also @ TechSpot: iTunes 11.0.3 delivers revamped MiniPlayer, security fixes

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

LSASS.exe Application Error

Discussion in 'Virus and Malware Removal' started by jayrez, Jun 18, 2011.

Page 2 of 4

Broni Malware Annihilator Posts: 39,254 +175

Hold on for a sec....

Broni, Jun 18, 2011

#21

Broni Malware Annihilator Posts: 39,254 +175

Let's re-try with those "IE" lines removed.

New code:

Code:

:OTL
SRV - File not found [Auto] -- -- (RoxLiveShare9)
O2 - BHO: (no name) - {59c6f12b-f004-43e5-9997-08f2123119b6} - No CLSID value found.
O2 - BHO: (no name) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {59c6f12b-f004-43e5-9997-08f2123119b6} - No CLSID value found.
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\JESSY_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\Lindsay_Dawedeit_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [samybfke] File not found
O4 - HKU\Guest_ON_C..\Run: [MySpaceIM] C:\Documents and Settings\Guest\Application Data\MySpace\IM\bin\MySpaceIM.exe ()
O4 - HKU\Guest_ON_C..\Run: [OE_OEM] File not found
O4 - HKU\Guest_ON_C..\Run: [Yahoo! Pager] File not found
O4 - HKU\JESSY_ON_C..\Run: [MySpaceIM] File not found
O4 - HKU\JESSY_ON_C..\Run: [OE_OEM] File not found
O4 - HKU\JESSY_ON_C..\Run: [swg] File not found
O4 - HKU\JESSY_ON_C..\Run: [Yahoo! Pager] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdic32.dll) - C:\WINDOWS\system32\kbdic32.dll (Dmitry Streblechenko)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdhu132.dll) - C:\WINDOWS\system32\kbdhu132.dll (Dmitry Streblechenko)
[2011/06/12 00:50:37 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\kbdhu132.dll
[2011/06/12 00:50:20 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\kbdic32.dll
[2011/06/12 00:51:01 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\atmlib32.exe
[2011/06/12 00:50:55 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\CNCFLjJP32.exe
[2011/06/12 00:50:42 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ialmrnt532.exe
[2011/06/12 00:50:37 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\kbdhu132.dll
[2011/06/12 00:50:29 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ialmuCHT32.exe
[2011/06/12 00:50:20 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\kbdic32.dll
[2011/06/12 00:49:58 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ipxrip32.exe
[2011/06/12 00:49:54 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\msvfw3232.exe
[2011/06/12 00:49:52 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\iprop32.exe
[2011/06/12 00:49:25 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\Lindsay Dawedeit\0.9559369606395516.exe
[2011/06/12 00:49:25 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\Lindsay Dawedeit\0.9001891160520191.exe
[2011/06/12 00:49:25 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\Lindsay Dawedeit\0.43833626772242584.exe
[2011/06/12 00:49:23 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\Lindsay Dawedeit\0.3058821869240973.exe
[2011/06/10 18:05:55 | 000,001,294 | -HS- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\ep6kkw8xbk0184big1gr3105moca8yr5263
[2011/06/04 01:24:21 | 000,011,290 | -HS- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\io2j138s300jt5
[2011/05/28 20:21:03 | 000,008,790 | -HS- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/27 13:45:57 | 000,013,340 | -HS- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\232r7u660p253f31dil511257hxrt
[2011/05/25 17:07:24 | 000,013,468 | -HS- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\t2342bpnbb47w8
[2011/05/15 16:56:35 | 000,013,472 | -HS- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\d870p7ai35kvn85p1f03nwq3rkvtxt777r6wb20b7gs
[2011/04/15 20:24:48 | 000,013,518 | -HS- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/03/29 10:31:57 | 000,012,784 | -HS- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\75ay16jj8e5
[2011/03/17 23:38:01 | 000,012,602 | -HS- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\(+.X)+.,-V),X
[2011/02/20 18:43:09 | 000,013,974 | -HS- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s
[2006/02/27 18:18:44 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4A454A7968.sys


:Services

:Reg

:Files

:Commands
[purity]

Broni, Jun 18, 2011

#22

jayrez Newcomer, in training Posts: 47

Wow thank you so much, i tried it with the new code and it worked perfectly, took about 5 sesonds aha. And i rebooted my computer and it started up and went straight to my desktop.
So now what do you suggest I do?

jayrez, Jun 18, 2011

#23
Broni Malware Annihilator Posts: 39,254 +175

Perfect!

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Broni, Jun 18, 2011

#24
jayrez Newcomer, in training Posts: 47

Ok so here is what was happening. Everything was running fine as I was following the 7 Step Virus removal thread. I finished both the Virus and Malwarebytes scan and it was getting late so I went to sleep. I booted my computer today and the screen resolution was all the way down and for some reason my graphics card wasnt working. I kept getting a code 10.So i started Internet explorer to try to find a way to fix that, and all the sudden I kept getting all these random errors saying there is a problem with one of the disk drives and it is reccomended that I reboot the computer. And a random program pops up called "Windows XP Repair" or something (Cant exactly remember). And it said I have problems to fix so I selected fix and half of them fixed, and the other half didnt. They werent like viruses but it said they were problems with my hard drive and RAM and such. I was really confused because I have never seen that program before. So then after that I rebooted and it took an extremely long time to startup and get to the Desktop. Like 40 mins or so. And the desktops not even loaded fully, non of my items have shown up yet.

***UPDATE*

ok the desktop loaded and it took me straight back to "Windows XP Repair"
I try to open task manager and it says that task manager has been disabled by my administrator. Which is not true. I am going to do some research on this program..

jayrez, Jun 19, 2011

#25

Broni Malware Annihilator Posts: 39,254 +175

"Windows XP Repair" is a fake.
Never, ever click on ANYTHING, you're not familiar with.
Ask first, do later.

Do nothing else, but only what I asked you to do.
Proceed with all scans.
Complete, as many, as you can.
If you need to do it from Safe Mode with Networking to have better control over your computer, do so.

Broni, Jun 19, 2011

#26

Broni Malware Annihilator Posts: 39,254 +175
At the very beginning of this topic, I clearly said:

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Keep updating me regarding your computer behavior, good, or bad.
Broni, Jun 19, 2011

#27
jayrez Newcomer, in training Posts: 47

I cannot even get to my regular desktop. I will try on Safe mode.

I also went ahead and continued my download of Avira rescue control disk incase i may need that later.

jayrez, Jun 19, 2011

#28
Broni Malware Annihilator Posts: 39,254 +175

That's how you make things worse, when you don't follow my instructions.

Broni, Jun 19, 2011

#29
jayrez Newcomer, in training Posts: 47

im doing what you said. YOU told me to download Avira Rescue Disc. And im doing it on a seperate computer.

jayrez, Jun 19, 2011

#30
Broni Malware Annihilator Posts: 39,254 +175

You're here:

And i rebooted my computer and it started up and went straight to my desktop.

We're ready to do some fixes.

Then, you clicked on a fake (instead of asking me first) and a disaster happened.

Let me know, if Avira CD will fix you up.

Broni, Jun 19, 2011

#31
jayrez Newcomer, in training Posts: 47

Ran avira rescue CD and rebooted and now im getting blue screens on startup...

Technical Info

STOP: 0X0000007B (0xF8c92528, 0xc000000, 0x00000000, 0x00000000)

jayrez, Jun 19, 2011

#32
Broni Malware Annihilator Posts: 39,254 +175

That error often happens when some infection is still present.

Same issue, if starting in Safe Mode?

If so, give OTLPE CD another shot.

Broni, Jun 19, 2011

#33
jayrez Newcomer, in training Posts: 47

Ok, running the same fix?
Yes it does happen in safe mode.

jayrez, Jun 19, 2011

#34
Broni Malware Annihilator Posts: 39,254 +175

Actually no.

Boot from it and give me fresh log (follow instructions from my reply #2).

Broni, Jun 19, 2011

#35
jayrez Newcomer, in training Posts: 47

OTL LOG PART 1

OTL logfile created on: 6/19/2011 11:44:26 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 59.00% Memory free
462.00 Mb Paging File | 344.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 29.47 Gb Free Space | 41.24% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.78 Gb Free Space | 95.46% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/03/18 11:11:02 | 000,947,528 | -H-- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/25 18:46:28 | 000,908,056 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/11/25 18:46:25 | 000,297,752 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/06/27 19:24:34 | 000,467,028 | ---- | M] (Atheros) [Disabled] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 14:54:52 | 000,360,547 | -H-- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2004/03/18 19:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | On_Demand] -- -- (RimUsb)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (nielprt)
DRV - File not found [Kernel | On_Demand] -- -- (NielGfx)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2011/05/29 12:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/26 13:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/12/18 14:58:52 | 000,011,336 | -H-- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/07 07:24:56 | 000,401,016 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusbu.sys -- (PRESONUS_AUDIOBOX_USB)
DRV - [2009/12/07 07:24:56 | 000,040,568 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusba.sys -- (PRESONUS_AUDIOBOX_WDM)
DRV - [2009/12/07 07:24:56 | 000,031,864 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusbm.sys -- (PRESONUS_AUDIOBOX_MIDI)
DRV - [2009/11/25 18:47:24 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/25 18:47:23 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/25 18:47:23 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/03/18 19:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/01 19:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 06:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2007/12/14 07:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 23:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 23:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 23:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/24 15:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8592

IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.weatherstudio.com/?src_id=352
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\JESSY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ieaddons.com/en/students
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://m.www.yahoo.com/ [binary data]
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oovoostart.com/?cfg=2-201-0-33NUP&engine_id=1&provider_id=1&product_id=201&country=US
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:4021

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]

FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\OpinionSquare

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (a4c3abe4) - {EAABFF34-C018-1663-DAE5-EADDB0233338} - File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Lindsay_Dawedeit_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKU\Administrator.D9KV7191_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [DellSupport-] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Lindsay_Dawedeit_ON_C..\Run: [bpbMHutRXor] C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe (Sysinternals)
O4 - HKU\Administrator.D9KV7191_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O4 - HKU\Administrator.D9KV7191_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\Guest_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O4 - HKU\JESSY_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.D9KV7191_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\JESSY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

jayrez, Jun 19, 2011

#36
jayrez Newcomer, in training Posts: 47

OTL LOG PART 2

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 18:28:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Recent
[2011/06/19 15:25:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Start Menu\Programs\Windows XP Repair
[2011/06/19 15:24:36 | 000,360,448 | -H-- | C] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\26074916.exe
[2011/06/19 15:14:32 | 000,444,416 | -H-- | C] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe
[2011/06/19 02:27:16 | 000,607,310 | RH-- | C] (Swearware) -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\dds.scr
[2011/06/19 02:08:10 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/19 02:08:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 02:01:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/06/19 01:55:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Malwarebytes
[2011/06/19 01:55:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/19 01:49:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Start Menu\Programs\Dell Inc
[2011/06/19 01:48:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\Deployment
[2011/06/19 01:42:14 | 000,000,000 | -H-D | C] -- C:\Program Files\SystemRequirementsLab
[2011/06/19 01:40:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/06/19 01:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Apple Computer
[2011/06/19 01:38:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Skype
[2011/06/19 01:38:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2011/06/19 01:26:06 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/06/18 18:03:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/11 19:01:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\WinRAR
[2011/06/11 05:10:02 | 000,000,000 | -H-D | C] -- C:\Program Files\DBO_CT_TW
[2011/06/11 05:09:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DragonBall Online
[2011/06/11 01:09:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\uTorrent
[2011/06/11 00:45:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Sun
[2011/06/10 23:07:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Macromedia
[2011/06/10 22:58:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Adobe
[2011/05/26 14:47:49 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/05/25 17:05:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/25 02:36:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My PSP Files
[2011/05/25 02:27:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe Download Assistant
[2011/05/25 02:25:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Adobe AIR
[2006/10/05 20:36:25 | 000,774,144 | -H-- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/19 17:58:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 15:32:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/19 15:25:04 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26074916
[2011/06/19 15:25:04 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26074916r
[2011/06/19 15:25:03 | 000,000,795 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\Windows XP Repair.lnk
[2011/06/19 15:24:47 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\26074916
[2011/06/19 15:24:36 | 000,360,448 | -H-- | M] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\26074916.exe
[2011/06/19 15:23:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/19 15:18:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/06/19 15:18:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/06/19 15:18:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/19 15:18:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/19 15:18:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpinionSquare
[2011/06/19 15:18:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WN111v2 Adapter
[2011/06/19 15:18:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mixxx
[2011/06/19 15:18:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/06/19 15:18:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/06/19 15:18:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/06/19 15:18:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DragonBall Online
[2011/06/19 15:18:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.1
[2011/06/19 15:18:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/19 15:18:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX860 series
[2011/06/19 15:18:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio
[2011/06/19 15:18:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/19 15:17:57 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/06/19 15:14:08 | 000,444,416 | -H-- | M] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe
[2011/06/19 15:04:20 | 077,861,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/06/19 15:01:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 14:59:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 14:59:48 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2863605548-1053128589-1952253785-1006.job
[2011/06/19 02:24:33 | 000,607,310 | RH-- | M] (Swearware) -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\dds.scr
[2011/06/19 01:42:22 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/12 00:50:57 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\773778630
[2011/06/11 04:28:18 | 000,004,500 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Gokubasedgod.bmp
[2011/06/11 01:09:38 | 000,114,636 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DBO_CT_TW_Setup.exe.torrent
[2011/06/10 17:52:28 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 20:06:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2863605548-1053128589-1952253785-1006.job
[2011/06/04 04:20:21 | 046,296,620 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DO DO X2 - instrumental.wav
[2011/06/04 00:37:31 | 003,455,269 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- Far Away .mp3
[2011/06/03 20:35:45 | 000,242,262 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\my last pic.BMP
[2011/06/03 20:18:01 | 003,692,948 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.wav
[2011/06/03 20:18:01 | 000,057,776 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.pk
[2011/06/03 20:17:59 | 003,080,590 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).wav
[2011/06/03 20:17:59 | 000,048,208 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).pk
[2011/06/03 20:17:57 | 002,124,644 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.wav
[2011/06/03 20:17:57 | 000,033,272 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.pk
[2011/06/03 20:17:56 | 000,028,240 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).pk
[2011/06/03 20:17:55 | 001,802,388 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).wav
[2011/06/03 20:17:54 | 000,032,704 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.pk
[2011/06/03 20:17:53 | 002,088,172 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.wav
[2011/06/03 20:16:54 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.wav
[2011/06/03 20:16:54 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.pk
[2011/06/03 20:16:42 | 000,039,760 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).pk
[2011/06/03 20:16:41 | 005,079,364 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).wav
[2011/06/03 20:16:39 | 005,079,364 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).wav
[2011/06/03 20:16:39 | 000,039,760 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).pk
[2011/06/03 20:16:37 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).wav
[2011/06/03 20:16:37 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).pk
[2011/06/03 20:16:25 | 007,322,348 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).wav
[2011/06/03 20:16:25 | 000,057,280 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).pk
[2011/06/03 20:16:23 | 000,057,280 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).pk
[2011/06/03 20:16:22 | 007,322,348 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).wav
[2011/06/03 20:16:21 | 000,055,184 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).pk
[2011/06/03 20:16:20 | 007,053,876 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).wav
[2011/06/03 20:16:18 | 007,053,876 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).wav
[2011/06/03 20:16:18 | 000,055,184 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).pk
[2011/06/03 20:16:16 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).pk
[2011/06/03 20:16:15 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).wav
[2011/06/03 20:16:03 | 002,319,788 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).wav
[2011/06/03 20:16:03 | 000,018,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).pk
[2011/06/03 20:16:02 | 002,960,148 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).wav
[2011/06/03 20:16:02 | 000,023,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).pk
[2011/06/03 20:16:00 | 007,046,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).wav
[2011/06/03 20:16:00 | 000,055,120 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).pk
[2011/06/03 20:15:57 | 005,073,336 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).wav
[2011/06/03 20:15:57 | 000,039,712 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).pk
[2011/06/03 20:15:56 | 000,039,712 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).pk
[2011/06/03 20:15:55 | 005,073,336 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).wav
[2011/06/03 20:15:54 | 000,025,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).pk
[2011/06/03 20:15:53 | 003,191,444 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).wav
[2011/06/03 20:15:52 | 003,191,444 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).wav
[2011/06/03 20:15:52 | 000,025,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).pk
[2011/06/03 20:15:50 | 002,960,148 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).wav
[2011/06/03 20:15:50 | 000,023,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).pk
[2011/06/03 20:15:48 | 007,046,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).wav
[2011/06/03 20:15:48 | 000,055,120 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).pk
[2011/06/03 20:15:35 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).wav
[2011/06/03 20:15:35 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).pk
[2011/06/03 20:15:21 | 000,031,848 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).pk
[2011/06/03 20:15:20 | 004,067,328 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).wav
[2011/06/03 20:15:19 | 004,067,328 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).wav
[2011/06/03 20:15:19 | 000,031,848 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).pk
[2011/06/03 20:15:17 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).wav
[2011/06/03 20:15:17 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).pk
[2011/06/03 20:15:02 | 003,652,492 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).wav
[2011/06/03 20:15:02 | 000,028,608 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).pk
[2011/06/03 20:15:00 | 003,652,492 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).wav
[2011/06/03 20:15:00 | 000,028,608 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).pk
[2011/06/03 14:31:10 | 006,907,218 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Tyga Ft. Chris Richardson - Far Away (Instrumental with Hook).mp3
[2011/06/01 19:11:52 | 002,640,631 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mac Miller-Donald Trump.mp3
[2011/05/29 12:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 21:41:03 | 000,070,304 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpjVTrPqPM.jpg
[2011/05/25 21:19:42 | 000,044,594 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpRG6OfsPM.jpg
[2011/05/25 20:47:22 | 050,593,864 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- My Last (cover).wav
[2011/05/25 00:18:41 | 000,990,563 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown (2).mp3
[2011/05/25 00:09:15 | 000,328,934 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).mp3
[2011/05/25 00:09:12 | 000,483,579 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.mp3
[2011/05/25 00:09:04 | 000,000,836 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown.mp3
[2011/05/25 00:08:51 | 000,506,567 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).mp3
[2011/05/24 23:35:12 | 004,180,459 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Good D.I.Y Acapella) - Big Sean ft. Chris Brown.mp3
[2011/05/21 19:35:10 | 008,059,088 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Hook).mp3
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/19 15:25:03 | 000,000,795 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\Windows XP Repair.lnk
[2011/06/19 15:25:03 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~26074916
[2011/06/19 15:25:03 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~26074916r
[2011/06/19 15:24:46 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\26074916
[2011/06/19 01:42:22 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/12 00:49:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\773778630
[2011/06/11 04:26:09 | 000,004,500 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Gokubasedgod.bmp
[2011/06/11 01:09:32 | 000,114,636 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DBO_CT_TW_Setup.exe.torrent
[2011/06/04 04:20:13 | 046,296,620 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DO DO X2 - instrumental.wav
[2011/06/03 20:29:13 | 000,242,262 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\my last pic.BMP
[2011/06/03 20:18:01 | 000,057,776 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.pk
[2011/06/03 20:18:00 | 003,692,948 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.wav
[2011/06/03 20:17:59 | 000,048,208 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).pk
[2011/06/03 20:17:58 | 003,080,590 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).wav
[2011/06/03 20:17:57 | 000,033,272 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.pk
[2011/06/03 20:17:56 | 002,124,644 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.wav
[2011/06/03 20:17:55 | 001,802,388 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).wav
[2011/06/03 20:17:55 | 000,028,240 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).pk
[2011/06/03 20:17:54 | 000,032,704 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.pk
[2011/06/03 20:17:53 | 002,088,172 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.wav
[2011/06/03 20:16:54 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.pk
[2011/06/03 20:16:42 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.wav
[2011/06/03 20:16:41 | 000,039,760 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).pk
[2011/06/03 20:16:40 | 005,079,364 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).wav
[2011/06/03 20:16:39 | 000,039,760 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).pk
[2011/06/03 20:16:38 | 005,079,364 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).wav
[2011/06/03 20:16:37 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).pk
[2011/06/03 20:16:25 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).wav
[2011/06/03 20:16:25 | 000,057,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).pk
[2011/06/03 20:16:23 | 007,322,348 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).wav
[2011/06/03 20:16:23 | 000,057,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).pk
[2011/06/03 20:16:21 | 007,322,348 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).wav
[2011/06/03 20:16:20 | 000,055,184 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).pk
[2011/06/03 20:16:19 | 007,053,876 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).wav
[2011/06/03 20:16:18 | 000,055,184 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).pk
[2011/06/03 20:16:17 | 007,053,876 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).wav
[2011/06/03 20:16:16 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).pk
[2011/06/03 20:16:04 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).wav
[2011/06/03 20:16:03 | 000,018,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).pk
[2011/06/03 20:16:02 | 002,319,788 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).wav
[2011/06/03 20:16:02 | 000,023,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).pk
[2011/06/03 20:16:01 | 002,960,148 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).wav
[2011/06/03 20:16:00 | 000,055,120 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).pk
[2011/06/03 20:15:58 | 007,046,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).wav
[2011/06/03 20:15:57 | 000,039,712 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).pk
[2011/06/03 20:15:56 | 005,073,336 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).wav
[2011/06/03 20:15:55 | 000,039,712 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).pk
[2011/06/03 20:15:54 | 005,073,336 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).wav
[2011/06/03 20:15:54 | 000,025,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).pk
[2011/06/03 20:15:53 | 003,191,444 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).wav
[2011/06/03 20:15:52 | 000,025,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).pk
[2011/06/03 20:15:51 | 003,191,444 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).wav
[2011/06/03 20:15:50 | 000,023,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).pk
[2011/06/03 20:15:49 | 002,960,148 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).wav
[2011/06/03 20:15:48 | 000,055,120 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).pk
[2011/06/03 20:15:44 | 007,046,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).wav
[2011/06/03 20:15:35 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).pk
[2011/06/03 20:15:21 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).wav
[2011/06/03 20:15:20 | 004,067,328 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).wav
[2011/06/03 20:15:20 | 000,031,848 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).pk
[2011/06/03 20:15:19 | 000,031,848 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).pk
[2011/06/03 20:15:18 | 004,067,328 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).wav
[2011/06/03 20:15:17 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).pk
[2011/06/03 20:15:03 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).wav
[2011/06/03 20:15:02 | 000,028,608 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).pk
[2011/06/03 20:15:01 | 003,652,492 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).wav
[2011/06/03 20:15:00 | 000,028,608 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).pk
[2011/06/03 20:14:58 | 003,652,492 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).wav
[2011/06/03 20:14:28 | 003,455,269 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- Far Away .mp3
[2011/06/03 14:31:10 | 006,907,218 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Tyga Ft. Chris Richardson - Far Away (Instrumental with Hook).mp3
[2011/06/01 19:11:52 | 002,640,631 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mac Miller-Donald Trump.mp3
[2011/05/25 21:29:28 | 000,070,304 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpjVTrPqPM.jpg
[2011/05/25 21:06:33 | 000,044,594 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpRG6OfsPM.jpg
[2011/05/25 20:40:22 | 050,593,864 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- My Last (cover).wav
[2011/05/25 02:26:49 | 000,001,204 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\hosts
[2011/05/25 00:18:34 | 000,990,563 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown (2).mp3
[2011/05/25 00:09:13 | 000,328,934 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).mp3
[2011/05/25 00:09:10 | 000,483,579 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.mp3
[2011/05/25 00:09:03 | 000,000,836 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown.mp3
[2011/05/25 00:08:47 | 000,506,567 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).mp3
[2011/05/24 23:35:12 | 004,180,459 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Good D.I.Y Acapella) - Big Sean ft. Chris Brown.mp3
[2011/05/24 20:17:50 | 006,703,756 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Setup.exe
[2011/05/24 20:17:50 | 000,015,609 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\H2O.nfo
[2011/05/24 20:17:50 | 000,002,255 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Heaven.nfo
[2011/05/24 20:17:50 | 000,000,575 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\file_id.diz
[2011/05/21 19:35:10 | 008,059,088 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Hook).mp3
[2011/05/04 22:49:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/09 19:02:48 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\AVRedirector.ini
[2011/03/09 19:02:48 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\AVRedirectorOff.ini
[2011/03/01 01:09:50 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2011/03/01 01:09:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2011/03/01 01:09:49 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2011/03/01 01:09:48 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2011/03/01 01:09:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2011/03/01 01:09:47 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2011/03/01 01:09:47 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2011/03/01 01:09:46 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2011/03/01 01:09:46 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2011/03/01 01:09:45 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2011/03/01 01:09:44 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2011/03/01 01:09:43 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2011/03/01 01:09:42 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2011/03/01 01:09:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2011/03/01 01:09:41 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2011/03/01 01:09:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2011/03/01 01:09:39 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2011/03/01 01:09:38 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2011/03/01 01:09:33 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2011/03/01 01:09:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2011/03/01 01:09:29 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2011/03/01 01:09:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2011/01/21 20:32:52 | 000,011,230 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\all
[2011/01/05 22:31:47 | 000,000,117 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\jagex_runescape_preferences2.dat
[2011/01/05 22:28:26 | 000,000,034 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\jagex_runescape_preferences.dat
[2009/12/29 23:01:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/11/25 15:20:56 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/27 19:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/06/26 01:03:50 | 000,005,632 | -H-- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/16 03:13:23 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2007/04/03 23:56:04 | 000,000,023 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\presets.ini
[2007/01/14 19:54:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/01/05 21:09:50 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/07 00:01:09 | 000,033,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/01 01:06:23 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2006/11/01 01:06:23 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/10/25 17:10:41 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\JESSY\Local Settings\Application Data\fusioncache.dat
[2006/10/25 11:32:54 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/10/25 11:32:54 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/10/05 21:16:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/05 20:05:35 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\JESSY\Application Data\PFP120JPR.{PB
[2006/10/05 20:05:35 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\JESSY\Application Data\PFP120JCM.{PB
[2006/05/24 02:01:14 | 000,000,436 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\IPH.BAK
[2006/05/23 19:08:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/25 19:15:23 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/01/21 19:56:10 | 000,002,620 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/18 21:21:48 | 000,000,139 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\fusioncache.dat
[2006/01/09 23:29:01 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/09 23:12:29 | 000,481,280 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2005/12/25 22:09:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/19 00:15:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/19 00:11:01 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/19 00:05:43 | 000,000,460 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/19 00:04:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/18 23:43:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/18 23:43:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/18 23:43:08 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,278,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,467,868 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,080,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/18 19:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 19:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== LOP Check ==========

[2006/10/08 19:38:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\EA
[2006/09/29 03:09:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\FilmLoop
[2006/10/05 20:42:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\Smilebox
[2011/06/13 03:17:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\uTorrent

========== Purity Check ==========

< End of report >

jayrez, Jun 19, 2011

#37
Broni Malware Annihilator Posts: 39,254 +175

It looks like on a top of an infection, we have important system file missing (volsnap.sys).

Re-run OTLPE scan, but this time....

Under the Custom Scan box paste this in:

/md5start
volsnap.sys
/md5stop

Broni, Jun 20, 2011

#38
jayrez Newcomer, in training Posts: 47

The log says
"Unable to interpret in this context"
by each file..

jayrez, Jun 20, 2011

#39
Broni Malware Annihilator Posts: 39,254 +175
Possibly, you're doing something wrong....

Reboot your system using OTLPE CD you just created.

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Under the Custom Scan box paste this in:

/md5start
volsnap.sys
/md5stop

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.
Broni, Jun 20, 2011

#40

Page 2 of 4

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.