

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7000
Description = The Helodrmkipbd service failed to start due to the following error:
%%3

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7000
Description = The Savradm service failed to start due to the following error: %%3

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Lic NetConnect
service service to connect.

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
P3 Processor

< End of report >

Re: Malware Defense Removal31st January 2010, 7:58 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Malware Defense Removal31st January 2010, 9:13 pm

It won't let me run combofix, it says the "file is infected" and asks me to run my anti virus software.
I looked at how to disable my AV, but it seems nȯne of them apply to me.
I turned off windows firwall, and my Norton doesn't open

Re: Malware Defense Removal1st February 2010, 1:21 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (UiRXgyfcN)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\SYSTEM32\winlogon32.exe (UiRXgyfcN)
O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\SYSTEM32\k8efzgigz.dll ()
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell - "" = AutoRun
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\kkalf.exe
[2010/01/31 12:54:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/01/31 12:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2010/01/31 12:40:00 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/01/31 12:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2010/01/31 12:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2010/01/31 11:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2010/01/31 11:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2010/01/31 11:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2010/01/31 10:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2010/01/31 10:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2010/01/31 10:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2010/01/31 09:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2010/01/31 09:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010/01/31 09:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010/01/31 08:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010/01/31 08:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010/01/31 08:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010/01/31 07:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010/01/31 07:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010/01/31 07:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010/01/31 06:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010/01/31 06:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010/01/31 06:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010/01/31 05:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/01/31 05:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/01/31 05:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/01/31 04:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/01/31 04:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/31 04:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/01/31 03:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/31 03:34:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/31 03:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/31 03:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/31 02:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/31 02:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/31 02:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/31 01:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/31 01:31:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/31 01:11:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/31 00:51:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/31 00:31:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/31 00:10:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/31 00:02:52 | 000,110,953 | ---- | M] () -- C:\autoexec.exe
[2010/01/30 23:50:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/30 23:49:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe
[2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/30 23:30:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/30 12:52:04 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk
[2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/30 12:51:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/01/29 19:15:13 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\O9I033SIX1.dat
[2010/01/29 18:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19589.exe
[2010/01/29 18:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15281.exe
[2010/01/29 18:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14798.exe
[2010/01/29 17:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19796.exe
[2010/01/29 17:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20580.exe
[2010/01/29 17:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6618.exe
[2010/01/29 16:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13458.exe
[2010/01/29 16:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25200.exe
[2010/01/29 16:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7448.exe
[2010/01/29 15:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9503.exe
[2010/01/29 15:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29314.exe
[2010/01/29 15:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1587.exe
[2010/01/29 14:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30523.exe
[2010/01/29 14:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14343.exe
[2010/01/29 14:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3093.exe
[2010/01/29 13:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20485.exe
[2010/01/29 13:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3195.exe
[2010/01/29 13:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32702.exe
[2010/01/29 12:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14989.exe
[2010/01/29 12:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32609.exe
[2010/01/29 12:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5844.exe
[2010/01/29 11:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11008.exe
[2010/01/29 11:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6224.exe
[2010/01/29 11:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30303.exe
[2010/01/29 10:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22798.exe
[2010/01/29 10:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31556.exe
[2010/01/29 10:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16519.exe
[2010/01/29 09:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5249.exe
[2010/01/29 09:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20600.exe
[2010/01/29 09:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17451.exe
[2010/01/29 08:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18935.exe
[2010/01/29 08:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7616.exe
[2010/01/29 08:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14309.exe
[2010/01/29 07:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9514.exe
[2010/01/29 07:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22813.exe
[2010/01/29 07:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6617.exe
[2010/01/29 06:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14310.exe
[2010/01/29 06:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2421.exe
[2010/01/29 06:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17807.exe
[2010/01/29 05:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22483.exe
[2010/01/29 05:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24648.exe
[2010/01/29 05:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14893.exe
[2010/01/29 04:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3728.exe
[2010/01/29 04:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\467.exe
[2010/01/29 04:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18127.exe
[2010/01/29 03:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3788.exe
[2010/01/29 03:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6900.exe
[2010/01/29 03:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27938.exe
[2010/01/29 02:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26418.exe
[2010/01/29 02:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1999.exe
[2010/01/29 02:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\53.exe
[2010/01/29 01:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4734.exe
[2010/01/29 01:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8281.exe
[2010/01/29 01:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24484.exe
[2010/01/29 00:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19668.exe
[2010/01/29 00:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23199.exe
[2010/01/29 00:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27348.exe
[2010/01/28 23:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24021.exe
[2010/01/28 23:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4596.exe
[2010/01/28 23:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11020.exe
[2010/01/28 22:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9374.exe
[2010/01/28 22:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30836.exe
[2010/01/28 22:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10291.exe
[2010/01/28 21:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24350.exe
[2010/01/28 21:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3602.exe
[2010/01/28 21:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4041.exe
[2010/01/28 20:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27595.exe
[2010/01/28 20:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6483.exe
[2010/01/28 20:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21548.exe
[2010/01/28 19:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20537.exe
[2010/01/28 19:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27624.exe
[2010/01/28 19:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6359.exe
[2010/01/28 18:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17410.exe
[2010/01/28 18:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1655.exe
[2010/01/28 18:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18762.exe
[2010/01/28 17:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32591.exe
[2010/01/28 17:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\900.exe
[2010/01/28 17:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29168.exe
[2010/01/28 16:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16413.exe
[2010/01/28 16:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13030.exe
[2010/01/28 16:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27506.exe
[2010/01/28 15:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24946.exe
[2010/01/28 15:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6422.exe
[2010/01/28 15:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18588.exe
[2010/01/28 14:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24221.exe
[2010/01/28 14:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9758.exe
[2010/01/28 14:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32209.exe
[2010/01/28 13:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8909.exe
[2010/01/28 13:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14945.exe
[2010/01/28 13:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10383.exe
[2010/01/28 12:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27753.exe
[2010/01/28 12:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12287.exe
[2010/01/28 12:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15457.exe
[2010/01/28 11:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11337.exe
[2010/01/28 11:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18007.exe
[2010/01/28 11:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30191.exe
[2010/01/28 10:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31107.exe
[2010/01/28 10:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3430.exe
[2010/01/28 10:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13966.exe
[2010/01/28 09:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21724.exe
[2010/01/28 09:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16941.exe
[2010/01/28 09:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1150.exe
[2010/01/28 08:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27350.exe
[2010/01/28 08:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12052.exe
[2010/01/28 08:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4031.exe
[2010/01/28 07:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15574.exe
[2010/01/28 07:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23655.exe
[2010/01/28 07:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24767.exe
[2010/01/28 06:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22355.exe
[2010/01/28 06:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18636.exe
[2010/01/28 06:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9161.exe
[2010/01/28 05:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13290.exe
[2010/01/28 05:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23986.exe
[2010/01/28 05:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16512.exe
[2010/01/28 04:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5097.exe
[2010/01/28 04:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15573.exe
[2010/01/28 04:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26777.exe
[2010/01/28 03:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5829.exe
[2010/01/28 03:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6270.exe
[2010/01/28 03:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19072.exe
[2010/01/28 02:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26924.exe
[2010/01/28 02:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28745.exe
[2010/01/28 02:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5021.exe
[2010/01/28 01:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22386.exe
[2010/01/28 01:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31673.exe
[2010/01/28 01:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2306.exe
[2010/01/28 00:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13977.exe
[2010/01/28 00:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9930.exe
[2010/01/28 00:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22704.exe
[2010/01/27 23:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29658.exe
[2010/01/27 23:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4639.exe
[2010/01/27 23:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31115.exe
[2010/01/27 22:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4833.exe
[2010/01/27 22:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16541.exe
[2010/01/27 22:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
[2010/01/27 21:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
[2010/01/27 21:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
[2010/01/27 21:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
[2010/01/27 20:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
[2010/01/27 20:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
[2010/01/27 20:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
[2010/01/27 19:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
[2010/01/27 19:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
[2010/01/27 19:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
[2010/01/27 18:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
[2010/01/27 18:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
[2010/01/27 18:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
[2010/01/27 17:53:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
[2010/01/27 17:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
[2010/01/27 17:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
[2010/01/27 16:53:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
[2010/01/27 16:33:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
[2010/01/27 16:13:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
[2010/01/27 15:53:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
[2010/01/27 15:33:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
[2010/01/27 15:13:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
[2010/01/27 14:53:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
[2010/01/27 14:33:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
[2010/01/27 14:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
[2010/01/27 13:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
[2010/01/27 13:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
[2010/01/27 13:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
[2010/01/27 12:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
[2010/01/27 12:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
[2010/01/27 12:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
[2010/01/27 11:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
[2010/01/27 11:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
[2010/01/27 11:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
[2010/01/27 10:53:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
[2010/01/27 10:33:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
[2010/01/27 10:12:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
[2010/01/27 09:52:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
[2010/01/27 09:32:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
[2010/01/27 09:12:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
[2010/01/27 08:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
[2010/01/27 08:31:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2010/01/27 08:11:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2010/01/27 07:50:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2010/01/27 07:30:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2010/01/27 07:10:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
[2010/01/27 06:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
[2010/01/27 06:29:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
[2010/01/27 06:09:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2010/01/27 05:49:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
[2010/01/27 05:28:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2010/01/27 05:08:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2010/01/27 04:48:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2010/01/27 04:27:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2010/01/27 04:07:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2010/01/27 03:47:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2010/01/27 03:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2010/01/27 03:06:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2010/01/22 20:06:45 | 000,118,256 | ---- | M] () -- C:\WINDOWS\System32\7Pb5AGmfE-.exe
[2010/01/22 20:06:11 | 000,180,224 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010/01/22 20:06:07 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\kkalf.exe
[2010/01/22 20:06:02 | 000,015,000 | ---- | M] () -- C:\WINDOWS\System32\k8efzgigz.dll
[2010/01/22 20:05:39 | 000,057,356 | ---- | M] () -- C:\WINDOWS\System32\net.net
[2010/01/22 19:49:17 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\WINDOWS\system32\userinit.exe,"
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Malware Defense Removal1st February 2010, 8:40 am

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
C:\WINDOWS\SYSTEM32\smss32.exe moved successfully.
Starting removal of ActiveX control {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\winlogon32.exe deleted successfully.
C:\WINDOWS\SYSTEM32\winlogon32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C4BF49A2-94F1-42BD-F034-3604811C807D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
C:\WINDOWS\SYSTEM32\k8efzgigz.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
File F:\LaunchU3.exe not found.
File C:\WINDOWS\System32\winlogon32.exe not found.
File C:\WINDOWS\System32\smss32.exe not found.
C:\kkalf.exe moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\SYSTEM32\28703.exe moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\WINDOWS\SYSTEM32\9894.exe moved successfully.
C:\WINDOWS\SYSTEM32\17035.exe moved successfully.
C:\WINDOWS\SYSTEM32\26299.exe moved successfully.
C:\WINDOWS\SYSTEM32\25667.exe moved successfully.
C:\WINDOWS\SYSTEM32\19912.exe moved successfully.
C:\WINDOWS\SYSTEM32\1869.exe moved successfully.
C:\WINDOWS\SYSTEM32\11538.exe moved successfully.
C:\WINDOWS\SYSTEM32\14771.exe moved successfully.
C:\WINDOWS\SYSTEM32\21726.exe moved successfully.
C:\WINDOWS\SYSTEM32\5447.exe moved successfully.
C:\WINDOWS\SYSTEM32\19895.exe moved successfully.
C:\WINDOWS\SYSTEM32\19718.exe moved successfully.
C:\WINDOWS\SYSTEM32\18716.exe moved successfully.
C:\WINDOWS\SYSTEM32\17421.exe moved successfully.
C:\WINDOWS\SYSTEM32\12382.exe moved successfully.
C:\WINDOWS\SYSTEM32\292.exe moved successfully.
C:\WINDOWS\SYSTEM32\153.exe moved successfully.
C:\WINDOWS\SYSTEM32\3902.exe moved successfully.
C:\WINDOWS\SYSTEM32\14604.exe moved successfully.
C:\WINDOWS\SYSTEM32\32391.exe moved successfully.
C:\WINDOWS\SYSTEM32\5436.exe moved successfully.
C:\WINDOWS\SYSTEM32\4827.exe moved successfully.
C:\WINDOWS\SYSTEM32\11942.exe moved successfully.
C:\WINDOWS\SYSTEM32\2995.exe moved successfully.
C:\WINDOWS\SYSTEM32\491.exe moved successfully.
C:\WINDOWS\SYSTEM32\9961.exe moved successfully.
C:\WINDOWS\SYSTEM32\16827.exe moved successfully.
C:\WINDOWS\tasks\RegCure.job moved successfully.
C:\WINDOWS\SYSTEM32\23281.exe moved successfully.
C:\WINDOWS\SYSTEM32\28145.exe moved successfully.
C:\WINDOWS\SYSTEM32\5705.exe moved successfully.
C:\WINDOWS\SYSTEM32\24464.exe moved successfully.
C:\WINDOWS\SYSTEM32\26962.exe moved successfully.
C:\WINDOWS\SYSTEM32\29358.exe moved successfully.
C:\WINDOWS\SYSTEM32\11478.exe moved successfully.
C:\WINDOWS\SYSTEM32\15724.exe moved successfully.
C:\WINDOWS\SYSTEM32\19169.exe moved successfully.
C:\WINDOWS\SYSTEM32\26500.exe moved successfully.
C:\WINDOWS\SYSTEM32\6334.exe moved successfully.
C:\autoexec.exe moved successfully.
C:\WINDOWS\SYSTEM32\18467.exe moved successfully.
C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\IS15.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\41.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\helper32.dll scheduled to be moved on reboot.
C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk moved successfully.
C:\WINDOWS\Iqajocimafeyute.bin moved successfully.
C:\WINDOWS\SYSTEM32\O9I033SIX1.dat moved successfully.
C:\WINDOWS\SYSTEM32\19589.exe moved successfully.
C:\WINDOWS\SYSTEM32\15281.exe moved successfully.
C:\WINDOWS\SYSTEM32\14798.exe moved successfully.
C:\WINDOWS\SYSTEM32\19796.exe moved successfully.
C:\WINDOWS\SYSTEM32\20580.exe moved successfully.
C:\WINDOWS\SYSTEM32\6618.exe moved successfully.
C:\WINDOWS\SYSTEM32\13458.exe moved successfully.
C:\WINDOWS\SYSTEM32\25200.exe moved successfully.
C:\WINDOWS\SYSTEM32\7448.exe moved successfully.
C:\WINDOWS\SYSTEM32\9503.exe moved successfully.
C:\WINDOWS\SYSTEM32\29314.exe moved successfully.
C:\WINDOWS\SYSTEM32\1587.exe moved successfully.
C:\WINDOWS\SYSTEM32\30523.exe moved successfully.
C:\WINDOWS\SYSTEM32\14343.exe moved successfully.
C:\WINDOWS\SYSTEM32\3093.exe moved successfully.
C:\WINDOWS\SYSTEM32\20485.exe moved successfully.
C:\WINDOWS\SYSTEM32\3195.exe moved successfully.
C:\WINDOWS\SYSTEM32\32702.exe moved successfully.
C:\WINDOWS\SYSTEM32\14989.exe moved successfully.
C:\WINDOWS\SYSTEM32\32609.exe moved successfully.
C:\WINDOWS\SYSTEM32\5844.exe moved successfully.
C:\WINDOWS\SYSTEM32\11008.exe moved successfully.
C:\WINDOWS\SYSTEM32\6224.exe moved successfully.
C:\WINDOWS\SYSTEM32\30303.exe moved successfully.
C:\WINDOWS\SYSTEM32\22798.exe moved successfully.
C:\WINDOWS\SYSTEM32\31556.exe moved successfully.
C:\WINDOWS\SYSTEM32\16519.exe moved successfully.
C:\WINDOWS\SYSTEM32\5249.exe moved successfully.
C:\WINDOWS\SYSTEM32\20600.exe moved successfully.
C:\WINDOWS\SYSTEM32\17451.exe moved successfully.
C:\WINDOWS\SYSTEM32\18935.exe moved successfully.
C:\WINDOWS\SYSTEM32\7616.exe moved successfully.
C:\WINDOWS\SYSTEM32\14309.exe moved successfully.
C:\WINDOWS\SYSTEM32\9514.exe moved successfully.
C:\WINDOWS\SYSTEM32\22813.exe moved successfully.
C:\WINDOWS\SYSTEM32\6617.exe moved successfully.
C:\WINDOWS\SYSTEM32\14310.exe moved successfully.
C:\WINDOWS\SYSTEM32\2421.exe moved successfully.
C:\WINDOWS\SYSTEM32\17807.exe moved successfully.
C:\WINDOWS\SYSTEM32\22483.exe moved successfully.
C:\WINDOWS\SYSTEM32\24648.exe moved successfully.
C:\WINDOWS\SYSTEM32\14893.exe moved successfully.
C:\WINDOWS\SYSTEM32\3728.exe moved successfully.
C:\WINDOWS\SYSTEM32\467.exe moved successfully.
C:\WINDOWS\SYSTEM32\18127.exe moved successfully.
C:\WINDOWS\SYSTEM32\3788.exe moved successfully.
C:\WINDOWS\SYSTEM32\6900.exe moved successfully.
C:\WINDOWS\SYSTEM32\27938.exe moved successfully.
C:\WINDOWS\SYSTEM32\26418.exe moved successfully.
C:\WINDOWS\SYSTEM32\1999.exe moved successfully.
C:\WINDOWS\SYSTEM32\53.exe moved successfully.
C:\WINDOWS\SYSTEM32\4734.exe moved successfully.
C:\WINDOWS\SYSTEM32\8281.exe moved successfully.
C:\WINDOWS\SYSTEM32\24484.exe moved successfully.
C:\WINDOWS\SYSTEM32\19668.exe moved successfully.
C:\WINDOWS\SYSTEM32\23199.exe moved successfully.
C:\WINDOWS\SYSTEM32\27348.exe moved successfully.
C:\WINDOWS\SYSTEM32\24021.exe moved successfully.
C:\WINDOWS\SYSTEM32\4596.exe moved successfully.
C:\WINDOWS\SYSTEM32\11020.exe moved successfully.
C:\WINDOWS\SYSTEM32\9374.exe moved successfully.
C:\WINDOWS\SYSTEM32\30836.exe moved successfully.
C:\WINDOWS\SYSTEM32\10291.exe moved successfully.
C:\WINDOWS\SYSTEM32\24350.exe moved successfully.
C:\WINDOWS\SYSTEM32\3602.exe moved successfully.
C:\WINDOWS\SYSTEM32\4041.exe moved successfully.
C:\WINDOWS\SYSTEM32\27595.exe moved successfully.
C:\WINDOWS\SYSTEM32\6483.exe moved successfully.
C:\WINDOWS\SYSTEM32\21548.exe moved successfully.
C:\WINDOWS\SYSTEM32\20537.exe moved successfully.
C:\WINDOWS\SYSTEM32\27624.exe moved successfully.
C:\WINDOWS\SYSTEM32\6359.exe moved successfully.
C:\WINDOWS\SYSTEM32\17410.exe moved successfully.
C:\WINDOWS\SYSTEM32\1655.exe moved successfully.
C:\WINDOWS\SYSTEM32\18762.exe moved successfully.
C:\WINDOWS\SYSTEM32\32591.exe moved successfully.
C:\WINDOWS\SYSTEM32\900.exe moved successfully.
C:\WINDOWS\SYSTEM32\29168.exe moved successfully.
C:\WINDOWS\SYSTEM32\16413.exe moved successfully.
C:\WINDOWS\SYSTEM32\13030.exe moved successfully.
C:\WINDOWS\SYSTEM32\27506.exe moved successfully.
C:\WINDOWS\SYSTEM32\24946.exe moved successfully.
C:\WINDOWS\SYSTEM32\6422.exe moved successfully.
C:\WINDOWS\SYSTEM32\18588.exe moved successfully.
C:\WINDOWS\SYSTEM32\24221.exe moved successfully.
C:\WINDOWS\SYSTEM32\9758.exe moved successfully.
C:\WINDOWS\SYSTEM32\32209.exe moved successfully.
C:\WINDOWS\SYSTEM32\8909.exe moved successfully.
C:\WINDOWS\SYSTEM32\14945.exe moved successfully.
C:\WINDOWS\SYSTEM32\10383.exe moved successfully.
C:\WINDOWS\SYSTEM32\27753.exe moved successfully.
C:\WINDOWS\SYSTEM32\12287.exe moved successfully.
C:\WINDOWS\SYSTEM32\15457.exe moved successfully.
C:\WINDOWS\SYSTEM32\11337.exe moved successfully.
C:\WINDOWS\SYSTEM32\18007.exe moved successfully.
C:\WINDOWS\SYSTEM32\30191.exe moved successfully.
C:\WINDOWS\SYSTEM32\31107.exe moved successfully.
C:\WINDOWS\SYSTEM32\3430.exe moved successfully.
C:\WINDOWS\SYSTEM32\13966.exe moved successfully.
C:\WINDOWS\SYSTEM32\21724.exe moved successfully.
C:\WINDOWS\SYSTEM32\16941.exe moved successfully.
C:\WINDOWS\SYSTEM32\1150.exe moved successfully.
C:\WINDOWS\SYSTEM32\27350.exe moved successfully.
C:\WINDOWS\SYSTEM32\12052.exe moved successfully.
C:\WINDOWS\SYSTEM32\4031.exe moved successfully.
C:\WINDOWS\SYSTEM32\15574.exe moved successfully.
C:\WINDOWS\SYSTEM32\23655.exe moved successfully.
C:\WINDOWS\SYSTEM32\24767.exe moved successfully.
C:\WINDOWS\SYSTEM32\22355.exe moved successfully.
C:\WINDOWS\SYSTEM32\18636.exe moved successfully.
C:\WINDOWS\SYSTEM32\9161.exe moved successfully.
C:\WINDOWS\SYSTEM32\13290.exe moved successfully.
C:\WINDOWS\SYSTEM32\23986.exe moved successfully.
C:\WINDOWS\SYSTEM32\16512.exe moved successfully.
C:\WINDOWS\SYSTEM32\5097.exe moved successfully.
C:\WINDOWS\SYSTEM32\15573.exe moved successfully.
C:\WINDOWS\SYSTEM32\26777.exe moved successfully.
C:\WINDOWS\SYSTEM32\5829.exe moved successfully.
C:\WINDOWS\SYSTEM32\6270.exe moved successfully.
C:\WINDOWS\SYSTEM32\19072.exe moved successfully.
C:\WINDOWS\SYSTEM32\26924.exe moved successfully.
C:\WINDOWS\SYSTEM32\28745.exe moved successfully.
C:\WINDOWS\SYSTEM32\5021.exe moved successfully.
C:\WINDOWS\SYSTEM32\22386.exe moved successfully.
C:\WINDOWS\SYSTEM32\31673.exe moved successfully.
C:\WINDOWS\SYSTEM32\2306.exe moved successfully.
C:\WINDOWS\SYSTEM32\13977.exe moved successfully.
C:\WINDOWS\SYSTEM32\9930.exe moved successfully.
C:\WINDOWS\SYSTEM32\22704.exe moved successfully.
C:\WINDOWS\SYSTEM32\29658.exe moved successfully.
C:\WINDOWS\SYSTEM32\4639.exe moved successfully.
C:\WINDOWS\SYSTEM32\31115.exe moved successfully.
C:\WINDOWS\SYSTEM32\4833.exe moved successfully.
C:\WINDOWS\SYSTEM32\16541.exe moved successfully.
C:\WINDOWS\SYSTEM32\22929.exe moved successfully.
C:\WINDOWS\SYSTEM32\2082.exe moved successfully.
C:\WINDOWS\SYSTEM32\16118.exe moved successfully.
C:\WINDOWS\SYSTEM32\21538.exe moved successfully.
C:\WINDOWS\SYSTEM32\5537.exe moved successfully.
C:\WINDOWS\SYSTEM32\11323.exe moved successfully.
C:\WINDOWS\SYSTEM32\24626.exe moved successfully.
C:\WINDOWS\SYSTEM32\32439.exe moved successfully.
C:\WINDOWS\SYSTEM32\16944.exe moved successfully.
C:\WINDOWS\SYSTEM32\26308.exe moved successfully.
C:\WINDOWS\SYSTEM32\13931.exe moved successfully.
C:\WINDOWS\SYSTEM32\7376.exe moved successfully.
C:\WINDOWS\SYSTEM32\4966.exe moved successfully.
C:\WINDOWS\SYSTEM32\11840.exe moved successfully.
C:\WINDOWS\SYSTEM32\18756.exe moved successfully.
C:\WINDOWS\SYSTEM32\19954.exe moved successfully.
C:\WINDOWS\SYSTEM32\24084.exe moved successfully.
C:\WINDOWS\SYSTEM32\12623.exe moved successfully.
C:\WINDOWS\SYSTEM32\19629.exe moved successfully.
C:\WINDOWS\SYSTEM32\3548.exe moved successfully.
C:\WINDOWS\SYSTEM32\24393.exe moved successfully.
C:\WINDOWS\SYSTEM32\31101.exe moved successfully.
C:\WINDOWS\SYSTEM32\15006.exe moved successfully.
C:\WINDOWS\SYSTEM32\15350.exe moved successfully.
C:\WINDOWS\SYSTEM32\24370.exe moved successfully.
C:\WINDOWS\SYSTEM32\6729.exe moved successfully.
C:\WINDOWS\SYSTEM32\15890.exe moved successfully.
C:\WINDOWS\SYSTEM32\23805.exe moved successfully.
C:\WINDOWS\SYSTEM32\27446.exe moved successfully.
C:\WINDOWS\SYSTEM32\22648.exe moved successfully.
C:\WINDOWS\SYSTEM32\19264.exe moved successfully.
C:\WINDOWS\SYSTEM32\8942.exe moved successfully.
C:\WINDOWS\SYSTEM32\9040.exe moved successfully.
C:\WINDOWS\SYSTEM32\30106.exe moved successfully.
C:\WINDOWS\SYSTEM32\288.exe moved successfully.
C:\WINDOWS\SYSTEM32\1842.exe moved successfully.
C:\WINDOWS\SYSTEM32\22190.exe moved successfully.
C:\WINDOWS\SYSTEM32\3035.exe moved successfully.
C:\WINDOWS\SYSTEM32\12316.exe moved successfully.
C:\WINDOWS\SYSTEM32\778.exe moved successfully.
C:\WINDOWS\SYSTEM32\27529.exe moved successfully.
C:\WINDOWS\SYSTEM32\9741.exe moved successfully.
C:\WINDOWS\SYSTEM32\8723.exe moved successfully.
C:\WINDOWS\SYSTEM32\12859.exe moved successfully.
C:\WINDOWS\SYSTEM32\20037.exe moved successfully.
C:\WINDOWS\SYSTEM32\32757.exe moved successfully.
C:\WINDOWS\SYSTEM32\32662.exe moved successfully.
C:\WINDOWS\SYSTEM32\27644.exe moved successfully.
C:\WINDOWS\SYSTEM32\25547.exe moved successfully.
C:\WINDOWS\SYSTEM32\6868.exe moved successfully.
C:\WINDOWS\SYSTEM32\28253.exe moved successfully.
C:\WINDOWS\SYSTEM32\7711.exe moved successfully.
C:\WINDOWS\SYSTEM32\15141.exe moved successfully.
C:\WINDOWS\SYSTEM32\4664.exe moved successfully.
C:\WINDOWS\SYSTEM32\17673.exe moved successfully.
C:\WINDOWS\SYSTEM32\30333.exe moved successfully.
C:\WINDOWS\SYSTEM32\31322.exe moved successfully.
C:\WINDOWS\SYSTEM32\23811.exe moved successfully.
C:\WINDOWS\SYSTEM32\7Pb5AGmfE-.exe moved successfully.
C:\WINDOWS\msa.exe moved successfully.
C:\s moved successfully.
File C:\WINDOWS\System32\winlogon32.exe not found.
File C:\WINDOWS\System32\smss32.exe not found.
File C:\kkalf.exe not found.
File C:\WINDOWS\System32\k8efzgigz.dll not found.
C:\WINDOWS\SYSTEM32\net.net moved successfully.
C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|"C:\WINDOWS\system32\userinit.exe," /E : value set successfully!

OTL by OldTimer - Version 3.1.27.1 log created on 02012010_033243

Files\Folders moved on Reboot...
C:\WINDOWS\SYSTEM32\IS15.exe moved successfully.
C:\WINDOWS\SYSTEM32\41.exe moved successfully.
C:\WINDOWS\SYSTEM32\helper32.dll moved successfully.

Registry entries deleted on Reboot...

Re: Malware Defense Removal1st February 2010, 8:56 am

I just tried combofix and it worked,
here's the log...
"Wayne Noble" - 2010-02-01 3:45:00 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Wayne Noble\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\WINDOWS\system32\drivers\fad.sys"

((((((((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))))))))

2010-02-01 03:34 0 --a------ C:\WINDOWS\Iqajocimafeyute.bin
2010-02-01 03:32 d-------- C:\_OTL
2010-01-30 22:06 d--hs---- C:\Documents and Settings\WAYNEN~1\PrivacIE
2010-01-30 22:06 d--hs---- C:\DOCUME~1\WAYNEN~1\PrivacIE
2010-01-30 22:04 d--hs---- C:\Documents and Settings\WAYNEN~1\IETldCache
2010-01-30 22:04 d--hs---- C:\DOCUME~1\WAYNEN~1\IETldCache
2010-01-30 21:58 d-------- C:\WINDOWS\ie8updates
2010-01-30 21:54 d--h-c--- C:\WINDOWS\ie8
2010-01-25 12:34 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2010-01-24 01:58 444 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2010-01-22 20:34 9 --a------ C:\confin.sys
2010-01-22 20:34 d--hs---- C:\DOCUME~1\WAYNEN~1\APPLIC~1\SystemProc
2010-01-22 20:09 120 --a------ C:\WINDOWS\Trorodizi.dat
2010-01-22 20:06 648 --a------ C:\WINDOWS\SYSTEM32\uses32.dat
2010-01-22 20:06 d--hs---- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\SystemProc
2010-01-22 20:05 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\AntiVirus Plus
2010-01-22 19:54 d-------- C:\Malwarebytes' Anti-Malware
2010-01-22 19:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-22 01:06 d-------- C:\Program Files\Trend Micro
2010-01-22 00:07 d----c--- C:\Program Files\ParetoLogic
2010-01-22 00:07 d-------- C:\Program Files\Common Files\ParetoLogic
2010-01-22 00:07 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Virus PLUS
2010-01-22 00:07 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic
2010-01-21 23:24 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.DBQ\NTUSER.DAT
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Symantec
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Sonic
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Jasc Software Inc
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Apple Computer
2010-01-21 23:20 233,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
2010-01-21 23:01 87,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PCTAppEvent.sys
2010-01-21 23:01 207,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PCTCore.sys
2010-01-21 23:00 70,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
2010-01-21 23:00 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2010-01-21 23:00 d-------- C:\Program Files\Spyware Doctor
2010-01-21 23:00 d-------- C:\Program Files\Common Files\PC Tools
2010-01-21 23:00 d-------- C:\DOCUME~1\WAYNEN~1\APPLIC~1\PC Tools
2010-01-21 23:00 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2010-01-21 22:34 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2010-01-21 22:08 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2010-01-21 21:50 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RegCure

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2010-02-01 08:41:32 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\Skype
2010-02-01 08:38:08 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\skypePM
2010-01-22 17:28:53 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\uTorrent
2010-01-22 02:50:01 -------- d-----w C:\Program Files\RegCure
2010-01-21 21:09:12 -------- d-----w C:\Program Files\Microsoft Silverlight
2010-01-21 17:46:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2010-01-19 06:08:16 -------- d-----w C:\Program Files\Hotspot Shield
2010-01-17 10:27:16 -------- d-----w C:\Program Files\Google
2009-12-26 05:07:24 1,183,744 ----a-w C:\WINDOWS\system32\Dr--iXA0_rR.dll
2009-12-15 21:11:23 -------- d-----w C:\Program Files\Microsoft LifeCam
2009-12-15 21:03:31 0 ----a-w C:\WINDOWS\system32\cd.dat
2009-11-22 22:01:05 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
2005-01-08 23:08:16 56 --sh--r C:\WINDOWS\SYSTEM32\7651CD09DA.sys
2005-01-08 23:08:16 10,022 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 16:49]
{C4BF49A2-94F1-42BD-F034-3604811C807D}=C:\WINDOWS\system32\k8efzgigz.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 16:21]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 10:38]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 14:52]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 01:49]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 15:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 23:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-11-12 16:33]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 18:54]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2009-11-18 12:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 10:44]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-10-09 13:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=1 (0x1)
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"RTHDBPL"=C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C4BF49A2-94F1-42BD-F034-3604811C807D}"="C:\WINDOWS\system32\k8efzgigz.dll" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli kbet70A.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2010-01-30 21:11:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2010-01-26 01:05:17 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Wayne Noble.job
2010-01-31 17:41:03 C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
2010-01-30 23:30:32 C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2010-01-31 05:33:06 C:\WINDOWS\tasks\ParetoLogic Update Version2.job
2010-01-30 23:30:33 C:\WINDOWS\tasks\RegCure Program Check.job
2010-02-01 08:35:08 C:\WINDOWS\tasks\RegCure Startup.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 03:51:23
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenKey, ZwQueryValueKey, ZwQueryDirectoryFile

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x????????????????????????????????????????D?w????????????7??w????x???x??????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe?????????????????????????????????????????????????????

scanning hȋdden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\H8SRTd.sys]
"imagepath"="\systemroot\system32\drivers\H8SRTehtpcvnoiy.sys"

Completion time: 2010-02-01 3:53:38
C:\ComboFix-quarantined-files.txt ... 2010-02-01 03:53

--- E O F ---

Re: Malware Defense Removal1st February 2010, 8:57 am

and here are the quarantined files..

Code:


2003-01-30 12:52      12073    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\FAD.sys.vir


Folder PATH listing
Volume serial number is 3420-6CD0
C:\QOOBOX
\---Quarantine
    +---C
    |   \---WINDOWS
    |       \---SYSTEM32
    |           \---DRIVERS
    |                   FAD.sys.vir
    |                   
    \---Registry_backups

Re: Malware Defense Removal1st February 2010, 7:33 pm

Hello.
Please delete that version of Combofix you have, it's extremely old. Download a new version and run it please.

Re: Malware Defense Removal1st February 2010, 7:43 pm

The problem is, when I click on your links for combofix, I get redirected to ask.com, or Iamwired. It won't let me get to those links.

Re: Malware Defense Removal1st February 2010, 8:28 pm

Please run OTL again and post the new OTL.txt log ONLY!!

Re: Malware Defense Removal1st February 2010, 10:48 pm

OTL logfile created on: 01/02/2010 5:44:41 PM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Wayne Noble\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 454.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 11.62 Gb Free Space | 7.80% Space Free | Partition Type: NTFS
Drive D: | 467.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBQMM051
Current User Name: Wayne Noble
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
PRC - [2010/01/22 20:34:39 | 000,147,456 | -HS- | M] (HellFire) -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe
PRC - [2010/01/08 19:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/12/11 14:00:44 | 013,006,104 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/08/06 10:44:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
PRC - [2005/11/14 08:05:05 | 000,083,456 | R--- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe
PRC - [2004/12/17 08:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2003/10/07 16:21:10 | 000,294,912 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/09/03 20:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/26 19:47:34 | 000,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2002/06/03 10:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

========== Modules (SafeList) ==========

MOD - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
MOD - [2007/03/08 10:36:28 | 000,037,376 | ---- | M] () -- C:\WINDOWS\kbet70A.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/06/03 10:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Savradm)
SRV - File not found [On_Demand | Stopped] -- -- (Helodrmkipbd)
SRV - [2010/01/17 05:27:20 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/01/08 19:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) [Auto | Running] -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe -- (ZeppelinService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc)
SRV - [2005/01/03 19:22:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [2000/05/24 14:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ATMsrvc.exe -- (ATMsrvc)

========== Driver Services (SafeList) ==========

DRV - [2009/11/12 16:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\taphss.sys -- (taphss)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vx3000.sys -- (VX3000)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eraserutilrebootdrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\navex15.sys -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\naveng.sys -- (NAVENG)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\symidsco.sys -- (SYMIDSCO)
DRV - [2009/01/09 13:01:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symevent.sys -- (SymEvent)
DRV - [2008/09/15 19:14:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\coh_mon.sys -- (COH_Mon)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\co_mon.sys -- (CO_Mon)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys -- (grmnusb)
DRV - [2006/08/31 12:03:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/10/19 07:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 02:09:58 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mstape.sys -- (MSTAPE)
DRV - [2004/08/04 02:09:58 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 01:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2004/08/04 01:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2004/08/04 01:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/01/05 09:23:16 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fixustor.sys -- (fixustor)
DRV - [2003/11/18 11:38:32 | 000,591,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/09/26 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/09/26 00:04:00 | 000,098,164 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/09/26 00:04:00 | 000,083,572 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/09/26 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/09/26 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/09/26 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/09/26 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/09/26 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/09/26 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/09/19 02:21:00 | 000,084,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/08/11 09:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 10:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/04/15 10:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2002/01/24 10:23:40 | 000,013,545 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Stltrk2k.sys -- (Stltrk2k)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\modemcsa.sys -- (MODEMCSA)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvu1.sys -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {4a4f15aa-8569-f02e-7cb6-b10fe045b81c}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {47D99070-1169-4A6B-AA14-DB1810417EF5}:1.9.1
FF - prefs.js..extensions.enabledItems: {3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}:1.9.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{47D99070-1169-4A6B-AA14-DB1810417EF5}: C:\Documents and Settings\Administrator.DBQMM051\Local Settings\Application Data\{47D99070-1169-4A6B-AA14-DB1810417EF5} [2010/01/22 20:09:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} [2010/01/22 20:32:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 03:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 04:19:11 | 000,000,000 | ---D | M]

[2008/12/10 10:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Extensions
[2010/01/22 21:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\extensions
[2009/07/01 14:20:48 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\searchplugins\conduit.xml
[2010/02/01 03:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/22 20:06:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{4a4f15aa-8569-f02e-7cb6-b10fe045b81c}
[2010/01/22 20:06:09 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2009/12/05 19:27:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/05 19:27:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/05 19:27:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/05 19:27:10 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\system32\k8efzgigz.dll) - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\System32\k8efzgigz.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe (HellFire)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/activedata/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200698036687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.lowrance.com/Downloads/updates/MapCreate/MapCreate620/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/24/install/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\System32\k8efzgigz.dll File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/08 02:36:34 | 000,000,042 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/01 14:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Application Data\InstallShield
[2010/02/01 03:53:39 | 000,428,032 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/01 03:53:39 | 000,370,688 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swsc.exe
[2010/02/01 03:53:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/01 03:53:39 | 000,049,152 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2010/02/01 03:50:30 | 000,000,000 | ---D | C] -- C:\QooBox
[2010/02/01 03:32:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/01/31 00:24:11 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 22:06:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\PrivacIE
[2010/01/30 22:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\IETldCache
[2010/01/30 21:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/30 21:54:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/30 18:51:50 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 14:51:40 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/01/25 12:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en
[2010/01/22 20:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc
[2010/01/22 20:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}
[2010/01/22 19:54:02 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/01/22 19:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 00:08:13 | 000,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/22 00:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Downloaded Installations
[2010/01/21 23:20:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/21 23:01:03 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/21 23:01:03 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/21 23:00:57 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Application Data\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/21 23:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/21 22:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 21:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/20 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/13 03:33:43 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/21 16:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Hotspot_Shield
[2008/07/10 05:59:27 | 000,642,540 | ---- | C] (Xvid team ) -- C:\Program Files\Xvid-1.1.3-27042008.exe
[2007/12/20 15:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/28 07:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2004/09/12 13:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/01 17:41:24 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/01 17:40:18 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/02/01 17:40:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 17:39:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/01 17:39:06 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/01 03:58:52 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/02/01 03:44:40 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\ntuser.dat
[2010/02/01 03:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/02/01 03:33:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Wayne Noble\NTUSER.INI
[2010/02/01 03:17:03 | 000,000,648 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/02/01 03:13:52 | 000,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/31 15:34:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/31 12:41:03 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/31 00:33:06 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 21:58:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 21:07:37 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/30 20:51:15 | 000,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/01/30 19:20:34 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 18:51:51 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 18:30:33 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/30 18:30:32 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/30 16:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/30 12:52:04 | 000,004,286 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/25 20:05:17 | 000,000,634 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Wayne Noble.job
[2010/01/25 16:42:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:10:23 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/24 01:58:58 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 20:56:33 | 001,088,512 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/01/22 18:49:24 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:55 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/21 21:50:01 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/21 12:24:16 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/01 03:53:39 | 000,087,040 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2010/02/01 03:53:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vfind.exe
[2010/02/01 03:53:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2010/02/01 03:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/01/30 21:21:14 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/25 12:34:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:10:22 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/24 01:58:58 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 20:56:33 | 001,088,512 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | C] () -- C:\confin.sys
[2010/01/22 20:33:06 | 000,004,286 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/22 20:33:06 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/22 20:32:56 | 000,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/22 20:09:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/22 20:06:58 | 000,000,648 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/22 20:06:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/22 18:49:24 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:54 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/22 00:08:16 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/22 00:08:15 | 000,000,478 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/22 00:08:15 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/21 23:20:59 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/21 23:01:03 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/21 23:01:03 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/21 23:00:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/21 21:50:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/21 21:50:11 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/21 12:24:16 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2009/12/26 00:07:24 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\Dr--iXA0_rR.dll
[2009/02/18 14:43:08 | 000,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2008/08/28 10:03:20 | 000,024,155 | ---- | C] () -- C:\Program Files\orilliapic.jpg
[2008/08/10 12:33:11 | 000,016,190 | ---- | C] () -- C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent
[2008/08/10 12:30:38 | 000,017,276 | ---- | C] () -- C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent
[2008/07/11 10:35:54 | 000,014,006 | ---- | C] () -- C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent
[2008/07/10 08:49:37 | 000,012,732 | ---- | C] () -- C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent
[2008/07/10 06:00:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/10 06:00:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/08 09:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2008/03/17 09:02:44 | 000,022,764 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\Microsoft Excel.ADR
[2007/11/18 11:07:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/01 10:16:19 | 000,000,396 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
[2007/03/31 13:22:11 | 000,000,703 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007/03/27 10:54:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/26 13:41:42 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2007/03/26 13:41:42 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\DMAPI.dll
[2006/09/09 16:05:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/04/14 21:30:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006/01/31 14:26:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/01/12 19:51:52 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005/07/15 05:33:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/02/19 09:15:11 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2005/02/09 20:24:56 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2005/02/09 17:24:29 | 003,691,666 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\imageCache.db
[2005/02/09 16:20:49 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2005/01/09 13:19:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/09 16:45:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JPR.{PB
[2004/12/09 16:45:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JCM.{PB
[2004/09/11 15:44:12 | 000,000,613 | ---- | C] () -- C:\WINDOWS\pmontage.ini
[2004/09/11 15:44:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Pm_setup.ini
[2004/09/11 15:43:42 | 000,000,745 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2004/09/11 15:10:20 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson880.ini
[2004/09/09 14:27:04 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/09/09 14:27:04 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7651CD09DA.sys
[2004/07/09 14:41:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/09 14:38:32 | 000,000,184 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2004/07/09 14:27:59 | 000,043,786 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004/07/09 14:23:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2004/07/09 14:23:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2004/07/09 14:23:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2004/07/09 14:23:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2004/07/09 14:22:39 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/07/09 10:32:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\dm.ini
[2004/06/26 07:05:02 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/22 11:23:22 | 000,001,908 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/18 20:48:07 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/06/18 20:37:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/18 20:32:09 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/06/18 20:31:57 | 000,000,123 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/06/09 13:17:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/09 13:09:17 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/06/09 13:08:36 | 000,000,516 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/09 13:04:35 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/09 12:55:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/09 12:55:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/09 12:42:04 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/13 08:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 05:00:00 | 000,037,376 | ---- | C] () -- C:\WINDOWS\kbet70A.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Wayne Noble\Desktop\~:SummaryInformation
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Re: Malware Defense Removal2nd February 2010, 8:27 pm

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Re: Malware Defense Removal2nd February 2010, 9:06 pm

GooredFix by jpshortstuff (08.01.10.1)
Log created at 16:05 on 02/02/2010 (Wayne Noble)
Firefox version 3.5.7 (en-GB)

========== GooredScan ==========

Deleting "C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}" -> Success!
(nȯne)
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{47D99070-1169-4A6B-AA14-DB1810417EF5} -> Success!
Deleting C:\Documents and Settings\Administrator.DBQMM051\Local Settings\Application Data\{47D99070-1169-4A6B-AA14-DB1810417EF5} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} -> Success!
Deleting C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{4a4f15aa-8569-f02e-7cb6-b10fe045b81c} [01:06 23/01/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:45 10/12/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [21:56 22/11/2009]

C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\extensions\
(nȯne)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:41 22/11/2009]

-=E.O.F=-

Re: Malware Defense Removal3rd February 2010, 12:43 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (C:\WINDOWS\system32\k8efzgigz.dll) - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\System32\k8efzgigz.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe (HellFire)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\System32\k8efzgigz.dll File not found
O32 - AutoRun File - [2006/12/08 02:36:34 | 000,000,042 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
[2010/02/01 03:13:52 | 000,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/31 15:34:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Trorodizi.dat
[2010/02/01 03:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2008/08/10 12:33:11 | 000,016,190 | ---- | C] () -- C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent
[2008/08/10 12:30:38 | 000,017,276 | ---- | C] () -- C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent
[2008/07/11 10:35:54 | 000,014,006 | ---- | C] () -- C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent
[2008/07/10 08:49:37 | 000,012,732 | ---- | C] () -- C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Malware Defense Removal3rd February 2010, 4:43 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\RTHDBPL deleted successfully.
C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C4BF49A2-94F1-42BD-F034-3604811C807D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ not found.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\warning.html moved successfully.
C:\WINDOWS\Trorodizi.dat moved successfully.
C:\WINDOWS\Iqajocimafeyute.bin moved successfully.
C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent moved successfully.
C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent moved successfully.
C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent moved successfully.
C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02022010_233505

Files\Folders moved on Reboot...
File move failed. D:\Autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: Malware Defense Removal3rd February 2010, 7:56 pm

That aturoun file doesn't wanna leave does it, oh well, time to get the bigger guns out.

Please download USBNoRisk to your Desktop and run it by double clicking the program's icon.

Wait a couple of seconds for initial scan to finish.
Connect all of your USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds.
If there are more USB storage devices to scan, please take a note about the order in which these were connected.
After all the devices are scanned, right click in the Monitor tab, and choose "Save log". That will open the log in Notepad. Please copy and paste the log into this thread.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Re: Malware Defense Removal7th February 2010, 7:57 pm

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 07/02/2010 2:53:51 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {cb5ec364-c18a-11d8-b826-806d6172696f}
========================================

Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for cb5ec364-c18a-11d8-b826-806d6172696f
----------------------------------------
Desktop.ini found at C:\INCINERATE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={23CE4E06-2508-11D0-1977-0734210ABE0B}
----------------------------------------
CLSID not found in registry
----------------------------------------

========================================
Initial scan finished!
========================================

New device connected at 07/02/2010 2:55:40 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {70ab2198-0f0f-11df-be4d-000f1f4bbea8}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 70ab2198-0f0f-11df-be4d-000f1f4bbea8
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

Re: Malware Defense Removal7th February 2010, 8:05 pm

Hello.
What is the D:\ drive?

Re: Malware Defense Removal8th February 2010, 6:57 am

it's a dvd/disk drive I gues you call it.
There's two disk drives, d and e

Re: Malware Defense Removal8th February 2010, 8:09 pm

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Malware Defense Removal

descriptionMalware Defense Removal22nd January 2010, 6:30 am

descriptionRe: Malware Defense Removal22nd January 2010, 10:29 pm

descriptionRe: Malware Defense Removal22nd January 2010, 11:53 pm

descriptionRe: Malware Defense Removal23rd January 2010, 1:41 am

descriptionRe: Malware Defense Removal23rd January 2010, 2:08 am

descriptionRe: Malware Defense Removal23rd January 2010, 11:00 pm

descriptionRe: Malware Defense Removal24th January 2010, 12:59 am

descriptionRe: Malware Defense Removal24th January 2010, 1:11 am

descriptionRe: Malware Defense Removal24th January 2010, 3:22 am

descriptionRe: Malware Defense Removal24th January 2010, 3:24 am

descriptionRe: Malware Defense Removal24th January 2010, 5:49 pm

descriptionRe: Malware Defense Removal24th January 2010, 8:55 pm

descriptionRe: Malware Defense Removal24th January 2010, 11:46 pm

descriptionRe: Malware Defense Removal25th January 2010, 5:13 pm

descriptionRe: Malware Defense Removal25th January 2010, 9:30 pm

descriptionRe: Malware Defense Removal25th January 2010, 9:59 pm

descriptionRe: Malware Defense Removal25th January 2010, 10:14 pm

descriptionRe: Malware Defense Removal25th January 2010, 10:53 pm

descriptionRe: Malware Defense Removal29th January 2010, 11:52 pm

descriptionRe: Malware Defense Removal30th January 2010, 6:03 pm

descriptionRe: Malware Defense Removal30th January 2010, 11:57 pm

descriptionRe: Malware Defense Removal31st January 2010, 2:09 am

descriptionRe: Malware Defense Removal31st January 2010, 6:03 pm

descriptionRe: Malware Defense Removal31st January 2010, 6:03 pm

descriptionRe: Malware Defense Removal31st January 2010, 6:04 pm

descriptionRe: Malware Defense Removal31st January 2010, 7:58 pm

descriptionRe: Malware Defense Removal31st January 2010, 9:13 pm

descriptionRe: Malware Defense Removal1st February 2010, 1:21 am

descriptionRe: Malware Defense Removal1st February 2010, 8:40 am

descriptionRe: Malware Defense Removal1st February 2010, 8:56 am

descriptionRe: Malware Defense Removal1st February 2010, 8:57 am

descriptionRe: Malware Defense Removal1st February 2010, 7:33 pm

descriptionRe: Malware Defense Removal1st February 2010, 7:43 pm

descriptionRe: Malware Defense Removal1st February 2010, 8:28 pm

descriptionRe: Malware Defense Removal1st February 2010, 10:48 pm

descriptionRe: Malware Defense Removal2nd February 2010, 8:27 pm

descriptionRe: Malware Defense Removal2nd February 2010, 9:06 pm

descriptionRe: Malware Defense Removal3rd February 2010, 12:43 am

descriptionRe: Malware Defense Removal3rd February 2010, 4:43 am

descriptionRe: Malware Defense Removal3rd February 2010, 7:56 pm

descriptionRe: Malware Defense Removal7th February 2010, 7:57 pm

descriptionRe: Malware Defense Removal7th February 2010, 8:05 pm

descriptionRe: Malware Defense Removal8th February 2010, 6:57 am

descriptionRe: Malware Defense Removal8th February 2010, 8:09 pm

descriptionRe: Malware Defense Removal