Jump to content

Last Resort! -- XP Antivirus & mrxdavv.sys -- Help, please


Recommended Posts

So I run Mbam and it deletes "Windows XP Antivirus 2009" temporarily. At different times the computer will restart all by itself and re-install it. Also, can't delete "mrdavv.sys". I'd really appreciate it if someone would help me with this, it's almost been a month now. :blink:

MBAM Log:

Malwarebytes' Anti-Malware 1.30

Database version: 1402

Windows 5.1.2600 Service Pack 3

11/16/2008 7:09:43 PM

mbam-log-2008-11-16 (19-09-43).txt

Scan type: Quick Scan

Objects scanned: 55164

Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 10

Memory Processes Infected:

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ariel\Local Settings\Temporary Internet Files\Content.IE5\M6QT8F30\baka[1].txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
http://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow">
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.
Link to post
Share on other sites

Hey Raid, thanks for answering. I read the Pre-HJT Instructions and here's what happened:

1. MBAM Log:

Malwarebytes' Anti-Malware 1.30

Database version: 1402

Windows 5.1.2600 Service Pack 3

11/16/2008 7:09:43 PM

mbam-log-2008-11-16 (19-09-43).txt

Scan type: Quick Scan

Objects scanned: 55164

Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 10

Memory Processes Infected:

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ariel\Local Settings\Temporary Internet Files\Content.IE5\M6QT8F30\baka[1].txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

2. Spybot Search & Destroy

Downloaded it and ran the program. When I clicked "Install" I received a window with an error message that said " 'File Download' A connection with the server could not be established". Couldn't go any further with the installation.

3. PandaActive Scan/ ESET Online

Keep getting blank windows that read, "internet explorer cannot display the webpage". Tried through Netscape and get, "The connection was refused when trying to connect..."

4. OTListIt

OTListIt logfile created on: 11/16/2008 11:17:33 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Ariel\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.53 Mb Total Physical Memory | 143.04 Mb Available Physical Memory | 56.20% Memory free

623.23 Mb Paging File | 405.20 Mb Available in Paging File | 65.02% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14.93 Gb Total Space | 4.09 Gb Free Space | 27.42% Space Free | Partition Type: NTFS

Drive D: | 40.94 Gb Total Space | 11.13 Gb Free Space | 27.17% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: THEJUMPOFF

Current User Name: Ariel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

[2002/07/17 07:59:48 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe

[2002/07/17 07:45:02 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe

[2007/07/16 11:54:08 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

[2007/07/16 11:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

[2008/10/22 15:10:24 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[2007/04/16 15:28:22 | 00,585,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2008/04/13 16:12:28 | 01,703,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

[1999/12/12 17:01:00 | 00,052,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

[2007/04/26 07:38:21 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe

[2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe

[2008/10/22 15:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[2005/07/04 15:46:04 | 00,061,499 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

[2006/08/28 08:23:44 | 05,535,744 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

[2008/11/16 23:16:14 | 00,426,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ariel\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])

[2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/08/01 08:46:59 | 00,077,312 | ---- | M] (BOONTY) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games [On_Demand | Stopped])

[2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[1999/12/12 17:01:00 | 00,052,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])

File not found -- -- (gusvc [On_Demand | Stopped])

[2004/10/22 02:24:18 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2007/04/26 07:38:21 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe -- (lxdiCATSCustConnectService [Auto | Running])

[2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe -- (lxdi_device [Auto | Running])

[2008/10/22 15:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])

[2001/09/27 22:26:40 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])

[2007/01/25 15:52:49 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Stopped])

[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2006/10/18 20:05:24 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

File not found -- -- (WUSB54GCSVC [Auto | Running])

========== Driver Services ==========

[2008/08/04 22:22:44 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])

[2008/09/24 10:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])

[2001/08/17 12:11:26 | 00,054,271 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX [On_Demand | Stopped])

[2001/08/17 13:28:00 | 00,871,388 | ---- | M] (BCM) -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem [On_Demand | Stopped])

File not found -- -- (Beep [system | Running])

[2001/08/17 12:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt [On_Demand | Stopped])

[2001/08/17 12:12:24 | 00,003,168 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg [On_Demand | Stopped])

[2001/08/17 12:12:18 | 00,039,552 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm [On_Demand | Stopped])

[2001/08/17 12:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM [On_Demand | Stopped])

[2000/12/05 16:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall [system | Running])

[2002/07/23 09:01:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x [On_Demand | Running])

[2002/07/23 09:01:28 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])

[2002/07/23 09:01:30 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])

[2002/07/23 09:01:30 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])

[2002/07/23 09:01:28 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])

[2002/07/23 09:01:28 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])

[2002/07/23 09:01:32 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5 [On_Demand | Stopped])

[2002/07/23 09:01:32 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6 [On_Demand | Stopped])

[2002/07/23 09:01:32 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7 [On_Demand | Stopped])

[2002/07/23 09:01:34 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8 [On_Demand | Stopped])

[2002/07/23 09:01:22 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])

[2002/07/23 09:01:22 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])

[2002/07/23 09:01:24 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])

[2002/07/23 09:01:20 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])

[2002/07/23 09:01:26 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5 [On_Demand | Stopped])

[2002/07/23 09:01:26 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6 [On_Demand | Stopped])

[2002/10/15 00:00:00 | 00,013,891 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeBusDr.sys -- (IdeBusDr [boot | Running])

[2002/10/15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeChnDr.sys -- (IdeChnDr [boot | Running])

[2001/05/08 17:57:20 | 00,467,985 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])

[2008/10/22 15:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])

[2008/04/13 10:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys -- (mf [On_Demand | Stopped])

[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])

[2008/04/28 21:26:10 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])

[2001/08/18 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/03/07 15:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2005/11/24 18:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Running])

[2008/07/17 14:40:32 | 00,109,952 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2004/08/03 21:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped])

[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2001/08/24 15:47:56 | 00,442,168 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])

[2001/12/03 09:53:36 | 00,079,356 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyFanC.sys -- (SonyFanC [system | Running])

[2007/08/09 06:57:59 | 00,115,000 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])

[2006/08/28 00:20:38 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])

[2000/03/09 10:24:42 | 00,007,196 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\V7.SYS -- (V7 [Auto | Running])

[2008/11/04 12:55:46 | 00,008,496 | ---- | M] () -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB [system | Running])

[2006/02/20 17:59:28 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus [On_Demand | Stopped])

[2006/02/20 17:59:32 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped])

[2006/02/20 17:59:34 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm [On_Demand | Stopped])

[2006/02/20 17:59:36 | 00,083,344 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex [On_Demand | Stopped])

[2001/08/18 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])

[2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/googlesidesearch.html

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/googlesidesearch.html

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?p...cid={SUB_CLSID}

HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople

HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com

HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

HKU\S-1-5-21-776561741-299502267-725345543-1003\S-1-5-21-776561741-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.begin2search.com/googlesidesearch.html

HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Data =

HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://www.begin2search.com/googlesidesearch.html

HKU\S-1-5-21-776561741-299502267-725345543-1004\S-1-5-21-776561741-299502267-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (3973 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 NtKrnlpa.cn

O1 - Hosts: 127.0.0.1 www.Merijn.org

O1 - Hosts: 127.0.0.1 www.hijackthis.de

O1 - Hosts: 127.0.0.1 www.avg-antivirus.net

O1 - Hosts: 127.0.0.1 www.free.grisoft.com

O1 - Hosts: 127.0.0.1 www.analysis.seclab.tuwien.ac.at

O1 - Hosts: 127.0.0.1 www.free.avg.com

O1 - Hosts: 127.0.0.1 guru0.grisoft.cz

O1 - Hosts: 127.0.0.1 guru1.grisoft.cz

O1 - Hosts: 127.0.0.1 guru2.grisoft.cz

O1 - Hosts: 127.0.0.1 guru3.grisoft.cz

O1 - Hosts: 127.0.0.1 guru4.grisoft.cz

O1 - Hosts: 127.0.0.1 guru5.grisoft.cz

O1 - Hosts: 127.0.0.1 www.virusspy.com

O1 - Hosts: 127.0.0.1 www.download.f-secure.com

O1 - Hosts: 127.0.0.1 www.housecall.trendmicro.com

O1 - Hosts: 127.0.0.1 www.avast.com

O1 - Hosts: 127.0.0.1 www.free.avg.com

O1 - Hosts: 127.0.0.1 www.onlinescan.avast.com

O1 - Hosts: 127.0.0.1 www.futurenow.bitdefender.com

O1 - Hosts: 127.0.0.1 www.bitdefender.com

O1 - Hosts: 127.0.0.1 www.f-prot.com

O1 - Hosts: 127.0.0.1 www.trendsecure.com

O1 - Hosts: 127.0.0.1 www.avira.com

O1 - Hosts: 127.0.0.1 www.eset.com

O1 - Hosts: 77 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-776561741-299502267-725345543-1004\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" ()

O4 - HKLM..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\S-1-5-21-776561741-299502267-725345543-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKU\S-1-5-21-776561741-299502267-725345543-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-299502267-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0

O7 - HKU\S-1-5-21-776561741-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} http://www.pacimedia.com/install/pcs_0013.exe (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://tao108.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key does not exist or could not be opened.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 65.41.120.51,208.13.143.36

O18 - Protocol\Handler: - cdo - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls" = karna.dat-20 WinNT

>File not found --

>File not found --

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

fccdcDTm: "DllName" = fccdcDTm.dll -- File not found

netprp: "DllName" = netprp.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages" = msv1_0,C:\WINDOWS\system32\ddcCTkli,

>File not found --

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2004/08/24 14:18:17 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.CAM []

[2004/08/24 14:08:03 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.CAM -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]

[2008/11/16 23:16:14 | 00,426,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ariel\Desktop\OTListIt.exe

[2008/11/16 23:12:34 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ariel\Desktop\spybotsd160.exe

[2008/11/16 19:09:50 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\kjdyj.sys

[2008/11/15 01:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Desktop\RegSeeker

[2008/11/12 19:51:53 | 00,000,527 | ---- | C] () -- C:\WINDOWS\System32\TDSSuuvd.dat

[2008/11/12 17:58:00 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/11/12 17:57:32 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2008/11/12 00:23:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\vlc

[2008/11/12 00:19:59 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2008/11/11 12:01:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates

[2008/11/11 00:29:09 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\HIT Day 3 - Month 1.doc

[2008/11/11 00:27:22 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\3X3 Day 2 - Month 1.doc

[2008/11/11 00:09:42 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\5X5 Day 1 - Month 1.doc

[2008/11/10 20:09:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2008/11/10 20:07:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7

[2008/11/10 20:07:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

[2008/11/09 02:37:23 | 26,696,4992 | -HS- | C] () -- C:\hiberfil.sys

[2008/11/08 16:09:28 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2008/11/08 16:09:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2008/11/07 13:18:53 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2008/11/07 13:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2008/11/06 23:56:12 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2008/11/05 20:30:10 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97

[2008/11/05 20:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegCure

[2008/11/05 19:44:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/11/05 19:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync

[2008/11/05 19:42:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer

[2008/11/05 19:41:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2008/11/05 18:44:05 | 00,000,000 | ---D | C] -- C:\Program Files\weblin

[2008/11/05 18:34:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\zweitgeist

[2008/11/05 15:25:34 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWinPortable

[2008/11/05 03:39:27 | 00,000,000 | RHS- | C] () -- C:\IO.SYS

[2008/11/05 01:22:01 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll

[2008/11/05 01:21:47 | 00,000,000 | ---D | C] -- C:\Intel

[2008/11/05 00:50:31 | 00,109,952 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys

[2008/11/05 00:50:31 | 00,009,728 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\RtNicProp32.dll

[2008/11/05 00:50:30 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek

[2008/11/05 00:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\InstallShield

[2008/11/05 00:41:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/11/05 00:41:27 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2008/11/05 00:41:24 | 10,540,032 | ---- | C] () -- C:\WINDOWS\System32\RTLCPL.EXE

[2008/11/05 00:41:24 | 00,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV

[2008/11/05 00:40:06 | 00,000,000 | ---D | C] -- C:\dell

[2008/11/05 00:38:03 | 00,000,000 | ---D | C] -- C:\Program Files\Intel

[2008/11/05 00:31:51 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys

[2008/11/05 00:31:51 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys

[2008/11/05 00:31:51 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv

[2008/11/05 00:31:49 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys

[2008/11/05 00:31:49 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax

[2008/11/05 00:31:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll

[2008/11/05 00:31:48 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys

[2008/11/05 00:11:03 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\Driver Magician.lnk

[2008/11/05 00:10:56 | 00,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll

[2008/11/05 00:10:56 | 00,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin

[2008/11/05 00:10:54 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx

[2008/11/05 00:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician

[2008/11/04 23:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Local Settings\Application Data\TouchStoneSoftware

[2008/11/04 23:48:43 | 01,686,016 | ---- | C] (Clever Components) -- C:\WINDOWS\System32\clinetsuitex6.ocx

[2008/11/04 23:48:43 | 00,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XCEEDZIP.DLL

[2008/11/04 23:32:03 | 00,001,609 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\SpeedItup Free.lnk

[2008/11/04 23:32:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\Speeditup Free

[2008/11/04 23:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\Speeditup Free

[2008/11/04 14:24:09 | 00,000,000 | RH-D | C] -- C:\AHCache

[2008/11/04 13:50:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2008/11/04 12:55:58 | 00,008,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\VNUSB.sys

[2008/11/04 12:55:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\a9k.bin

[2008/11/03 23:39:24 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

[2008/11/01 10:19:13 | 00,000,000 | ---D | C] -- C:\lxk3500-4500Patch

[2008/10/31 11:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar

[2008/10/31 09:04:47 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\bb1.dat

[2008/10/31 08:53:55 | 00,081,920 | ---- | C] () -- C:\WINDOWS\inform.dat

[2008/10/29 16:04:08 | 00,000,000 | ---D | C] -- C:\logs

[2008/10/29 16:01:02 | 00,000,000 | ---D | C] -- C:\Config.Msi

[2008/10/29 14:54:23 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\Delete_Me_Dummy_karna.dat

[2008/10/29 12:40:08 | 00,000,514 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Ariel.job

[2008/10/29 12:40:07 | 00,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Ariel.job

[2008/10/29 12:40:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/10/29 12:40:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/10/29 12:40:00 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/10/28 21:56:57 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK

[2008/10/28 21:23:41 | 00,000,000 | ---D | C] -- C:\lexmark

[2008/10/28 20:53:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\Lexmark Productivity Studio

[2008/10/28 20:48:37 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys

[2008/10/28 20:48:27 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys

[2008/10/28 20:39:23 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll

[2008/10/28 20:39:19 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll

[2008/10/28 20:38:36 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll

[2008/10/28 20:38:02 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll

[2008/10/28 20:38:02 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll

[2008/10/28 20:38:02 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll

[2008/10/28 20:36:55 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini

[2008/10/28 20:36:36 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll

[2008/10/28 20:36:36 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll

[2008/10/28 20:36:36 | 00,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll

[2008/10/28 20:36:36 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll

[2008/10/28 20:36:35 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll

[2008/10/28 20:36:35 | 00,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll

[2008/10/28 20:36:35 | 00,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll

[2008/10/28 20:36:35 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll

[2008/10/28 20:36:35 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll

[2008/10/28 20:36:34 | 00,965,785 | ---- | C] () -- C:\WINDOWS\System32\lxdihelp.chm

[2008/10/28 20:36:34 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll

[2008/10/28 20:36:34 | 00,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe

[2008/10/28 20:36:33 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll

[2008/10/28 20:36:33 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll

[2008/10/28 20:36:32 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxdigf.dll

[2008/10/28 20:36:32 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll

[2008/10/28 20:36:32 | 00,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe

[2008/10/28 20:36:32 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll

[2008/10/28 20:36:31 | 00,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe

[2008/10/28 20:36:31 | 00,077,906 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxdicfg.dll

[2008/10/28 20:36:31 | 00,077,810 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf

[2008/10/28 20:36:31 | 00,001,900 | ---- | C] () -- C:\WINDOWS\System32\lxdi.loc

[2008/10/28 20:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series

[2008/10/27 17:26:36 | 00,019,106 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\syhacapes.inf

[2008/10/27 17:26:35 | 00,015,513 | ---- | C] () -- C:\WINDOWS\System32\ruqecihaqi.sys

[2008/10/27 17:26:35 | 00,014,423 | ---- | C] () -- C:\WINDOWS\awilujynid.bin

[2008/10/27 17:26:35 | 00,014,358 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\fyguse.dat

[2008/10/27 17:26:35 | 00,012,791 | ---- | C] () -- C:\WINDOWS\System32\ropinom.inf

[2008/10/27 17:26:35 | 00,011,654 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\awiwovi.lib

[2008/10/27 17:26:34 | 00,011,619 | ---- | C] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\erejef.dat

[2008/10/27 17:26:34 | 00,010,371 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\isydici.vbs

[2008/10/27 17:26:34 | 00,010,323 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\ykepof.bin

[2008/10/27 17:26:33 | 00,016,903 | ---- | C] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\aquzyritys.sys

[2008/10/27 17:26:33 | 00,016,295 | ---- | C] () -- C:\WINDOWS\picequd.scr

[2008/10/27 17:26:33 | 00,011,308 | ---- | C] () -- C:\WINDOWS\olusal.lib

[2008/10/27 17:26:32 | 00,015,914 | ---- | C] () -- C:\WINDOWS\mefyt._sy

[2008/10/27 17:26:32 | 00,015,355 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\lukowiduxa.reg

[2008/10/27 17:26:32 | 00,010,375 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\hywonezeno.bin

[2008/10/27 17:26:31 | 00,019,471 | ---- | C] () -- C:\WINDOWS\inirojocyv.exe

[2008/10/27 17:26:31 | 00,018,914 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sywub.db

[2008/10/27 17:26:31 | 00,016,745 | ---- | C] () -- C:\WINDOWS\System32\pebajevo.sys

[2008/10/27 17:26:31 | 00,013,633 | ---- | C] () -- C:\Program Files\Common Files\uvygurev.com

[2008/10/27 17:26:31 | 00,010,361 | ---- | C] () -- C:\WINDOWS\System32\cupivy.dl

[2008/10/26 23:37:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/10/26 12:30:50 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe

[2008/10/26 12:30:50 | 00,099,328 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe

[2008/10/26 12:30:50 | 00,098,304 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe

[2008/10/26 12:30:50 | 00,093,696 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe

[2008/10/26 12:30:50 | 00,093,696 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe

[2008/10/26 12:30:50 | 00,093,696 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe

[2008/10/26 12:30:50 | 00,093,184 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe

[2008/10/26 12:30:50 | 00,089,088 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe

[2008/10/26 12:30:50 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe

[2008/10/26 12:30:49 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe

[2008/10/26 12:30:49 | 00,144,384 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe

[2008/10/26 12:30:49 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe

[2008/10/26 12:30:49 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

[2008/10/26 12:27:12 | 00,002,254 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg

[2008/10/25 23:31:18 | 00,001,505 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\Vuze.lnk

[2008/10/25 20:49:37 | 00,004,986 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\mmount01.jpg

[2008/10/25 20:49:24 | 00,000,914 | ---- | C] () -- C:\Documents and Settings\Ariel\Desktop\Motorized Mount Ad.rtf

[2008/10/25 17:40:19 | 00,000,000 | ---D | C] -- C:\Program Files\xerox

[2008/10/25 17:40:14 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone

[2008/10/25 09:38:46 | 00,044,544 | ---- | C] (Ret) -- C:\WINDOWS\System32\hgapt32.dll

[2008/10/25 09:35:08 | 00,007,168 | -HS- | C] () -- C:\WINDOWS\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable

[2008/10/24 17:58:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Application Data\Malwarebytes

[2008/10/24 17:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/10/24 17:45:01 | 00,019,742 | ---- | C] () -- C:\WINDOWS\System32\sinomemyxu.vbs

[2008/10/24 17:45:01 | 00,019,330 | ---- | C] () -- C:\WINDOWS\fovebituxu.bin

[2008/10/24 17:45:01 | 00,019,319 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wakoza.ban

[2008/10/24 17:45:01 | 00,019,246 | ---- | C] () -- C:\WINDOWS\yluzyre.exe

[2008/10/24 17:45:01 | 00,019,150 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\wamebop.ban

[2008/10/24 17:45:01 | 00,018,693 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dasipi._sy

[2008/10/24 17:45:01 | 00,018,526 | ---- | C] () -- C:\WINDOWS\yryrimi.vbs

[2008/10/24 17:45:01 | 00,018,483 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\otaquwun.scr

[2008/10/24 17:45:01 | 00,017,618 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\dyvetogy.db

[2008/10/24 17:45:01 | 00,016,862 | ---- | C] () -- C:\Program Files\Common Files\posas.dl

[2008/10/24 17:45:01 | 00,016,276 | ---- | C] () -- C:\Program Files\Common Files\rybucox.inf

[2008/10/24 17:45:01 | 00,016,245 | ---- | C] () -- C:\WINDOWS\icinapy.sys

[2008/10/24 17:45:01 | 00,016,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nugukuf.dl

[2008/10/24 17:45:01 | 00,016,047 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qazog.com

[2008/10/24 17:45:01 | 00,015,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sarada.pif

[2008/10/24 17:45:01 | 00,014,495 | ---- | C] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\kysad.reg

[2008/10/24 17:45:01 | 00,014,023 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\zucozy.dl

[2008/10/24 17:45:01 | 00,013,690 | ---- | C] () -- C:\WINDOWS\ivahiz.sys

[2008/10/24 17:45:01 | 00,013,289 | ---- | C] () -- C:\Program Files\Common Files\synid.inf

[2008/10/24 17:45:01 | 00,011,839 | ---- | C] () -- C:\WINDOWS\uxikihi.com

[2008/10/24 17:45:01 | 00,011,485 | ---- | C] () -- C:\WINDOWS\System32\viteciw.bat

[2008/10/24 17:45:01 | 00,011,355 | ---- | C] () -- C:\WINDOWS\opivesez.bin

[2008/10/24 17:29:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Download Manager

[2008/10/24 16:35:56 | 00,019,852 | ---- | C] () -- C:\WINDOWS\rehynonog.com

[2008/10/24 16:35:56 | 00,019,509 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agitasa.scr

[2008/10/24 16:35:56 | 00,018,377 | ---- | C] () -- C:\Program Files\Common Files\gowuz.reg

[2008/10/24 16:35:56 | 00,017,227 | ---- | C] () -- C:\WINDOWS\yqiwaziguv.dl

[2008/10/24 16:35:56 | 00,016,559 | ---- | C] () -- C:\WINDOWS\dedazuveci.db

[2008/10/24 16:35:56 | 00,014,976 | ---- | C] () -- C:\WINDOWS\cefenohe.sys

[2008/10/24 16:35:56 | 00,014,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hasegiri.lib

[2008/10/24 16:35:56 | 00,012,897 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\abisi.dat

[2008/10/24 16:35:56 | 00,012,317 | ---- | C] () -- C:\WINDOWS\pupiwuq._dl

[2008/10/24 16:35:56 | 00,011,642 | ---- | C] () -- C:\WINDOWS\isazomike._dl

[2008/10/24 16:35:55 | 00,019,839 | ---- | C] () -- C:\WINDOWS\wygywu.ban

[2008/10/24 16:35:55 | 00,017,720 | ---- | C] () -- C:\Documents and Settings\Ariel\Application Data\wimicuvo.reg

[2008/10/24 16:35:55 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\cyfytesyr.lib

[2008/10/24 16:35:55 | 00,013,087 | ---- | C] () -- C:\WINDOWS\System32\ujofy._sy

[2008/10/24 16:35:55 | 00,012,631 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ajuqeqy.bat

[2008/10/24 16:35:55 | 00,011,631 | ---- | C] () -- C:\Program Files\Common Files\gozyxa.lib

[2008/10/24 16:35:55 | 00,011,380 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\zenibupoce.dat

[2008/10/24 16:21:21 | 00,014,369 | ---- | C] () -- C:\WINDOWS\System32\lm.dat

[2008/10/23 15:50:48 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/19 04:39:28 | 00,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2008/10/19 02:17:47 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/10/19 02:09:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Desktop\YM- The Reckoning

[2008/10/19 01:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2008/10/19 01:36:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ariel\Local Settings\Application Data\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[330 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008/11/16 23:16:14 | 00,426,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ariel\Desktop\OTListIt.exe

[2008/11/16 23:12:34 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ariel\Desktop\spybotsd160.exe

[2008/11/16 20:05:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/11/16 19:09:50 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\kjdyj.sys

[2008/11/16 18:36:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/16 18:34:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/11/16 18:34:03 | 00,003,973 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008/11/16 18:34:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/16 18:34:01 | 26,696,4992 | -HS- | M] () -- C:\hiberfil.sys

[2008/11/16 13:00:19 | 00,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Ariel.job

[2008/11/16 12:01:00 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Ariel.job

[2008/11/15 15:42:43 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\HIT Day 3 - Month 1.doc

[2008/11/15 15:42:10 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\5X5 Day 1 - Month 1.doc

[2008/11/15 13:41:33 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\Ariel\My Documents\My Sharing Folders.lnk

[2008/11/15 11:48:23 | 04,317,596 | -H-- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\IconCache.db

[2008/11/12 19:51:53 | 00,000,527 | ---- | M] () -- C:\WINDOWS\System32\TDSSuuvd.dat

[2008/11/12 19:12:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008/11/12 00:19:59 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2008/11/11 00:45:16 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\3X3 Day 2 - Month 1.doc

[2008/11/10 20:15:34 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Ariel\My Documents\desktop.ini

[2008/11/09 01:04:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2008/11/08 16:09:28 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2008/11/08 12:17:53 | 00,243,712 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/07 13:18:53 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2008/11/06 23:55:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2008/11/06 23:55:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2008/11/06 17:55:48 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/11/06 17:55:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2008/11/06 17:55:48 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2008/11/05 21:23:48 | 00,097,912 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/05 20:13:09 | 00,320,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/11/05 19:44:25 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2008/11/05 00:11:03 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\Driver Magician.lnk

[2008/11/04 23:32:03 | 00,001,609 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\SpeedItup Free.lnk

[2008/11/04 15:19:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\a9k.bin

[2008/11/04 14:43:20 | 00,458,880 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/11/04 14:43:20 | 00,407,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/04 14:43:20 | 00,064,068 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/11/04 12:55:46 | 00,008,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\VNUSB.sys

[2008/11/03 16:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008/10/31 11:22:52 | 00,077,810 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf

[2008/10/31 11:22:14 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK

[2008/10/31 09:04:47 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\bb1.dat

[2008/10/31 08:53:55 | 00,081,920 | ---- | M] () -- C:\WINDOWS\inform.dat

[2008/10/31 08:53:55 | 00,014,369 | ---- | M] () -- C:\WINDOWS\System32\lm.dat

[2008/10/30 06:24:06 | 02,168,815 | ---- | M] () -- C:\WINDOWS\Paradigm.SPF

[2008/10/29 15:05:33 | 00,002,254 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

[2008/10/29 12:40:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/10/27 17:26:36 | 00,019,106 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\syhacapes.inf

[2008/10/27 17:26:35 | 00,015,513 | ---- | M] () -- C:\WINDOWS\System32\ruqecihaqi.sys

[2008/10/27 17:26:35 | 00,014,423 | ---- | M] () -- C:\WINDOWS\awilujynid.bin

[2008/10/27 17:26:35 | 00,014,358 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\fyguse.dat

[2008/10/27 17:26:35 | 00,012,791 | ---- | M] () -- C:\WINDOWS\System32\ropinom.inf

[2008/10/27 17:26:35 | 00,011,654 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\awiwovi.lib

[2008/10/27 17:26:34 | 00,011,619 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\erejef.dat

[2008/10/27 17:26:34 | 00,010,371 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\isydici.vbs

[2008/10/27 17:26:34 | 00,010,323 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\ykepof.bin

[2008/10/27 17:26:33 | 00,016,903 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\aquzyritys.sys

[2008/10/27 17:26:33 | 00,016,295 | ---- | M] () -- C:\WINDOWS\picequd.scr

[2008/10/27 17:26:33 | 00,011,308 | ---- | M] () -- C:\WINDOWS\olusal.lib

[2008/10/27 17:26:32 | 00,015,914 | ---- | M] () -- C:\WINDOWS\mefyt._sy

[2008/10/27 17:26:32 | 00,015,355 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\lukowiduxa.reg

[2008/10/27 17:26:32 | 00,010,375 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\hywonezeno.bin

[2008/10/27 17:26:31 | 00,019,471 | ---- | M] () -- C:\WINDOWS\inirojocyv.exe

[2008/10/27 17:26:31 | 00,018,914 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sywub.db

[2008/10/27 17:26:31 | 00,016,745 | ---- | M] () -- C:\WINDOWS\System32\pebajevo.sys

[2008/10/27 17:26:31 | 00,013,633 | ---- | M] () -- C:\Program Files\Common Files\uvygurev.com

[2008/10/27 17:26:31 | 00,010,361 | ---- | M] () -- C:\WINDOWS\System32\cupivy.dl

[2008/10/27 02:59:35 | 00,044,544 | ---- | M] (Ret) -- C:\WINDOWS\System32\hgapt32.dll

[2008/10/25 23:31:18 | 00,001,505 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\Vuze.lnk

[2008/10/25 21:02:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2008/10/25 21:02:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm

[2008/10/25 20:50:58 | 00,000,914 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\Motorized Mount Ad.rtf

[2008/10/25 20:47:39 | 00,004,986 | ---- | M] () -- C:\Documents and Settings\Ariel\Desktop\mmount01.jpg

[2008/10/25 09:35:10 | 00,007,168 | -HS- | M] () -- C:\WINDOWS\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable

[2008/10/24 17:45:01 | 00,019,742 | ---- | M] () -- C:\WINDOWS\System32\sinomemyxu.vbs

[2008/10/24 17:45:01 | 00,019,330 | ---- | M] () -- C:\WINDOWS\fovebituxu.bin

[2008/10/24 17:45:01 | 00,019,319 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wakoza.ban

[2008/10/24 17:45:01 | 00,019,246 | ---- | M] () -- C:\WINDOWS\yluzyre.exe

[2008/10/24 17:45:01 | 00,019,150 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\wamebop.ban

[2008/10/24 17:45:01 | 00,018,693 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dasipi._sy

[2008/10/24 17:45:01 | 00,018,526 | ---- | M] () -- C:\WINDOWS\yryrimi.vbs

[2008/10/24 17:45:01 | 00,018,483 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\otaquwun.scr

[2008/10/24 17:45:01 | 00,017,618 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\dyvetogy.db

[2008/10/24 17:45:01 | 00,016,862 | ---- | M] () -- C:\Program Files\Common Files\posas.dl

[2008/10/24 17:45:01 | 00,016,276 | ---- | M] () -- C:\Program Files\Common Files\rybucox.inf

[2008/10/24 17:45:01 | 00,016,245 | ---- | M] () -- C:\WINDOWS\icinapy.sys

[2008/10/24 17:45:01 | 00,016,191 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nugukuf.dl

[2008/10/24 17:45:01 | 00,016,047 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qazog.com

[2008/10/24 17:45:01 | 00,015,102 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sarada.pif

[2008/10/24 17:45:01 | 00,014,495 | ---- | M] () -- C:\Documents and Settings\Ariel\Local Settings\Application Data\kysad.reg

[2008/10/24 17:45:01 | 00,014,023 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\zucozy.dl

[2008/10/24 17:45:01 | 00,013,690 | ---- | M] () -- C:\WINDOWS\ivahiz.sys

[2008/10/24 17:45:01 | 00,013,289 | ---- | M] () -- C:\Program Files\Common Files\synid.inf

[2008/10/24 17:45:01 | 00,011,839 | ---- | M] () -- C:\WINDOWS\uxikihi.com

[2008/10/24 17:45:01 | 00,011,485 | ---- | M] () -- C:\WINDOWS\System32\viteciw.bat

[2008/10/24 17:45:01 | 00,011,355 | ---- | M] () -- C:\WINDOWS\opivesez.bin

[2008/10/24 16:35:56 | 00,019,852 | ---- | M] () -- C:\WINDOWS\rehynonog.com

[2008/10/24 16:35:56 | 00,019,509 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\agitasa.scr

[2008/10/24 16:35:56 | 00,018,377 | ---- | M] () -- C:\Program Files\Common Files\gowuz.reg

[2008/10/24 16:35:56 | 00,017,227 | ---- | M] () -- C:\WINDOWS\yqiwaziguv.dl

[2008/10/24 16:35:56 | 00,016,559 | ---- | M] () -- C:\WINDOWS\dedazuveci.db

[2008/10/24 16:35:56 | 00,014,976 | ---- | M] () -- C:\WINDOWS\cefenohe.sys

[2008/10/24 16:35:56 | 00,014,637 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hasegiri.lib

[2008/10/24 16:35:56 | 00,012,897 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\abisi.dat

[2008/10/24 16:35:56 | 00,012,317 | ---- | M] () -- C:\WINDOWS\pupiwuq._dl

[2008/10/24 16:35:56 | 00,011,642 | ---- | M] () -- C:\WINDOWS\isazomike._dl

[2008/10/24 16:35:55 | 00,019,839 | ---- | M] () -- C:\WINDOWS\wygywu.ban

[2008/10/24 16:35:55 | 00,017,720 | ---- | M] () -- C:\Documents and Settings\Ariel\Application Data\wimicuvo.reg

[2008/10/24 16:35:55 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\cyfytesyr.lib

[2008/10/24 16:35:55 | 00,013,087 | ---- | M] () -- C:\WINDOWS\System32\ujofy._sy

[2008/10/24 16:35:55 | 00,012,631 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ajuqeqy.bat

[2008/10/24 16:35:55 | 00,011,631 | ---- | M] () -- C:\Program Files\Common Files\gozyxa.lib

[2008/10/24 16:35:55 | 00,011,380 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\zenibupoce.dat

[2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys

[2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/10/22 15:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/10/22 15:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/10/20 19:10:51 | 00,000,262 | ---- | M] () -- C:\WINDOWS\PicEdit.INI

< End of report >

EXTRAS

OTListIt Extras logfile created on: 11/16/2008 11:17:33 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Ariel\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.53 Mb Total Physical Memory | 143.04 Mb Available Physical Memory | 56.20% Memory free

623.23 Mb Paging File | 405.20 Mb Available in Paging File | 65.02% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14.93 Gb Total Space | 4.09 Gb Free Space | 27.42% Space Free | Partition Type: NTFS

Drive D: | 40.94 Gb Total Space | 11.13 Gb Free Space | 27.17% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: THEJUMPOFF

Current User Name: Ariel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 10:53:32 | 00,566,272 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2007/05/07 10:07:22 | 00,029,616 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004/09/28 19:29:34 | 00,053,355 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw

[2004/08/04 15:41:00 | 00,526,224 | ---- | M] (Mozilla, Netscape) -- C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape

[2005/03/04 01:07:06 | 00,057,442 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary

[2005/06/03 01:24:14 | 00,057,442 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary

[2008/04/13 16:12:21 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console

[2005/11/10 11:27:16 | 00,057,442 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary

[2008/02/08 13:32:57 | 00,155,648 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire

[2006/11/02 23:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader

[2005/10/31 07:56:00 | 00,708,608 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer

[2007/05/13 06:57:46 | 05,316,608 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule

[2008/01/03 08:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM

[2008/04/13 10:53:32 | 00,566,272 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2007/12/03 19:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus

[2008/04/13 16:12:28 | 01,703,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:3500-4500 Series Server

[2007/07/16 11:54:08 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor

[2007/04/26 07:38:45 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface

[2007/04/26 07:38:47 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface

[2007/04/26 07:38:31 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable

[2008/10/22 15:10:20 | 01,269,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware

[2007/05/07 10:07:22 | 00,029,616 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Printing Application

[2007/04/26 07:38:41 | 00,320,432 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdiih.exe:*:Enabled:Printer Communication System

[2007/07/16 11:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Device Monitor Application

[2007/04/26 07:38:33 | 00,140,208 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway

[2008/04/13 16:12:33 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32

[2008/04/13 16:12:18 | 00,091,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00609F70-5043-4C20-895A-D6EF7ACE9304}" = PicoPlayerSplashScreen

"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306

"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar

"{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper

"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate

"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource

"{2FAF5A9F-7EDE-4F1A-B082-C95A9F420630}" = Media Bar 3.2.12

"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.2

"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup

"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP

"{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger

"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass

Link to post
Share on other sites

Okay. Looks like a potential mess we have here...

Please try to get copies of all of the following files, zip them all up and attach here please.

C:\WINDOWS\system32\lxdicoms.exe

C:\WINDOWS\System32\drivers\kjdyj.sys

C:\WINDOWS\System32\TDSSuuvd.dat

C:\WINDOWS\System32\drivers\VNUSB.sys

C:\WINDOWS\System32\ruqecihaqi.sys

C:\WINDOWS\awilujynid.bin

C:\Documents and Settings\Ariel\Application Data\fyguse.dat

C:\WINDOWS\System32\ropinom.inf

C:\Documents and Settings\All Users\Documents\awiwovi.lib

C:\Documents and Settings\Ariel\Local Settings\Application Data\erejef.dat

C:\Documents and Settings\All Users\Documents\isydici.vbs

C:\Documents and Settings\Ariel\Application Data\ykepof.bin

C:\Documents and Settings\Ariel\Local Settings\Application Data\aquzyritys.sys

C:\WINDOWS\picequd.scr

C:\WINDOWS\olusal.lib

C:\WINDOWS\mefyt._sy

C:\Documents and Settings\Ariel\Application Data\lukowiduxa.reg

C:\Documents and Settings\Ariel\Application Data\hywonezeno.bin

C:\WINDOWS\inirojocyv.exe

C:\Documents and Settings\All Users\Application Data\sywub.db

C:\WINDOWS\System32\pebajevo.sys

C:\Program Files\Common Files\uvygurev.com

C:\WINDOWS\System32\cupivy.dl

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.