Jump to content

taisou108

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Las Vegas, Nevada
  1. I thought I posted a reply but I guess it didn't work. I tried finding as many files as I could. I searched manually and used the search application but not everything came up. Anyways, here's what I found.
  2. BTW thanks again and take your time reviewing the logs. I'll be back around 7:00 p.m. Pacific time.
  3. Hey Raid, thanks for answering. I read the Pre-HJT Instructions and here's what happened: 1. MBAM Log: Malwarebytes' Anti-Malware 1.30 Database version: 1402 Windows 5.1.2600 Service Pack 3 11/16/2008 7:09:43 PM mbam-log-2008-11-16 (19-09-43).txt Scan type: Quick Scan Objects scanned: 55164 Time elapsed: 7 minute(s), 16 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Ariel\Local Settings\Temporary Internet Files\Content.IE5\M6QT8F30\baka[1].txt (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. 2. Spybot Search & Destroy Downloaded it and ran the program. When I clicked "Install" I received a window with an error message that said " 'File Download' A connection with the server could not be established". Couldn't go any further with the installation. 3. PandaActive Scan/ ESET Online Keep getting blank windows that read, "internet explorer cannot display the webpage". Tried through Netscape and get, "The connection was refused when trying to connect..." 4. OTListIt OTListIt logfile created on: 11/16/2008 11:17:33 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Ariel\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.53 Mb Total Physical Memory | 143.04 Mb Available Physical Memory | 56.20% Memory free 623.23 Mb Paging File | 405.20 Mb Available in Paging File | 65.02% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14.93 Gb Total Space | 4.09 Gb Free Space | 27.42% Space Free | Partition Type: NTFS Drive D: | 40.94 Gb Total Space | 11.13 Gb Free Space | 27.17% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THEJUMPOFF Current User Name: Ariel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2002/07/17 07:59:48 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe [2002/07/17 07:45:02 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe [2007/07/16 11:54:08 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [2007/07/16 11:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [2008/10/22 15:10:24 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2007/04/16 15:28:22 | 00,585,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [2008/04/13 16:12:28 | 01,703,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe [1999/12/12 17:01:00 | 00,052,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE [2007/04/26 07:38:21 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe [2008/10/22 15:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2005/07/04 15:46:04 | 00,061,499 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2006/08/28 08:23:44 | 05,535,744 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe [2008/11/16 23:16:14 | 00,426,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ariel\Desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running]) [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008/08/01 08:46:59 | 00,077,312 | ---- | M] (BOONTY) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games [On_Demand | Stopped]) [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [1999/12/12 17:01:00 | 00,052,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running]) File not found -- -- (gusvc [On_Demand | Stopped]) [2004/10/22 02:24:18 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007/04/26 07:38:21 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe -- (lxdiCATSCustConnectService [Auto | Running]) [2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe -- (lxdi_device [Auto | Running]) [2008/10/22 15:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running]) [2001/09/27 22:26:40 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped]) [2007/01/25 15:52:49 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Stopped]) [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2006/10/18 20:05:24 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) File not found -- -- (WUSB54GCSVC [Auto | Running]) ========== Driver Services ========== [2008/08/04 22:22:44 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2008/09/24 10:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped]) [2001/08/17 12:11:26 | 00,054,271 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX [On_Demand | Stopped]) [2001/08/17 13:28:00 | 00,871,388 | ---- | M] (BCM) -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem [On_Demand | Stopped]) File not found -- -- (Beep [system | Running]) [2001/08/17 12:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt [On_Demand | Stopped]) [2001/08/17 12:12:24 | 00,003,168 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg [On_Demand | Stopped]) [2001/08/17 12:12:18 | 00,039,552 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm [On_Demand | Stopped]) [2001/08/17 12:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM [On_Demand | Stopped]) [2000/12/05 16:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall [system | Running]) [2002/07/23 09:01:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x [On_Demand | Running]) [2002/07/23 09:01:28 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped]) [2002/07/23 09:01:30 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped]) [2002/07/23 09:01:30 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped]) [2002/07/23 09:01:28 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped]) [2002/07/23 09:01:28 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped]) [2002/07/23 09:01:32 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5 [On_Demand | Stopped]) [2002/07/23 09:01:32 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6 [On_Demand | Stopped]) [2002/07/23 09:01:32 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7 [On_Demand | Stopped]) [2002/07/23 09:01:34 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8 [On_Demand | Stopped]) [2002/07/23 09:01:22 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped]) [2002/07/23 09:01:22 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped]) [2002/07/23 09:01:24 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped]) [2002/07/23 09:01:20 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped]) [2002/07/23 09:01:26 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5 [On_Demand | Stopped]) [2002/07/23 09:01:26 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6 [On_Demand | Stopped]) [2002/10/15 00:00:00 | 00,013,891 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeBusDr.sys -- (IdeBusDr [boot | Running]) [2002/10/15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeChnDr.sys -- (IdeChnDr [boot | Running]) [2001/05/08 17:57:20 | 00,467,985 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running]) [2008/10/22 15:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running]) [2008/04/13 10:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys -- (mf [On_Demand | Stopped]) [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped]) [2008/04/28 21:26:10 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped]) [2001/08/18 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/03/07 15:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2005/11/24 18:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Running]) [2008/07/17 14:40:32 | 00,109,952 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running]) [2004/08/03 21:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped]) [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2001/08/24 15:47:56 | 00,442,168 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running]) [2001/12/03 09:53:36 | 00,079,356 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyFanC.sys -- (SonyFanC [system | Running]) [2007/08/09 06:57:59 | 00,115,000 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped]) [2006/08/28 00:20:38 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running]) [2000/03/09 10:24:42 | 00,007,196 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\V7.SYS -- (V7 [Auto | Running]) [2008/11/04 12:55:46 | 00,008,496 | ---- | M] () -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB [system | Running]) [2006/02/20 17:59:28 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus [On_Demand | Stopped]) [2006/02/20 17:59:32 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped]) [2006/02/20 17:59:34 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm [On_Demand | Stopped]) [2006/02/20 17:59:36 | 00,083,344 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex [On_Demand | Stopped]) [2001/08/18 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running]) [2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/googlesidesearch.html HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data = HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/googlesidesearch.html HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?p...cid={SUB_CLSID} HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople HKU\S-1-5-21-776561741-299502267-725345543-1003\S-1-5-21-776561741-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/googlesidesearch.html HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Data = HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/googlesidesearch.html HKU\S-1-5-21-776561741-299502267-725345543-1004\S-1-5-21-776561741-299502267-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (3973 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 NtKrnlpa.cn O1 - Hosts: 127.0.0.1 www.Merijn.org O1 - Hosts: 127.0.0.1 www.hijackthis.de O1 - Hosts: 127.0.0.1 www.avg-antivirus.net O1 - Hosts: 127.0.0.1 www.free.grisoft.com O1 - Hosts: 127.0.0.1 www.analysis.seclab.tuwien.ac.at O1 - Hosts: 127.0.0.1 www.free.avg.com O1 - Hosts: 127.0.0.1 guru0.grisoft.cz O1 - Hosts: 127.0.0.1 guru1.grisoft.cz O1 - Hosts: 127.0.0.1 guru2.grisoft.cz O1 - Hosts: 127.0.0.1 guru3.grisoft.cz O1 - Hosts: 127.0.0.1 guru4.grisoft.cz O1 - Hosts: 127.0.0.1 guru5.grisoft.cz O1 - Hosts: 127.0.0.1 www.virusspy.com O1 - Hosts: 127.0.0.1 www.download.f-secure.com O1 - Hosts: 127.0.0.1 www.housecall.trendmicro.com O1 - Hosts: 127.0.0.1 www.avast.com O1 - Hosts: 127.0.0.1 www.free.avg.com O1 - Hosts: 127.0.0.1 www.onlinescan.avast.com O1 - Hosts: 127.0.0.1 www.futurenow.bitdefender.com O1 - Hosts: 127.0.0.1 www.bitdefender.com O1 - Hosts: 127.0.0.1 www.f-prot.com O1 - Hosts: 127.0.0.1 www.trendsecure.com O1 - Hosts: 127.0.0.1 www.avira.com O1 - Hosts: 127.0.0.1 www.eset.com O1 - Hosts: 77 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" () O4 - HKLM..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-776561741-299502267-725345543-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - HKU\S-1-5-21-776561741-299502267-725345543-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0 O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} http://www.pacimedia.com/install/pcs_0013.exe (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://tao108.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key does not exist or could not be opened.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 65.41.120.51,208.13.143.36 O18 - Protocol\Handler: - cdo - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls" = karna.dat-20 WinNT >File not found -- >File not found -- ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] fccdcDTm: "DllName" = fccdcDTm.dll -- File not found netprp: "DllName" = netprp.dll -- File not found ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== LSA *Authentication Packages* ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages" = msv1_0,C:\WINDOWS\system32\ddcCTkli, >File not found -- ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2004/08/24 14:18:17 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] AUTOEXEC.CAM [] [2004/08/24 14:08:03 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.CAM -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\*.tmp files] [2008/11/16 23:16:14 | 00,426,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ariel\Desktop\OTListIt.exe [2008/11/16 23:12:34 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ariel\Desktop\spybotsd160.exe [2008/11/16 19:09:50 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\kjdyj.sys [2008/11/15 01:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Desktop\RegSeeker [2008/11/12 19:51:53 | 00,000,527 | ---- | C] () -- C:\WINDOWS\System32\TDSSuuvd.dat [2008/11/12 17:58:00 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2008/11/12 17:57:32 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2008/11/12 00:23:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\vlc [2008/11/12 00:19:59 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2008/11/11 12:01:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates [2008/11/11 00:29:09 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\HIT Day 3 - Month 1.doc [2008/11/11 00:27:22 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\3X3 Day 2 - Month 1.doc [2008/11/11 00:09:42 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\5X5 Day 1 - Month 1.doc [2008/11/10 20:09:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2008/11/10 20:07:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7 [2008/11/10 20:07:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ [2008/11/09 02:37:23 | 26,696,4992 | -HS- | C] () -- C:\hiberfil.sys [2008/11/08 16:09:28 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2008/11/08 16:09:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2008/11/07 13:18:53 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2008/11/07 13:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe [2008/11/06 23:56:12 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2008/11/05 20:30:10 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97 [2008/11/05 20:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegCure [2008/11/05 19:44:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/11/05 19:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync [2008/11/05 19:42:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer [2008/11/05 19:41:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2008/11/05 18:44:05 | 00,000,000 | ---D | C] -- C:\Program Files\weblin [2008/11/05 18:34:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\zweitgeist [2008/11/05 15:25:34 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWinPortable [2008/11/05 03:39:27 | 00,000,000 | RHS- | C] () -- C:\IO.SYS [2008/11/05 01:22:01 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll [2008/11/05 01:21:47 | 00,000,000 | ---D | C] -- C:\Intel [2008/11/05 00:50:31 | 00,109,952 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys [2008/11/05 00:50:31 | 00,009,728 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\RtNicProp32.dll [2008/11/05 00:50:30 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek [2008/11/05 00:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\InstallShield [2008/11/05 00:41:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/11/05 00:41:27 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2008/11/05 00:41:24 | 10,540,032 | ---- | C] () -- C:\WINDOWS\System32\RTLCPL.EXE [2008/11/05 00:41:24 | 00,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV [2008/11/05 00:40:06 | 00,000,000 | ---D | C] -- C:\dell [2008/11/05 00:38:03 | 00,000,000 | ---D | C] -- C:\Program Files\Intel [2008/11/05 00:31:51 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2008/11/05 00:31:51 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys [2008/11/05 00:31:51 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv [2008/11/05 00:31:49 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys [2008/11/05 00:31:49 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax [2008/11/05 00:31:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll [2008/11/05 00:31:48 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2008/11/05 00:11:03 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\Driver Magician.lnk [2008/11/05 00:10:56 | 00,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll [2008/11/05 00:10:56 | 00,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin [2008/11/05 00:10:54 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx [2008/11/05 00:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician [2008/11/04 23:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Local Settings\Application Data\TouchStoneSoftware [2008/11/04 23:48:43 | 01,686,016 | ---- | C] (Clever Components) -- C:\WINDOWS\System32\clinetsuitex6.ocx [2008/11/04 23:48:43 | 00,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XCEEDZIP.DLL [2008/11/04 23:32:03 | 00,001,609 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\SpeedItup Free.lnk [2008/11/04 23:32:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\Speeditup Free [2008/11/04 23:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\Speeditup Free [2008/11/04 14:24:09 | 00,000,000 | RH-D | C] -- C:\AHCache [2008/11/04 13:50:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2008/11/04 12:55:58 | 00,008,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\VNUSB.sys [2008/11/04 12:55:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\a9k.bin [2008/11/03 23:39:24 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ [2008/11/01 10:19:13 | 00,000,000 | ---D | C] -- C:\lxk3500-4500Patch [2008/10/31 11:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar [2008/10/31 09:04:47 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\bb1.dat [2008/10/31 08:53:55 | 00,081,920 | ---- | C] () -- C:\WINDOWS\inform.dat [2008/10/29 16:04:08 | 00,000,000 | ---D | C] -- C:\logs [2008/10/29 16:01:02 | 00,000,000 | ---D | C] -- C:\Config.Msi [2008/10/29 14:54:23 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\Delete_Me_Dummy_karna.dat [2008/10/29 12:40:08 | 00,000,514 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Ariel.job [2008/10/29 12:40:07 | 00,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Ariel.job [2008/10/29 12:40:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/10/29 12:40:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/10/29 12:40:00 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/28 21:56:57 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK [2008/10/28 21:23:41 | 00,000,000 | ---D | C] -- C:\lexmark [2008/10/28 20:53:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\Lexmark Productivity Studio [2008/10/28 20:48:37 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys [2008/10/28 20:48:27 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys [2008/10/28 20:39:23 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll [2008/10/28 20:39:19 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll [2008/10/28 20:38:36 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll [2008/10/28 20:38:02 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll [2008/10/28 20:38:02 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll [2008/10/28 20:38:02 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll [2008/10/28 20:36:55 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini [2008/10/28 20:36:36 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll [2008/10/28 20:36:36 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll [2008/10/28 20:36:36 | 00,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll [2008/10/28 20:36:36 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll [2008/10/28 20:36:35 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll [2008/10/28 20:36:35 | 00,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll [2008/10/28 20:36:35 | 00,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll [2008/10/28 20:36:35 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll [2008/10/28 20:36:35 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll [2008/10/28 20:36:34 | 00,965,785 | ---- | C] () -- C:\WINDOWS\System32\lxdihelp.chm [2008/10/28 20:36:34 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll [2008/10/28 20:36:34 | 00,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe [2008/10/28 20:36:33 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll [2008/10/28 20:36:33 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll [2008/10/28 20:36:32 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxdigf.dll [2008/10/28 20:36:32 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll [2008/10/28 20:36:32 | 00,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe [2008/10/28 20:36:32 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll [2008/10/28 20:36:31 | 00,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe [2008/10/28 20:36:31 | 00,077,906 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxdicfg.dll [2008/10/28 20:36:31 | 00,077,810 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf [2008/10/28 20:36:31 | 00,001,900 | ---- | C] () -- C:\WINDOWS\System32\lxdi.loc [2008/10/28 20:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series [2008/10/27 17:26:36 | 00,019,106 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\syhacapes.inf [2008/10/27 17:26:35 | 00,015,513 | ---- | C] () -- C:\WINDOWS\System32\ruqecihaqi.sys [2008/10/27 17:26:35 | 00,014,423 | ---- | C] () -- C:\WINDOWS\awilujynid.bin [2008/10/27 17:26:35 | 00,014,358 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\fyguse.dat [2008/10/27 17:26:35 | 00,012,791 | ---- | C] () -- C:\WINDOWS\System32\ropinom.inf [2008/10/27 17:26:35 | 00,011,654 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\awiwovi.lib [2008/10/27 17:26:34 | 00,011,619 | ---- | C] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\erejef.dat [2008/10/27 17:26:34 | 00,010,371 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\isydici.vbs [2008/10/27 17:26:34 | 00,010,323 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\ykepof.bin [2008/10/27 17:26:33 | 00,016,903 | ---- | C] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\aquzyritys.sys [2008/10/27 17:26:33 | 00,016,295 | ---- | C] () -- C:\WINDOWS\picequd.scr [2008/10/27 17:26:33 | 00,011,308 | ---- | C] () -- C:\WINDOWS\olusal.lib [2008/10/27 17:26:32 | 00,015,914 | ---- | C] () -- C:\WINDOWS\mefyt._sy [2008/10/27 17:26:32 | 00,015,355 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\lukowiduxa.reg [2008/10/27 17:26:32 | 00,010,375 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\hywonezeno.bin [2008/10/27 17:26:31 | 00,019,471 | ---- | C] () -- C:\WINDOWS\inirojocyv.exe [2008/10/27 17:26:31 | 00,018,914 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sywub.db [2008/10/27 17:26:31 | 00,016,745 | ---- | C] () -- C:\WINDOWS\System32\pebajevo.sys [2008/10/27 17:26:31 | 00,013,633 | ---- | C] () -- C:\Program Files\Common Files\uvygurev.com [2008/10/27 17:26:31 | 00,010,361 | ---- | C] () -- C:\WINDOWS\System32\cupivy.dl [2008/10/26 23:37:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/10/26 12:30:50 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe [2008/10/26 12:30:50 | 00,099,328 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe [2008/10/26 12:30:50 | 00,098,304 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2008/10/26 12:30:50 | 00,093,696 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe [2008/10/26 12:30:50 | 00,093,696 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe [2008/10/26 12:30:50 | 00,093,696 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe [2008/10/26 12:30:50 | 00,093,184 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe [2008/10/26 12:30:50 | 00,089,088 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe [2008/10/26 12:30:50 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2008/10/26 12:30:49 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe [2008/10/26 12:30:49 | 00,144,384 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe [2008/10/26 12:30:49 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2008/10/26 12:30:49 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2008/10/26 12:27:12 | 00,002,254 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg [2008/10/25 23:31:18 | 00,001,505 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\Vuze.lnk [2008/10/25 20:49:37 | 00,004,986 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\mmount01.jpg [2008/10/25 20:49:24 | 00,000,914 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\Motorized Mount Ad.rtf [2008/10/25 17:40:19 | 00,000,000 | ---D | C] -- C:\Program Files\xerox [2008/10/25 17:40:14 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone [2008/10/25 09:38:46 | 00,044,544 | ---- | C] (Ret) -- C:\WINDOWS\System32\hgapt32.dll [2008/10/25 09:35:08 | 00,007,168 | -HS- | C] () -- C:\WINDOWS\Thumbs.db @Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable [2008/10/24 17:58:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\Malwarebytes [2008/10/24 17:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/10/24 17:45:01 | 00,019,742 | ---- | C] () -- C:\WINDOWS\System32\sinomemyxu.vbs [2008/10/24 17:45:01 | 00,019,330 | ---- | C] () -- C:\WINDOWS\fovebituxu.bin [2008/10/24 17:45:01 | 00,019,319 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wakoza.ban [2008/10/24 17:45:01 | 00,019,246 | ---- | C] () -- C:\WINDOWS\yluzyre.exe [2008/10/24 17:45:01 | 00,019,150 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\wamebop.ban [2008/10/24 17:45:01 | 00,018,693 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dasipi._sy [2008/10/24 17:45:01 | 00,018,526 | ---- | C] () -- C:\WINDOWS\yryrimi.vbs [2008/10/24 17:45:01 | 00,018,483 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\otaquwun.scr [2008/10/24 17:45:01 | 00,017,618 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\dyvetogy.db [2008/10/24 17:45:01 | 00,016,862 | ---- | C] () -- C:\Program Files\Common Files\posas.dl [2008/10/24 17:45:01 | 00,016,276 | ---- | C] () -- C:\Program Files\Common Files\rybucox.inf [2008/10/24 17:45:01 | 00,016,245 | ---- | C] () -- C:\WINDOWS\icinapy.sys [2008/10/24 17:45:01 | 00,016,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nugukuf.dl [2008/10/24 17:45:01 | 00,016,047 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qazog.com [2008/10/24 17:45:01 | 00,015,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sarada.pif [2008/10/24 17:45:01 | 00,014,495 | ---- | C] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\kysad.reg [2008/10/24 17:45:01 | 00,014,023 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\zucozy.dl [2008/10/24 17:45:01 | 00,013,690 | ---- | C] () -- C:\WINDOWS\ivahiz.sys [2008/10/24 17:45:01 | 00,013,289 | ---- | C] () -- C:\Program Files\Common Files\synid.inf [2008/10/24 17:45:01 | 00,011,839 | ---- | C] () -- C:\WINDOWS\uxikihi.com [2008/10/24 17:45:01 | 00,011,485 | ---- | C] () -- C:\WINDOWS\System32\viteciw.bat [2008/10/24 17:45:01 | 00,011,355 | ---- | C] () -- C:\WINDOWS\opivesez.bin [2008/10/24 17:29:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Download Manager [2008/10/24 16:35:56 | 00,019,852 | ---- | C] () -- C:\WINDOWS\rehynonog.com [2008/10/24 16:35:56 | 00,019,509 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agitasa.scr [2008/10/24 16:35:56 | 00,018,377 | ---- | C] () -- C:\Program Files\Common Files\gowuz.reg [2008/10/24 16:35:56 | 00,017,227 | ---- | C] () -- C:\WINDOWS\yqiwaziguv.dl [2008/10/24 16:35:56 | 00,016,559 | ---- | C] () -- C:\WINDOWS\dedazuveci.db [2008/10/24 16:35:56 | 00,014,976 | ---- | C] () -- C:\WINDOWS\cefenohe.sys [2008/10/24 16:35:56 | 00,014,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hasegiri.lib [2008/10/24 16:35:56 | 00,012,897 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\abisi.dat [2008/10/24 16:35:56 | 00,012,317 | ---- | C] () -- C:\WINDOWS\pupiwuq._dl [2008/10/24 16:35:56 | 00,011,642 | ---- | C] () -- C:\WINDOWS\isazomike._dl [2008/10/24 16:35:55 | 00,019,839 | ---- | C] () -- C:\WINDOWS\wygywu.ban [2008/10/24 16:35:55 | 00,017,720 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\wimicuvo.reg [2008/10/24 16:35:55 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\cyfytesyr.lib [2008/10/24 16:35:55 | 00,013,087 | ---- | C] () -- C:\WINDOWS\System32\ujofy._sy [2008/10/24 16:35:55 | 00,012,631 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ajuqeqy.bat [2008/10/24 16:35:55 | 00,011,631 | ---- | C] () -- C:\Program Files\Common Files\gozyxa.lib [2008/10/24 16:35:55 | 00,011,380 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\zenibupoce.dat [2008/10/24 16:21:21 | 00,014,369 | ---- | C] () -- C:\WINDOWS\System32\lm.dat [2008/10/23 15:50:48 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/19 04:39:28 | 00,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/10/19 02:17:47 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/10/19 02:09:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Desktop\YM- The Reckoning [2008/10/19 01:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2008/10/19 01:36:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Local Settings\Application Data\Downloaded Installations ========== Files - Modified Within 30 Days ========== [330 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/11/16 23:16:14 | 00,426,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ariel\Desktop\OTListIt.exe [2008/11/16 23:12:34 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ariel\Desktop\spybotsd160.exe [2008/11/16 20:05:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/11/16 19:09:50 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\kjdyj.sys [2008/11/16 18:36:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/16 18:34:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/16 18:34:03 | 00,003,973 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/11/16 18:34:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/16 18:34:01 | 26,696,4992 | -HS- | M] () -- C:\hiberfil.sys [2008/11/16 13:00:19 | 00,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Ariel.job [2008/11/16 12:01:00 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Ariel.job [2008/11/15 15:42:43 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\HIT Day 3 - Month 1.doc [2008/11/15 15:42:10 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\5X5 Day 1 - Month 1.doc [2008/11/15 13:41:33 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\Ariel\My Documents\My Sharing Folders.lnk [2008/11/15 11:48:23 | 04,317,596 | -H-- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\IconCache.db [2008/11/12 19:51:53 | 00,000,527 | ---- | M] () -- C:\WINDOWS\System32\TDSSuuvd.dat [2008/11/12 19:12:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/11/12 00:19:59 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2008/11/11 00:45:16 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\3X3 Day 2 - Month 1.doc [2008/11/10 20:15:34 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Ariel\My Documents\desktop.ini [2008/11/09 01:04:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/11/08 16:09:28 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2008/11/08 12:17:53 | 00,243,712 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/11/07 13:18:53 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2008/11/06 23:55:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2008/11/06 23:55:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2008/11/06 17:55:48 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini [2008/11/06 17:55:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/11/06 17:55:48 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2008/11/05 21:23:48 | 00,097,912 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/11/05 20:13:09 | 00,320,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/11/05 19:44:25 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2008/11/05 00:11:03 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\Driver Magician.lnk [2008/11/04 23:32:03 | 00,001,609 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\SpeedItup Free.lnk [2008/11/04 15:19:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\a9k.bin [2008/11/04 14:43:20 | 00,458,880 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/11/04 14:43:20 | 00,407,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/11/04 14:43:20 | 00,064,068 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/11/04 12:55:46 | 00,008,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\VNUSB.sys [2008/11/03 16:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/10/31 11:22:52 | 00,077,810 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf [2008/10/31 11:22:14 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK [2008/10/31 09:04:47 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\bb1.dat [2008/10/31 08:53:55 | 00,081,920 | ---- | M] () -- C:\WINDOWS\inform.dat [2008/10/31 08:53:55 | 00,014,369 | ---- | M] () -- C:\WINDOWS\System32\lm.dat [2008/10/30 06:24:06 | 02,168,815 | ---- | M] () -- C:\WINDOWS\Paradigm.SPF [2008/10/29 15:05:33 | 00,002,254 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2008/10/29 12:40:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/10/27 17:26:36 | 00,019,106 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\syhacapes.inf [2008/10/27 17:26:35 | 00,015,513 | ---- | M] () -- C:\WINDOWS\System32\ruqecihaqi.sys [2008/10/27 17:26:35 | 00,014,423 | ---- | M] () -- C:\WINDOWS\awilujynid.bin [2008/10/27 17:26:35 | 00,014,358 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\fyguse.dat [2008/10/27 17:26:35 | 00,012,791 | ---- | M] () -- C:\WINDOWS\System32\ropinom.inf [2008/10/27 17:26:35 | 00,011,654 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\awiwovi.lib [2008/10/27 17:26:34 | 00,011,619 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\erejef.dat [2008/10/27 17:26:34 | 00,010,371 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\isydici.vbs [2008/10/27 17:26:34 | 00,010,323 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\ykepof.bin [2008/10/27 17:26:33 | 00,016,903 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\aquzyritys.sys [2008/10/27 17:26:33 | 00,016,295 | ---- | M] () -- C:\WINDOWS\picequd.scr [2008/10/27 17:26:33 | 00,011,308 | ---- | M] () -- C:\WINDOWS\olusal.lib [2008/10/27 17:26:32 | 00,015,914 | ---- | M] () -- C:\WINDOWS\mefyt._sy [2008/10/27 17:26:32 | 00,015,355 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\lukowiduxa.reg [2008/10/27 17:26:32 | 00,010,375 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\hywonezeno.bin [2008/10/27 17:26:31 | 00,019,471 | ---- | M] () -- C:\WINDOWS\inirojocyv.exe [2008/10/27 17:26:31 | 00,018,914 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sywub.db [2008/10/27 17:26:31 | 00,016,745 | ---- | M] () -- C:\WINDOWS\System32\pebajevo.sys [2008/10/27 17:26:31 | 00,013,633 | ---- | M] () -- C:\Program Files\Common Files\uvygurev.com [2008/10/27 17:26:31 | 00,010,361 | ---- | M] () -- C:\WINDOWS\System32\cupivy.dl [2008/10/27 02:59:35 | 00,044,544 | ---- | M] (Ret) -- C:\WINDOWS\System32\hgapt32.dll [2008/10/25 23:31:18 | 00,001,505 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\Vuze.lnk [2008/10/25 21:02:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/10/25 21:02:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2008/10/25 20:50:58 | 00,000,914 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\Motorized Mount Ad.rtf [2008/10/25 20:47:39 | 00,004,986 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\mmount01.jpg [2008/10/25 09:35:10 | 00,007,168 | -HS- | M] () -- C:\WINDOWS\Thumbs.db @Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable [2008/10/24 17:45:01 | 00,019,742 | ---- | M] () -- C:\WINDOWS\System32\sinomemyxu.vbs [2008/10/24 17:45:01 | 00,019,330 | ---- | M] () -- C:\WINDOWS\fovebituxu.bin [2008/10/24 17:45:01 | 00,019,319 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wakoza.ban [2008/10/24 17:45:01 | 00,019,246 | ---- | M] () -- C:\WINDOWS\yluzyre.exe [2008/10/24 17:45:01 | 00,019,150 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\wamebop.ban [2008/10/24 17:45:01 | 00,018,693 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dasipi._sy [2008/10/24 17:45:01 | 00,018,526 | ---- | M] () -- C:\WINDOWS\yryrimi.vbs [2008/10/24 17:45:01 | 00,018,483 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\otaquwun.scr [2008/10/24 17:45:01 | 00,017,618 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\dyvetogy.db [2008/10/24 17:45:01 | 00,016,862 | ---- | M] () -- C:\Program Files\Common Files\posas.dl [2008/10/24 17:45:01 | 00,016,276 | ---- | M] () -- C:\Program Files\Common Files\rybucox.inf [2008/10/24 17:45:01 | 00,016,245 | ---- | M] () -- C:\WINDOWS\icinapy.sys [2008/10/24 17:45:01 | 00,016,191 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nugukuf.dl [2008/10/24 17:45:01 | 00,016,047 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qazog.com [2008/10/24 17:45:01 | 00,015,102 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sarada.pif [2008/10/24 17:45:01 | 00,014,495 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\kysad.reg [2008/10/24 17:45:01 | 00,014,023 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\zucozy.dl [2008/10/24 17:45:01 | 00,013,690 | ---- | M] () -- C:\WINDOWS\ivahiz.sys [2008/10/24 17:45:01 | 00,013,289 | ---- | M] () -- C:\Program Files\Common Files\synid.inf [2008/10/24 17:45:01 | 00,011,839 | ---- | M] () -- C:\WINDOWS\uxikihi.com [2008/10/24 17:45:01 | 00,011,485 | ---- | M] () -- C:\WINDOWS\System32\viteciw.bat [2008/10/24 17:45:01 | 00,011,355 | ---- | M] () -- C:\WINDOWS\opivesez.bin [2008/10/24 16:35:56 | 00,019,852 | ---- | M] () -- C:\WINDOWS\rehynonog.com [2008/10/24 16:35:56 | 00,019,509 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\agitasa.scr [2008/10/24 16:35:56 | 00,018,377 | ---- | M] () -- C:\Program Files\Common Files\gowuz.reg [2008/10/24 16:35:56 | 00,017,227 | ---- | M] () -- C:\WINDOWS\yqiwaziguv.dl [2008/10/24 16:35:56 | 00,016,559 | ---- | M] () -- C:\WINDOWS\dedazuveci.db [2008/10/24 16:35:56 | 00,014,976 | ---- | M] () -- C:\WINDOWS\cefenohe.sys [2008/10/24 16:35:56 | 00,014,637 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hasegiri.lib [2008/10/24 16:35:56 | 00,012,897 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\abisi.dat [2008/10/24 16:35:56 | 00,012,317 | ---- | M] () -- C:\WINDOWS\pupiwuq._dl [2008/10/24 16:35:56 | 00,011,642 | ---- | M] () -- C:\WINDOWS\isazomike._dl [2008/10/24 16:35:55 | 00,019,839 | ---- | M] () -- C:\WINDOWS\wygywu.ban [2008/10/24 16:35:55 | 00,017,720 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\wimicuvo.reg [2008/10/24 16:35:55 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\cyfytesyr.lib [2008/10/24 16:35:55 | 00,013,087 | ---- | M] () -- C:\WINDOWS\System32\ujofy._sy [2008/10/24 16:35:55 | 00,012,631 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ajuqeqy.bat [2008/10/24 16:35:55 | 00,011,631 | ---- | M] () -- C:\Program Files\Common Files\gozyxa.lib [2008/10/24 16:35:55 | 00,011,380 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\zenibupoce.dat [2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys [2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2008/10/22 15:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/22 15:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/10/20 19:10:51 | 00,000,262 | ---- | M] () -- C:\WINDOWS\PicEdit.INI < End of report > EXTRAS OTListIt Extras logfile created on: 11/16/2008 11:17:33 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Ariel\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.53 Mb Total Physical Memory | 143.04 Mb Available Physical Memory | 56.20% Memory free 623.23 Mb Paging File | 405.20 Mb Available in Paging File | 65.02% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14.93 Gb Total Space | 4.09 Gb Free Space | 27.42% Space Free | Partition Type: NTFS Drive D: | 40.94 Gb Total Space | 11.13 Gb Free Space | 27.17% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THEJUMPOFF Current User Name: Ariel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 10:53:32 | 00,566,272 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [2007/05/07 10:07:22 | 00,029,616 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2004/09/28 19:29:34 | 00,053,355 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw [2004/08/04 15:41:00 | 00,526,224 | ---- | M] (Mozilla, Netscape) -- C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape [2005/03/04 01:07:06 | 00,057,442 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary [2005/06/03 01:24:14 | 00,057,442 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary [2008/04/13 16:12:21 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console [2005/11/10 11:27:16 | 00,057,442 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary [2008/02/08 13:32:57 | 00,155,648 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2006/11/02 23:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader [2005/10/31 07:56:00 | 00,708,608 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer [2007/05/13 06:57:46 | 05,316,608 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule [2008/01/03 08:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM [2008/04/13 10:53:32 | 00,566,272 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [2007/12/03 19:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus [2008/04/13 16:12:28 | 01,703,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger [2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:3500-4500 Series Server [2007/07/16 11:54:08 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor [2007/04/26 07:38:45 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface [2007/04/26 07:38:47 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface [2007/04/26 07:38:31 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable [2008/10/22 15:10:20 | 01,269,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware [2007/05/07 10:07:22 | 00,029,616 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Printing Application [2007/04/26 07:38:41 | 00,320,432 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdiih.exe:*:Enabled:Printer Communication System [2007/07/16 11:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Device Monitor Application [2007/04/26 07:38:33 | 00,140,208 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway [2008/04/13 16:12:33 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32 [2008/04/13 16:12:18 | 00,091,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00609F70-5043-4C20-895A-D6EF7ACE9304}" = PicoPlayerSplashScreen "{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306 "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar "{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper "{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{2FAF5A9F-7EDE-4F1A-B082-C95A9F420630}" = Media Bar 3.2.12 "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.2 "{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup "{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP "{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger "{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass
  4. So I run Mbam and it deletes "Windows XP Antivirus 2009" temporarily. At different times the computer will restart all by itself and re-install it. Also, can't delete "mrdavv.sys". I'd really appreciate it if someone would help me with this, it's almost been a month now. MBAM Log: Malwarebytes' Anti-Malware 1.30 Database version: 1402 Windows 5.1.2600 Service Pack 3 11/16/2008 7:09:43 PM mbam-log-2008-11-16 (19-09-43).txt Scan type: Quick Scan Objects scanned: 55164 Time elapsed: 7 minute(s), 16 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Ariel\Local Settings\Temporary Internet Files\Content.IE5\M6QT8F30\baka[1].txt (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.