please help me =/

View previous topic View next topic Go down

please help me =/

Post by babyelly18 on Mon Jun 28, 2010 10:57 pm

Need help removing this virus asap =/

babyelly18
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-06-27
Gender : Female
OS : windows vista

View user profile

Back to top Go down

Re: please help me =/

Post by babyelly18 on Mon Jun 28, 2010 10:59 pm

OTL logfile created on: 6/28/2010 6:55:22 PM - Run 5
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\baby elly\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.31 Gb Total Space | 136.37 Gb Free Space | 61.90% Space Free | Partition Type: NTFS
Drive D: | 1.89 Gb Total Space | 0.82 Gb Free Space | 43.47% Space Free | Partition Type: FAT
Drive E: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BABYELLY-PC
Current User Name: baby elly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 10:23:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\baby elly\Downloads\OTL(2).exe
PRC - [2010/06/10 11:31:38 | 018,702,520 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\oovoo\ooVoo.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/28 23:10:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/01/21 11:23:16 | 000,210,216 | R--- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 16:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 16:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/06/27 10:23:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\baby elly\Downloads\OTL(2).exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/31 08:35:14 | 000,934,400 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 16:49:46 | 000,279,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 11:53:06 | 000,089,088 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 08:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/11/14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/03 00:47:34 | 000,583,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/08/22 03:21:19 | 000,476,720 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/22 03:21:19 | 000,402,992 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/22 03:21:19 | 000,334,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 03:21:19 | 000,278,576 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/08/22 03:21:19 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/22 03:21:19 | 000,031,280 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/04/08 06:46:13 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2009/03/09 21:40:57 | 000,172,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2008/12/31 10:01:20 | 004,993,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 16:50:58 | 000,469,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 05:42:06 | 000,128,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/06 12:26:08 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 12:48:10 | 000,250,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 07:54:02 | 000,099,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 07:54:02 | 000,091,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 07:54:02 | 000,019,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 08:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2009/05/05 17:42:08 | 001,461,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090601.003\EX64.SYS -- (NAVEX15)
DRV - [2009/05/05 17:42:08 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/05/05 17:42:08 | 000,136,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090601.003\ENG64.SYS -- (NAVENG)
DRV - [2009/01/29 17:50:10 | 000,396,848 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys -- (IDSVia64)
DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/04/08 04:19:17] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.mystart.com?pr=oovoo2_2"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.10.01
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {98f782cf-9b6b-41ca-909b-b4fdc0bbc23a}:3.1
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {23AF126E-8B70-46AF-AEA7-13A74F37DDC1}:1.9.1

babyelly18
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-06-27
Gender : Female
OS : windows vista

View user profile

Back to top Go down

Re: please help me =/

Post by babyelly18 on Mon Jun 28, 2010 11:00 pm



FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 16:26:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/28 23:10:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/29 13:18:54 | 000,000,000 | ---D | M]

[2010/02/10 00:02:03 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Mozilla\Extensions
[2009/02/03 14:26:02 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/28 17:42:03 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions
[2010/04/23 14:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 22:33:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/18 01:29:37 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions\{98f782cf-9b6b-41ca-909b-b4fdc0bbc23a}
[2010/04/23 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions\staged-xpis
[2010/06/28 18:23:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/10/09 08:33:38 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2009/10/09 08:33:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\plugin@yontoo.com
[2010/02/15 16:49:16 | 000,000,940 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vmndtxtb.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files (x86)\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Updater For VMN Toolbar) - {d5b8015d-68af-4b2c-9412-e349d82ab4a2} - C:\Program Files (x86)\vmndtxtb\auxi\vmndtxAu.dll (Visicom Media)
O2 - BHO: (VMN Toolbar) - {f379a94e-3c5d-4bad-b32c-0e3af1cc3617} - C:\Program Files (x86)\vmndtxtb\vmndtxDx.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {f379a94e-3c5d-4bad-b32c-0e3af1cc3617} - C:\Program Files (x86)\vmndtxtb\vmndtxDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Network Error Advisor] C:\Program Files (x86)\vmndtxtb\EXERunner.exe \..\Lo File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Ndomavefogutu] File not found
O4 - HKCU..\Run: [oopjbrlb] C:\Users\baby elly\AppData\Local\kxyagpdfy\nerwbirtssd.exe ()
O4 - HKCU..\Run: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Rfusivagoxo] File not found
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.162 68.87.68.162
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3a4d4e66-1a70-11df-a7eb-00247e574941}\Shell - "" = AutoRun
O33 - MountPoints2\{3a4d4e66-1a70-11df-a7eb-00247e574941}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{67bd9666-0e83-11de-b8b0-00247e574941}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{67bd9666-0e83-11de-b8b0-00247e574941}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{ffaa65fd-f881-11de-bfd2-00247e574941}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
O33 - MountPoints2\{ffaa65fd-f881-11de-bfd2-00247e574941}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/28 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\Malwarebytes
[2010/06/28 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/28 15:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/27 11:13:58 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/26 21:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installers
[2010/06/26 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Local\kxyagpdfy
[2010/06/21 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\Facebook
[2010/06/17 17:15:11 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Local\{23AF126E-8B70-46AF-AEA7-13A74F37DDC1}
[2010/06/17 17:00:36 | 000,000,000 | ---D | C] -- C:\Users\baby elly\Originals
[2010/06/17 12:33:19 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\PhotoScape
[2010/06/17 12:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2010/06/15 19:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\oovoo
[2010/06/15 19:58:41 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\oovooinstaller
[2010/05/11 00:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/05/05 18:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Winferno
[2010/05/05 18:54:15 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\FinalMediaPlayer
[2010/05/05 18:54:08 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Local\WeatherBug
[2010/05/05 18:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalMediaPlayer
[2010/05/05 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\WeatherBug
[2010/05/05 18:53:49 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINCTL4.OCX
[2010/05/05 18:53:49 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINUTIL5.DLL
[2010/05/05 18:53:49 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINLCTL5.DLL
[2010/05/05 18:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2010/05/05 18:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winferno
[2010/05/05 18:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong
[2010/05/05 18:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop to Win 2
[2010/05/05 18:52:43 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\vmndtxtb
[2010/05/05 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vmndtxtb
[2010/04/23 15:20:06 | 000,000,000 | ---D | C] -- C:\Users\baby elly\Documents\Downloads
[2010/04/23 10:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/18 23:39:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/18 03:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/04/18 03:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/04/16 22:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/03/30 21:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

========== Files - Modified Within 90 Days ==========

[2010/06/28 18:56:14 | 003,932,160 | -HS- | M] () -- C:\Users\baby elly\NTUSER.DAT
[2010/06/28 18:55:59 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{740F8423-F1E3-428B-BA32-1336E1D8BCAE}.job
[2010/06/28 18:47:28 | 000,002,495 | ---- | M] () -- C:\Users\baby elly\AppData\Local\ononidopumam.dll
[2010/06/28 18:45:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/28 18:45:42 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2010/06/28 18:45:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 18:45:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 18:45:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/28 18:45:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/28 18:45:13 | 4260,564,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/28 18:16:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/28 18:16:34 | 000,524,288 | -HS- | M] () -- C:\Users\baby elly\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 18:16:34 | 000,065,536 | -HS- | M] () -- C:\Users\baby elly\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/06/28 18:16:33 | 003,050,222 | -H-- | M] () -- C:\Users\baby elly\AppData\Local\IconCache.db
[2010/06/28 18:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 17:24:07 | 000,002,551 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2010/06/28 17:23:49 | 000,002,495 | ---- | M] () -- C:\Users\baby elly\AppData\Local\odequbefova.dll
[2010/06/28 17:23:27 | 000,002,495 | ---- | M] () -- C:\Users\baby elly\AppData\Local\Pmuxe.dat
[2010/06/28 15:54:21 | 000,000,377 | ---- | M] () -- C:\Users\baby elly\Documents - Shortcut.lnk
[2010/06/28 15:48:23 | 000,002,495 | ---- | M] () -- C:\Users\baby elly\AppData\Local\ugeweweciqusolet.dll
[2010/06/28 14:32:05 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2010/06/27 19:44:48 | 000,070,144 | ---- | M] () -- C:\Users\baby elly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 03:08:50 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/27 03:08:49 | 000,715,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/27 03:08:49 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/26 05:54:24 | 000,000,000 | ---- | M] () -- C:\Users\baby elly\AppData\Local\Nriroce.bin
[2010/06/25 20:51:11 | 000,000,590 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for baby elly.job
[2010/06/22 22:02:39 | 000,283,648 | -H-- | M] () -- C:\Users\baby elly\photothumb.db
[2010/06/22 15:24:53 | 000,000,034 | -H-- | M] () -- C:\Users\baby elly\.picasa.ini
[2010/06/22 06:49:34 | 000,000,680 | ---- | M] () -- C:\Users\baby elly\AppData\Local\d3d9caps.dat
[2010/06/17 17:58:42 | 002,154,988 | ---- | M] () -- C:\Users\baby elly\lol.jpg
[2010/06/17 17:45:38 | 003,362,819 | ---- | M] () -- C:\Users\baby elly\andres1.jpg
[2010/06/17 17:37:55 | 003,712,388 | ---- | M] () -- C:\Users\baby elly\photoshootmw.jpg
[2010/06/17 17:29:53 | 001,212,458 | ---- | M] () -- C:\Users\baby elly\eliza.jpg
[2010/06/17 17:16:15 | 002,369,434 | ---- | M] () -- C:\Users\baby elly\default6.jpg
[2010/06/17 17:10:26 | 001,565,614 | ---- | M] () -- C:\Users\baby elly\default5.jpg34948
[2010/06/17 17:10:26 | 000,000,000 | ---- | M] () -- C:\Users\baby elly\default5.jpg
[2010/06/17 17:08:08 | 003,763,490 | ---- | M] () -- C:\Users\baby elly\mephoto17.jpg
[2010/06/17 17:00:48 | 005,399,490 | ---- | M] () -- C:\Users\baby elly\meagaiin.jpg
[2010/06/17 16:56:43 | 001,533,088 | ---- | M] () -- C:\Users\baby elly\default3.jpg
[2010/06/17 16:52:53 | 001,721,819 | ---- | M] () -- C:\Users\baby elly\default2.jpg
[2010/06/17 16:49:57 | 002,955,745 | ---- | M] () -- C:\Users\baby elly\mephoto16.jpg
[2010/06/17 16:49:13 | 001,932,080 | ---- | M] () -- C:\Users\baby elly\mephoto15.jpg
[2010/06/17 16:48:14 | 001,797,114 | ---- | M] () -- C:\Users\baby elly\mephoto14.jpg
[2010/06/17 16:47:11 | 001,791,742 | ---- | M] () -- C:\Users\baby elly\default.jpg
[2010/06/17 16:42:04 | 006,936,514 | ---- | M] () -- C:\Users\baby elly\just seening me.jpg
[2010/06/17 16:41:38 | 002,965,883 | ---- | M] () -- C:\Users\baby elly\mephoto12.jpg
[2010/06/17 16:41:13 | 002,531,148 | ---- | M] () -- C:\Users\baby elly\mephoto13.jpg
[2010/06/17 16:35:13 | 002,848,137 | ---- | M] () -- C:\Users\baby elly\mephoto11.jpg
[2010/06/17 16:28:47 | 003,834,202 | ---- | M] () -- C:\Users\baby elly\mephoto10.jpg
[2010/06/17 16:28:33 | 001,431,299 | ---- | M] () -- C:\Users\baby elly\mephoto7.jpg
[2010/06/17 16:28:08 | 001,907,742 | ---- | M] () -- C:\Users\baby elly\mephoto9.jpg
[2010/06/17 16:27:43 | 002,163,175 | ---- | M] () -- C:\Users\baby elly\mephoto8.jpg
[2010/06/17 16:26:36 | 001,887,006 | ---- | M] () -- C:\Users\baby elly\mephoto6.jpg
[2010/06/17 16:25:51 | 003,948,014 | ---- | M] () -- C:\Users\baby elly\mephoto5.jpg
[2010/06/17 16:24:28 | 003,572,797 | ---- | M] () -- C:\Users\baby elly\mephoto4.jpg
[2010/06/17 16:23:28 | 003,808,393 | ---- | M] () -- C:\Users\baby elly\mephoto3.jpg
[2010/06/17 16:20:50 | 004,098,547 | ---- | M] () -- C:\Users\baby elly\mephoto2.jpg
[2010/06/17 16:20:13 | 001,996,137 | ---- | M] () -- C:\Users\baby elly\mephoto.jpg
[2010/06/17 12:28:32 | 000,000,856 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010/06/17 12:28:32 | 000,000,832 | ---- | M] () -- C:\Users\baby elly\Desktop\PhotoScape.lnk
[2010/06/17 12:21:34 | 002,746,756 | ---- | M] () -- C:\Users\baby elly\mefv.jpg
[2010/06/17 12:08:26 | 000,000,927 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/06/17 12:08:26 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/06/15 19:59:37 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010/06/14 07:29:59 | 000,397,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/26 12:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 10:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/18 18:31:44 | 000,000,376 | ---- | M] () -- C:\Users\baby elly\Documents\Pictures - Shortcut.lnk
[2010/05/18 18:31:40 | 000,184,341 | ---- | M] () -- C:\Users\baby elly\mec.jpg
[2010/05/14 16:30:20 | 000,774,930 | ---- | M] () -- C:\Users\baby elly\pro3.jpg
[2010/05/14 15:43:04 | 000,747,922 | ---- | M] () -- C:\Users\baby elly\DSCF1526.jpg
[2010/05/14 15:17:12 | 000,734,232 | ---- | M] () -- C:\Users\baby elly\project.jpg
[2010/05/05 18:54:10 | 000,000,928 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/05/05 18:54:10 | 000,000,904 | ---- | M] () -- C:\Users\baby elly\Desktop\FinalMediaPlayer.lnk
[2010/05/05 18:53:51 | 000,001,192 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\Winferno Registry Power Cleaner.lnk
[2010/05/05 18:52:43 | 000,000,152 | ---- | M] () -- C:\Users\baby elly\Desktop\Free ID Theft Protection Trial.url
[2010/05/04 02:54:49 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/05/04 02:52:45 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/04 02:52:04 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/05/04 02:51:49 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/05/04 02:51:49 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/05/04 02:51:48 | 002,334,208 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/04 02:51:48 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/05/04 02:51:48 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/05/04 02:51:47 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/04 01:01:59 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/05/04 01:01:39 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/05/04 01:01:04 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/23 11:00:36 | 000,001,424 | ---- | M] () -- C:\Users\baby elly\Desktop\DivX Movies.lnk
[2010/04/23 08:12:18 | 000,107,528 | ---- | M] () -- C:\Users\baby elly\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/23 03:04:49 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini
[2010/04/16 22:33:33 | 000,001,686 | ---- | M] () -- C:\Users\baby elly\Desktop\CCleaner.lnk
[2010/04/16 12:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll
[2010/04/16 12:35:56 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/04/16 10:50:22 | 004,240,384 | ---- | M] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/04/15 13:50:55 | 000,013,152 | ---- | M] () -- C:\Users\baby elly\Documents\Natacha_Lopez.docx
[2010/04/14 14:35:26 | 000,375,808 | ---- | M] () -- C:\Windows\SysNative\psisdecd.dll
[2010/04/14 14:35:24 | 000,289,792 | ---- | M] () -- C:\Windows\SysNative\psisrndr.ax
[2010/04/14 14:35:23 | 000,558,592 | ---- | M] () -- C:\Windows\SysNative\EncDec.dll
[2010/04/14 14:33:49 | 000,101,376 | ---- | M] () -- C:\Windows\SysNative\MSNP.ax
[2010/04/14 14:33:13 | 000,227,328 | ---- | M] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/03/30 21:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

========== Files Created - No Company Name ==========

[2010/06/28 18:47:24 | 000,002,495 | ---- | C] () -- C:\Users\baby elly\AppData\Local\ononidopumam.dll
[2010/06/28 17:23:31 | 000,002,495 | ---- | C] () -- C:\Users\baby elly\AppData\Local\odequbefova.dll
[2010/06/28 15:54:21 | 000,000,377 | ---- | C] () -- C:\Users\baby elly\Documents - Shortcut.lnk
[2010/06/28 15:48:23 | 000,002,495 | ---- | C] () -- C:\Users\baby elly\AppData\Local\ugeweweciqusolet.dll
[2010/06/28 15:17:12 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/25 03:00:48 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/25 03:00:48 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/25 03:00:43 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/25 03:00:43 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/25 03:00:42 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 03:00:41 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 03:00:41 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 03:00:41 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 03:00:41 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 03:00:41 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/24 00:08:42 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/24 00:08:41 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/22 15:24:52 | 000,000,034 | -H-- | C] () -- C:\Users\baby elly\.picasa.ini
[2010/06/17 17:58:41 | 002,154,988 | ---- | C] () -- C:\Users\baby elly\lol.jpg
[2010/06/17 17:45:37 | 003,362,819 | ---- | C] () -- C:\Users\baby elly\andres1.jpg
[2010/06/17 17:37:07 | 003,712,388 | ---- | C] () -- C:\Users\baby elly\photoshootmw.jpg
[2010/06/17 17:29:52 | 001,212,458 | ---- | C] () -- C:\Users\baby elly\eliza.jpg
[2010/06/17 17:16:15 | 002,369,434 | ---- | C] () -- C:\Users\baby elly\default6.jpg
[2010/06/17 17:15:12 | 000,002,495 | ---- | C] () -- C:\Users\baby elly\AppData\Local\Pmuxe.dat
[2010/06/17 17:15:12 | 000,000,000 | ---- | C] () -- C:\Users\baby elly\AppData\Local\Nriroce.bin
[2010/06/17 17:10:26 | 001,565,614 | ---- | C] () -- C:\Users\baby elly\default5.jpg34948
[2010/06/17 17:10:25 | 000,000,000 | ---- | C] () -- C:\Users\baby elly\default5.jpg
[2010/06/17 17:00:46 | 005,399,490 | ---- | C] () -- C:\Users\baby elly\meagaiin.jpg
[2010/06/17 16:58:22 | 003,763,490 | ---- | C] () -- C:\Users\baby elly\mephoto17.jpg
[2010/06/17 16:56:42 | 001,533,088 | ---- | C] () -- C:\Users\baby elly\default3.jpg
[2010/06/17 16:52:53 | 001,721,819 | ---- | C] () -- C:\Users\baby elly\default2.jpg
[2010/06/17 16:49:46 | 002,955,745 | ---- | C] () -- C:\Users\baby elly\mephoto16.jpg
[2010/06/17 16:49:03 | 001,932,080 | ---- | C] () -- C:\Users\baby elly\mephoto15.jpg
[2010/06/17 16:47:10 | 001,791,742 | ---- | C] () -- C:\Users\baby elly\default.jpg
[2010/06/17 16:43:53 | 001,797,114 | ---- | C] () -- C:\Users\baby elly\mephoto14.jpg
[2010/06/17 16:42:03 | 006,936,514 | ---- | C] () -- C:\Users\baby elly\just seening me.jpg
[2010/06/17 16:37:07 | 002,531,148 | ---- | C] () -- C:\Users\baby elly\mephoto13.jpg
[2010/06/17 16:36:46 | 002,965,883 | ---- | C] () -- C:\Users\baby elly\mephoto12.jpg
[2010/06/17 16:35:06 | 002,848,137 | ---- | C] () -- C:\Users\baby elly\mephoto11.jpg
[2010/06/17 16:30:40 | 000,283,648 | -H-- | C] () -- C:\Users\baby elly\photothumb.db
[2010/06/17 16:28:23 | 003,834,202 | ---- | C] () -- C:\Users\baby elly\mephoto10.jpg
[2010/06/17 16:28:01 | 001,907,742 | ---- | C] () -- C:\Users\baby elly\mephoto9.jpg
[2010/06/17 16:27:34 | 002,163,175 | ---- | C] () -- C:\Users\baby elly\mephoto8.jpg
[2010/06/17 16:27:09 | 001,431,299 | ---- | C] () -- C:\Users\baby elly\mephoto7.jpg
[2010/06/17 16:26:24 | 001,887,006 | ---- | C] () -- C:\Users\baby elly\mephoto6.jpg
[2010/06/17 16:25:15 | 003,948,014 | ---- | C] () -- C:\Users\baby elly\mephoto5.jpg
[2010/06/17 16:24:03 | 003,572,797 | ---- | C] () -- C:\Users\baby elly\mephoto4.jpg
[2010/06/17 16:22:25 | 003,808,393 | ---- | C] () -- C:\Users\baby elly\mephoto3.jpg
[2010/06/17 16:20:34 | 004,098,547 | ---- | C] () -- C:\Users\baby elly\mephoto2.jpg
[2010/06/17 16:19:57 | 001,996,137 | ---- | C] () -- C:\Users\baby elly\mephoto.jpg
[2010/06/17 12:28:32 | 000,000,856 | ---- | C] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010/06/17 12:28:32 | 000,000,832 | ---- | C] () -- C:\Users\baby elly\Desktop\PhotoScape.lnk
[2010/06/17 12:21:34 | 002,746,756 | ---- | C] () -- C:\Users\baby elly\mefv.jpg
[2010/06/17 12:08:26 | 000,000,927 | ---- | C] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/06/17 12:08:26 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/06/15 19:59:37 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010/06/12 16:49:50 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/12 16:49:50 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/12 16:49:45 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/12 16:49:44 | 012,468,736 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/12 16:49:39 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/12 16:49:38 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/12 16:49:38 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/12 16:49:38 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/12 16:49:37 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/12 16:49:37 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/12 16:49:37 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/12 16:49:37 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/12 16:49:36 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/12 16:49:36 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/12 16:49:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/06/12 16:49:36 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/12 16:49:36 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/12 16:49:36 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/12 16:49:36 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/12 16:49:36 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/12 16:49:36 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/12 16:49:36 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/12 16:49:36 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/12 16:49:25 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/12 16:49:19 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/12 16:49:10 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/03 12:20:22 | 000,000,680 | ---- | C] () -- C:\Users\baby elly\AppData\Local\d3d9caps.dat
[2010/06/01 20:45:17 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/18 18:31:44 | 000,000,376 | ---- | C] () -- C:\Users\baby elly\Documents\Pictures - Shortcut.lnk
[2010/05/18 18:31:40 | 000,184,341 | ---- | C] () -- C:\Users\baby elly\mec.jpg
[2010/05/14 16:30:19 | 000,774,930 | ---- | C] () -- C:\Users\baby elly\pro3.jpg
[2010/05/14 15:43:03 | 000,747,922 | ---- | C] () -- C:\Users\baby elly\DSCF1526.jpg
[2010/05/14 15:17:11 | 000,734,232 | ---- | C] () -- C:\Users\baby elly\project.jpg
[2010/05/11 18:42:00 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/05/05 18:54:27 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\RPCReminder.job
[2010/05/05 18:54:10 | 000,000,928 | ---- | C] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/05/05 18:54:10 | 000,000,904 | ---- | C] () -- C:\Users\baby elly\Desktop\FinalMediaPlayer.lnk
[2010/05/05 18:54:07 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\RegPowerClean.job
[2010/05/05 18:53:51 | 000,001,192 | ---- | C] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\Winferno Registry Power Cleaner.lnk
[2010/05/05 18:52:43 | 000,000,152 | ---- | C] () -- C:\Users\baby elly\Desktop\Free ID Theft Protection Trial.url
[2010/04/23 15:27:53 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/04/20 07:34:44 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/04/20 07:34:42 | 000,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/04/18 03:37:09 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2010/04/18 03:37:03 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2010/04/18 03:37:02 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2010/04/18 03:37:02 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2010/04/18 03:37:02 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2010/04/18 03:36:50 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2010/04/18 03:24:25 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2010/04/18 03:24:22 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2010/04/18 03:19:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/04/18 03:19:45 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/04/18 03:19:45 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/04/17 12:50:06 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/04/17 12:49:59 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/04/17 12:49:59 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/04/17 12:49:51 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/04/17 12:49:44 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/17 12:49:41 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/17 12:49:41 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/17 12:49:27 | 004,678,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/17 12:43:43 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/04/17 12:43:38 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/04/17 12:43:30 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/04/17 12:39:02 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2010/04/17 12:38:53 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/04/17 12:38:53 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/04/17 12:38:53 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/04/17 12:38:52 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/04/17 12:38:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/04/17 12:38:52 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/04/17 12:38:51 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/04/17 12:38:51 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/04/17 12:38:46 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/04/17 12:34:14 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/04/17 12:32:39 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/04/17 12:32:33 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/04/17 12:31:53 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/17 12:31:53 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/17 12:31:53 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/17 12:30:35 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/04/17 12:30:34 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/04/17 12:30:32 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/17 12:30:29 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/04/17 12:30:24 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/04/17 12:30:24 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010/04/17 12:30:00 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010/04/17 12:29:47 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/04/17 12:29:47 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/04/17 12:29:45 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/04/17 12:29:39 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/04/17 12:29:38 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/04/17 12:29:15 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/04/17 12:29:04 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/04/17 12:28:57 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/04/17 12:28:52 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/04/17 12:28:50 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/04/17 12:28:50 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/04/17 12:28:49 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/04/17 12:28:49 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/04/17 12:28:49 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/04/17 12:28:49 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/04/17 12:28:31 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/04/17 12:28:31 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/04/17 12:28:31 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/04/17 12:28:31 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/04/17 12:28:30 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/04/17 12:28:30 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/04/17 12:28:29 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/04/17 12:28:29 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/04/17 12:28:29 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/04/17 12:26:38 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/04/17 12:26:38 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/04/17 12:26:31 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/04/17 12:26:31 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/04/17 12:26:31 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/04/17 12:26:30 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/04/17 12:26:30 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/04/17 12:26:30 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/04/17 12:25:45 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/04/17 12:25:23 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/04/17 12:25:22 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/04/17 12:25:22 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/04/17 12:25:22 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/04/17 12:25:22 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/04/17 12:25:21 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/04/17 12:25:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/04/17 12:25:20 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/04/17 12:25:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/04/17 12:24:41 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/04/17 12:24:34 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010/04/17 12:24:33 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010/04/17 12:24:22 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/04/17 12:24:16 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/04/17 12:24:08 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/04/17 12:24:08 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/04/17 12:24:04 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/17 12:23:15 | 012,897,792 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/04/17 12:22:42 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/04/17 12:22:40 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/04/17 12:22:40 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/04/17 12:22:40 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/04/17 12:22:37 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/04/17 12:22:37 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/04/17 12:22:31 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/04/17 12:22:31 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/04/17 12:22:24 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/04/17 12:22:24 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/04/17 12:22:23 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/04/17 12:22:12 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/04/17 12:22:11 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/04/17 12:22:11 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/04/17 12:22:11 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/04/17 12:22:11 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/04/17 12:22:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/04/17 12:22:10 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/04/17 11:44:32 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/17 11:44:26 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/04/16 22:54:10 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/04/16 22:54:10 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/04/16 22:54:10 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/04/16 22:54:10 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/04/16 22:53:18 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/04/16 22:53:18 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/04/16 22:53:18 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/04/16 22:52:29 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/04/16 22:52:29 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/04/16 22:33:33 | 000,001,686 | ---- | C] () -- C:\Users\baby elly\Desktop\CCleaner.lnk
[2010/04/15 13:50:54 | 000,013,152 | ---- | C] () -- C:\Users\baby elly\Documents\Natacha_Lopez.docx
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/05/06 23:45:02 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\acccore
[2010/06/21 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Facebook
[2010/05/05 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\FinalMediaPlayer
[2010/06/28 12:19:21 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\LimeWire
[2009/10/09 09:38:42 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\muvee Technologies
[2010/06/15 19:59:49 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\ooVoo Details
[2010/06/15 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\oovooinstaller
[2010/06/28 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\PhotoScape
[2010/06/28 18:47:10 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\vmndtxtb
[2010/05/05 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\WeatherBug
[2009/05/10 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\WildTangent
[2010/06/28 18:45:42 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2010/06/28 14:32:05 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RPCReminder.job
[2010/06/28 18:16:38 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/28 18:55:59 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{740F8423-F1E3-428B-BA32-1336E1D8BCAE}.job

========== Purity Check ==========


< End of report >

babyelly18
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-06-27
Gender : Female
OS : windows vista

View user profile

Back to top Go down

Re: please help me =/

Post by Dr Jay on Mon Jun 28, 2010 11:09 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: please help me =/

Post by babyelly18 on Mon Jun 28, 2010 11:14 pm

thanks <3

babyelly18
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-06-27
Gender : Female
OS : windows vista

View user profile

Back to top Go down

Re: please help me =/

Post by Dr Jay on Wed Jun 30, 2010 3:49 am

Post the log when you have it ready.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum