Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde/IE popping up randomly


  • This topic is locked This topic is locked
37 replies to this topic

#1 Thundarr

Thundarr

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 09 April 2009 - 08:21 PM

Hello,

I recently have run into some problems with my pc. A few days ago Internet Explorer began to randomly pop up with either blank windows or random ads. I very rarely use IE with the exception to check websites that I have created are compatible and look the same as Firefox.

The machine I bought a few years ago has Windows Defender installed on it. I also had AVG installed but recently removed it to install Avast. I have used Adaware, Spybot S&D, and Avast to attempt in tracking the sucker down and removing it. I removed several and ran a scan again which turned up empty. However I am still having problems.

When I ran Avast it checked the memory and found an infection. I then restarted and let Avast run before windows loaded up and clean the infection. Still no luck. I ran Spybot and was told there was a Virtumonde on the system.

I backed up my pc to the same drive until I pick up a Sata cable tomorrow. I Have put my important files on to a DVD to insure their safety.

I installed HijackThis but after looking at it I know enough to do damage. I would appreciate any help anyone could give me.

Oh before I forget when windows loads my desktop I get a rundll32.exe error and it says something about a harowofa.dll

I have the DDS.txt doc, and the HijackThis log if needed.

Thank you for taking the time to read this and I look forward to your replies

Forgot to add the dds log


DDS (Ver_09-03-16.01) - NTFSx86
Run by driver at 20:31:48.70 on Thu 04/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1306 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090409-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
\\?\globalroot\systemroot\system32\nDler2.exe
C:\Documents and Settings\driver\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e16ce56a-3c85-5501-6824-7719acf3770c} - c:\windows\elabatid.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [Google Update] "c:\documents and settings\driver\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Pxefaf] rundll32.exe "c:\windows\Jgivejiguluk.dat",e
mRun: [fobadotaye] Rundll32.exe "c:\windows\system32\harowofa.dll",s
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Akamifafawiw] rundll32.exe "c:\windows\elabatid.dll",e
mRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
dRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
dRun: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181230335111
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\WBSrv.dll
AppInit_DLLs: wbsys.dll c:\windows\system32\bugahebi.dll,c:\windows\system32\runenebu.dll,c:\windows\system32\yabibune.dll,c:\windows\system32\komusida.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bugahebi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\bugahebi.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\runenebu.dll c:\windows\system32\yabibune.dll c:\windows\system32\komusida.dll wmupr2.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\driver\applic~1\mozilla\firefox\profiles\w1lhq7fv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\driver\application data\mozilla\firefox\profiles\w1lhq7fv.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\driver\application data\mozilla\firefox\profiles\w1lhq7fv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\driver\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox3\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\xstandard\bin\NPXStandard.dll
FF - HiddenExtension: XUL Cache: {D4073836-4CF6-4855-B9BD-F6CB6E8CF818} - c:\documents and settings\driver\local settings\application data\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-6 114768]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-6 138680]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2006-11-10 104000]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-6 352920]
S1 ghidpxyb;ghidpxyb;\??\c:\windows\system32\drivers\ghidpxyb.sys --> c:\windows\system32\drivers\ghidpxyb.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-6 254040]
S3 Nuljoaltea;Nuljoaltea; [x]

=============== Created Last 30 ================

2009-04-09 17:04 <DIR> --d----- C:\Backup409_1
2009-04-09 16:34 <DIR> --d----- c:\program files\Cobian Backup 8
2009-04-09 16:31 <DIR> --d----- c:\program files\Cobian Backup 9
2009-04-09 13:49 <DIR> --dsh--- c:\windows\system32\lowsec
2009-04-09 13:49 64,000 -------- c:\windows\system32\ldr.exe
2009-04-08 18:43 <DIR> --d----- c:\program files\Trend Micro
2009-04-08 12:58 0 -------- c:\windows\Ekewamomigob.bin
2009-04-08 10:43 38,400 -------- c:\windows\system32\winsetupgl.exe
2009-04-07 17:30 20,480 a------- c:\windows\system32\nDler2.exe
2009-04-06 19:15 27,648 -------- c:\windows\system32\winsetupsm.exe
2009-04-06 19:11 28,320 -------- c:\windows\system32\drivers\vivdzgbr.sys
2009-04-06 19:11 28,320 -------- c:\windows\system32\drivers\ajeoimnp.sys
2009-04-06 19:06 27,648 -------- c:\windows\system32\winsetupsn.exe
2009-04-06 18:55 <DIR> --d----- c:\docume~1\driver\applic~1\nidle
2009-04-03 15:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\id Software
2009-03-22 16:52 <DIR> --d----- c:\program files\common files\SWF Studio
2009-03-11 20:23 189,784 -------- c:\windows\system32\PnkBstrB.xtr
2009-03-11 15:24 <DIR> --d-h--- c:\windows\PIF

==================== Find3M ====================

2009-04-03 15:54 138,944 -------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-03 15:53 189,784 -------- c:\windows\system32\PnkBstrB.exe
2009-04-03 15:52 22,328 -------- c:\docume~1\driver\applic~1\PnkBstrK.sys
2009-04-03 15:52 2,246,144 -------- c:\windows\system32\pbsvc.exe
2009-03-11 18:51 75,064 -------- c:\windows\system32\PnkBstrA.exe
2009-02-10 13:05 726,008 -------- c:\documents and settings\driver\gotomypc_438.exe
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-22 22:23 2,560 -------- c:\windows\_MSRSTRT.EXE
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-07 14:41 67,272 -------- c:\docume~1\driver\applic~1\GDIPFONTCACHEV1.DAT
2004-07-22 11:51 3,432,656 -------- c:\program files\ManagedDX.CAB
2004-07-19 23:58 1,156,363 -------- c:\program files\BDANT.cab
2004-07-19 23:53 976,020 -------- c:\program files\BDAXP.cab
2004-07-09 15:17 13,265,040 -------- c:\program files\dxnt.cab
2004-07-09 10:13 15,493,481 -------- c:\program files\DirectX.cab
2004-07-09 10:13 703,080 -------- c:\program files\BDA.cab
2004-07-09 05:08 472,576 -------- c:\program files\dxsetup.exe
2004-07-09 05:08 2,242,560 -------- c:\program files\dsetup32.dll
2004-07-09 04:03 62,976 -------- c:\program files\DSETUP.dll

============= FINISH: 20:32:21.75 ===============

Attached Files


Edited by Thundarr, 10 April 2009 - 05:26 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:10 AM

Posted 10 April 2009 - 06:57 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Thundarr

Thundarr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 11 April 2009 - 04:00 AM

I want to thank you for your response and trying to help me with this matter. As I have said I have tried with my limited but dangerous knowledge so I appreciate this immensely.

My computer has started to act a bit sluggish as of late after discovery the virus/spyware. One of the more notable problems was when I would start a program (say dreamweaver) and click file > open then the file the text open file int he drop down menu would stay highlighted and remain on the screen. After doing my best to remedy the problem this has gone away and not since plagued me. I also get an occasional pop up with Internet Explorer though I very rarely use it anymore. The other problem I have it getting Windows system errors on start up saying that something was unable to load. mostly the the rundll32.exe error for harowofa.dll I also had an incident where my windows firewall had turned itself off after I had turned it on twice. (not sure if this was a conflict in programs)

I was attempting to play an online game the other day and my ping to the server I was connecting on was anywhere from 680 to 1080 when I normally ping the server a 64. That could have been my road runner connection being silly.

Here are the logs you requested. (note* When I started the OTList2 Report I received the following error.)

Window Title bar: Window - No Disk

Message: Exception Processin Message c0000013 parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

I clicked retry and was greeted with the same message. If I click cancel or continue it moves forward with the program and runs.

============================================================================
------------------------------------- Below is the log you requested Thank You --------------------------------------------
============================================================================

OTListIt 2

OTListIt logfile created on: 4/11/2009 4:38:14 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\driver\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.24% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 147.37 Gb Free Space | 63.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRIVERS-SYSTEM
Current User Name: driver
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2006/03/17 19:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2008/07/14 18:45:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/16 01:11:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/12 09:07:06 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2006/12/12 09:07:08 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2009/03/11 18:51:28 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/06/21 13:10:10 | 00,131,072 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2006/12/12 09:07:08 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/12 09:07:08 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/09/02 15:28:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2006/05/01 17:07:44 | 00,843,776 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/01/02 19:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/09/08 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/01/02 19:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2008/10/09 00:14:31 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2009/03/28 11:33:59 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox3\firefox.exe
PRC - [2009/04/11 04:29:20 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/09/14 13:22:19 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2006/03/17 19:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/07/14 18:45:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/14 20:55:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/12/16 01:11:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/12 09:07:06 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/11 18:51:28 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2006/07/05 23:08:28 | 00,241,152 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/06/08 00:08:58 | 01,580,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/08/28 11:28:56 | 00,156,160 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2005/04/07 17:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2003/04/24 18:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND [Auto | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 14:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 14:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 05:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/10/14 14:44:16 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
DRV - [2008/10/14 14:44:18 | 00,015,472 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb [On_Demand | Running])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2009/04/03 15:54:12 | 00,138,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/03/18 02:18:58 | 00,392,960 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2006/02/14 18:18:52 | 00,005,632 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2006/02/14 18:19:14 | 00,006,144 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: feedly@devhd:1.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.3.3
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {D4073836-4CF6-4855-B9BD-F6CB6E8CF818}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090322
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818}: C:\DOCUMENTS AND SETTINGS\DRIVER\LOCAL SETTINGS\APPLICATION DATA\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818} [2009/04/08 12:58:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/16 01:11:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Components: C:\PROGRA~1\MOZILLA FIREFOX\COMPONENTS [2008/10/15 12:59:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Plugins: C:\PROGRA~1\MOZILLA FIREFOX\PLUGINS [2008/12/03 15:59:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX3\COMPONENTS [2009/03/28 11:34:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX3\PLUGINS [2009/03/28 11:34:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/23 15:04:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2008/12/03 15:59:26 | 00,000,000 | ---D | M]

[2008/08/27 15:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Extensions
[2008/08/27 15:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/10 18:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions
[2009/02/14 15:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/01/20 04:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/02/24 18:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/01/20 04:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/03/09 16:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\feedly@devhd
[2009/02/24 18:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\firebug@software.joehewitt.com
[2008/12/30 12:02:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2009/03/28 22:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\nasanightlaunch@example.com
[2009/04/10 23:31:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\feedly@devhd\content\app\extension
[2009/04/09 16:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/09 16:17:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8CC3C1AE-9AD6-474C-B2F9-D095D8238DD1}
[2008/10/15 12:59:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/06 18:55:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B0A4AA36-376C-498F-A23D-5903241CF1DB}
[2007/12/19 14:09:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/20 19:07:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/15 09:52:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/10/15 12:59:05 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/10/15 12:59:05 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/10/15 12:59:06 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/10/15 12:59:06 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/10/15 12:59:06 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/09/19 22:56:46 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2007/09/19 22:56:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/09/19 22:56:46 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2007/09/19 22:56:46 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/09/19 22:56:46 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/09/19 22:56:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (190678 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 6761 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {e16ce56a-3c85-5501-6824-7719acf3770c} - C:\WINDOWS\elabatid.dll (Mozilla Foundation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Akamifafawiw] rundll32.exe "C:\WINDOWS\elabatid.dll",e (Mozilla Foundation)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [fobadotaye] Rundll32.exe "C:\WINDOWS\system32\harowofa.dll",s File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
O4 - HKU\.DEFAULT..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe File not found
O4 - HKU\.DEFAULT..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
O4 - HKU\S-1-5-18..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe File not found
O4 - HKU\S-1-5-18..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
O4 - HKU\S-1-5-19..\Run: [fobadotaye] Rundll32.exe "C:\WINDOWS\system32\harowofa.dll",s File not found
O4 - HKU\S-1-5-20..\Run: [fobadotaye] Rundll32.exe "C:\WINDOWS\system32\harowofa.dll",s File not found
O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [Google Update] "C:\Documents and Settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html File not found
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html File not found
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html File not found
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html File not found
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1181230335111 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - AppInit_DLLs: (c:\windows\system32\bugahebi.dll) - c:\windows\system32\bugahebi.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\runenebu.dll) - C:\WINDOWS\system32\runenebu.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\yabibune.dll) - C:\WINDOWS\system32\yabibune.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\komusida.dll) - C:\WINDOWS\system32\komusida.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c00CD9DC: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll (Stardock Corporation)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bugahebi.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\bugahebi.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/11 04:29:48 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\17rjcet5.exe
[2009/04/11 04:29:19 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe
[2009/04/09 17:04:41 | 00,000,000 | ---D | C] -- C:\Backup409_1
[2009/04/09 16:34:52 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/04/09 16:31:44 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/04/09 13:49:50 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/04/09 13:49:48 | 00,064,000 | ---- | C] () -- C:\WINDOWS\System32\ldr.exe
[2009/04/08 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Desktop\navbuttons.psd
[2009/04/08 19:03:30 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\dds.scr
[2009/04/08 18:43:03 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\HijackThis.lnk
[2009/04/08 18:43:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/08 18:42:37 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/08 18:41:59 | 10,246,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\driver\Desktop\windows-kb890830-v2.8.exe
[2009/04/08 18:37:29 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\driver\Desktop\HJTInstall.exe
[2009/04/08 17:17:48 | 00,649,563 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\virus.psd
[2009/04/08 16:35:26 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\driver\Desktop\setup-spybotsd162.exe
[2009/04/08 16:10:38 | 00,389,877 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\navbuttons.psd.zip
[2009/04/08 12:58:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ekewamomigob.bin
[2009/04/08 12:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Local Settings\Application Data\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818}
[2009/04/08 10:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Desktop\hn_items
[2009/04/08 10:55:54 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\hn_displays.png
[2009/04/08 10:43:36 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\winsetupgl.exe
[2009/04/07 17:30:50 | 00,020,480 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\nDler2.exe
[2009/04/06 19:44:29 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/06 19:44:29 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/06 19:44:28 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/06 19:44:28 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/06 19:44:26 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/06 19:44:25 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/06 19:44:25 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/06 19:44:25 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/06 19:44:25 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/06 19:44:12 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/06 19:44:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/06 19:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/06 19:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/04/06 19:15:56 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\winsetupsm.exe
[2009/04/06 19:11:32 | 00,028,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vivdzgbr.sys
[2009/04/06 19:11:11 | 00,028,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ajeoimnp.sys
[2009/04/06 18:55:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Application Data\nidle
[2009/04/03 15:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009/03/24 23:17:55 | 00,001,355 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\2.jpg
[2009/03/22 16:52:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/03/22 16:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Application Data\U3
[2009/01/22 22:26:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/12/14 14:06:22 | 00,007,233 | ---- | C] () -- C:\WINDOWS\aketepinukon.dll
[2008/12/14 13:00:19 | 00,007,233 | ---- | C] () -- C:\WINDOWS\ipimoqix.dll
[2008/11/04 02:34:11 | 00,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/02 01:26:46 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/02 01:26:46 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/03/02 20:07:45 | 00,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/13 19:40:52 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/06/07 11:26:36 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/11/10 16:12:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/01 12:30:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/01 12:29:18 | 00,000,366 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/01 12:10:08 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 10:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/11 11:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/11 19:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:37 | 00,000,671 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/11 04:29:48 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\17rjcet5.exe
[2009/04/11 04:29:20 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe
[2009/04/10 14:26:57 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1413686000-3873681467-2847599248-1009.job
[2009/04/10 14:16:54 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/10 14:15:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/10 14:13:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/10 14:13:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/10 14:13:37 | 21,451,73504 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/10 12:31:28 | 00,020,480 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\nDler2.exe
[2009/04/09 19:30:15 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Jgivejiguluk.dat
[2009/04/09 17:07:14 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\dds.scr
[2009/04/09 13:49:49 | 00,064,000 | ---- | M] () -- C:\WINDOWS\System32\ldr.exe
[2009/04/09 02:11:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ekewamomigob.bin
[2009/04/08 19:05:53 | 00,389,877 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\navbuttons.psd.zip
[2009/04/08 18:43:03 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\HijackThis.lnk
[2009/04/08 18:42:05 | 10,246,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\driver\Desktop\windows-kb890830-v2.8.exe
[2009/04/08 18:37:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\driver\Desktop\HJTInstall.exe
[2009/04/08 17:17:50 | 00,649,563 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\virus.psd
[2009/04/08 17:14:49 | 00,000,366 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/08 16:35:57 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\driver\Desktop\setup-spybotsd162.exe
[2009/04/08 10:55:54 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\hn_displays.png
[2009/04/08 10:43:37 | 00,038,400 | ---- | M] () -- C:\WINDOWS\System32\winsetupgl.exe
[2009/04/06 19:46:51 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\megawowa
[2009/04/06 19:44:29 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/06 19:44:25 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/06 19:15:57 | 00,027,648 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\winsetupsm.exe
[2009/04/06 19:11:32 | 00,028,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vivdzgbr.sys
[2009/04/06 19:11:11 | 00,028,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ajeoimnp.sys
[2009/04/03 15:54:12 | 00,138,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/03 15:52:29 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\driver\Application Data\PnkBstrK.sys
[2009/04/03 15:52:09 | 02,246,144 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/04/03 15:51:33 | 03,977,216 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\QuakeLiveNP.msi
[2009/03/26 08:21:43 | 00,001,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/03/24 23:17:55 | 00,001,355 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\2.jpg
[2009/03/22 16:52:51 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\driver\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 456 bytes -> C:\WINDOWS\System32\drivers\vivdzgbr.sys:changelist
@Alternate Data Stream - 456 bytes -> C:\WINDOWS\System32\drivers\ajeoimnp.sys:changelist
< End of report >


============================================================================
------------------------------------- Below is the next log you requested Thank You --------------------------------------------
============================================================================

And the GMER log:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-11 05:00:17
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8A2B9E10 ZwEnumerateKey
Code 8A2B94A0 ZwFlushInstructionCache
Code 8A2BBC7E IofCallDriver
Code 8A4C5466 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A2BBC83
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A4C546B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A2B94A4
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 5 Bytes JMP 8A2B9E14

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FB86169-30A5-AB68-5616-6F7746839474}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FB86169-30A5-AB68-5616-6F7746839474}@iajgcjgejbcdeallbb 0x69 0x61 0x67 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FB86169-30A5-AB68-5616-6F7746839474}@hapiikelnfnjmlgn 0x69 0x61 0x67 0x70 ...

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:10 AM

Posted 11 April 2009 - 09:33 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O2 - BHO: (no name) - {e16ce56a-3c85-5501-6824-7719acf3770c} - C:\WINDOWS\elabatid.dll (Mozilla Foundation)
    O3 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [Akamifafawiw] rundll32.exe "C:\WINDOWS\elabatid.dll",e (Mozilla Foundation)
    O4 - HKLM..\Run: [fobadotaye] Rundll32.exe "C:\WINDOWS\system32\harowofa.dll",s File not found
    O4 - HKLM..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
    O4 - HKU\.DEFAULT..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe File not found
    O4 - HKU\.DEFAULT..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
    O4 - HKU\S-1-5-18..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe File not found
    O4 - HKU\S-1-5-18..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
    O4 - HKU\S-1-5-19..\Run: [fobadotaye] Rundll32.exe "C:\WINDOWS\system32\harowofa.dll",s File not found
    O4 - HKU\S-1-5-20..\Run: [fobadotaye] Rundll32.exe "C:\WINDOWS\system32\harowofa.dll",s File not found
    O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
    O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O20 - AppInit_DLLs: (c:\windows\system32\bugahebi.dll) - c:\windows\system32\bugahebi.dll File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\runenebu.dll) - C:\WINDOWS\system32\runenebu.dll File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\yabibune.dll) - C:\WINDOWS\system32\yabibune.dll File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\komusida.dll) - C:\WINDOWS\system32\komusida.dll File not found
    O20 - Winlogon\Notify\__c00CD9DC: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bugahebi.dll File not found
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\bugahebi.dll File not found
    
    :Files
    C:\WINDOWS\System32\lowsec
    C:\WINDOWS\System32\ldr.exe
    C:\WINDOWS\System32\nDler2.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

====================


I also find several suspicious files in your log that I'd like to have you run through a virus scanner for me.
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • One at a time, copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    C:\WINDOWS\System32\winsetupgl.exe
    C:\WINDOWS\System32\winsetupsm.exe
    C:\WINDOWS\System32\drivers\vivdzgbr.sys
    C:\WINDOWS\System32\drivers\ajeoimnp.sys
    C:\WINDOWS\Jgivejiguluk.dat


  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Thundarr

Thundarr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 13 April 2009 - 03:59 AM

Hi, Sorry for the delay. I went away for the weekend unexpectedly.

A few more things I wanted to let you know popped up on start up. My My Documents folder pops up on start up. Also there is another error stating that C:\WINDOWS\jgivejiguluk.dat is not a valid image and to check it against my installation diskette.

Here are the results from you request:

============================================================
----------------------------OTL2 notepad that popped up on reboot----------------------------------
============================================================
========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e16ce56a-3c85-5501-6824-7719acf3770c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e16ce56a-3c85-5501-6824-7719acf3770c}\ deleted successfully.
C:\WINDOWS\elabatid.dll NOT unregistered.
C:\WINDOWS\elabatid.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Akamifafawiw deleted successfully.
File rundll32.exe "C:\WINDOWS\elabatid.dll",e not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fobadotaye deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinProx32_1 deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\nDler2 deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\WinProx32_1 deleted successfully.
File C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\nDler2 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WinProx32_1 not found.
File C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\fobadotaye deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\fobadotaye deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Run\\WinProx32_1 deleted successfully.
File C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\bugahebi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\runenebu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\yabibune.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\komusida.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00CD9DC\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
========== FILES ==========
C:\WINDOWS\System32\lowsec moved successfully.
C:\WINDOWS\System32\ldr.exe moved successfully.
C:\WINDOWS\System32\nDler2.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\driver\Local Settings\Temp\Perflib_Perfdata_1a0.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\driver\Local Settings\Temp\Perflib_Perfdata_c48.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\driver\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_624.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_67c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.12.2 log created on 04132009_040709

Files moved on Reboot...
File C:\Documents and Settings\driver\Local Settings\Temp\Perflib_Perfdata_1a0.dat not found!
File C:\Documents and Settings\driver\Local Settings\Temp\Perflib_Perfdata_c48.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_624.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_67c.dat moved successfully.

Registry entries deleted on Reboot...

=====================================================================
------------------------------------------OTL2 New Scan (all users) after Reboot-------------------------------------
=====================================================================
OTListIt logfile created on: 4/13/2009 4:26:56 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\driver\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.53% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 147.39 Gb Free Space | 63.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRIVERS-SYSTEM
Current User Name: driver
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2006/03/17 19:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2008/07/14 18:45:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/16 01:11:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/12 09:07:06 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2006/12/12 09:07:08 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2009/03/11 18:51:28 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/06/21 13:10:10 | 00,131,072 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2006/05/01 17:07:44 | 00,843,776 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/01/02 19:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/09/08 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/12/12 09:07:08 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/12/12 09:07:08 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/09/02 15:28:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/01/02 19:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2009/03/28 11:33:59 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox3\firefox.exe
PRC - [2009/04/11 04:29:20 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/09/14 13:22:19 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2006/03/17 19:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/07/14 18:45:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/14 20:55:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/12/16 01:11:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/12 09:07:06 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/11 18:51:28 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2006/07/05 23:08:28 | 00,241,152 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/06/08 00:08:58 | 01,580,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/08/28 11:28:56 | 00,156,160 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2005/04/07 17:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2003/04/24 18:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND [Auto | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 14:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 14:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 05:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/10/14 14:44:16 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
DRV - [2008/10/14 14:44:18 | 00,015,472 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb [On_Demand | Running])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2009/04/03 15:54:12 | 00,138,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/03/18 02:18:58 | 00,392,960 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2006/02/14 18:18:52 | 00,005,632 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2006/02/14 18:19:14 | 00,006,144 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: feedly@devhd:1.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.3.3
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {D4073836-4CF6-4855-B9BD-F6CB6E8CF818}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090322
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818}: C:\DOCUMENTS AND SETTINGS\DRIVER\LOCAL SETTINGS\APPLICATION DATA\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818} [2009/04/08 12:58:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/16 01:11:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Components: C:\PROGRA~1\MOZILLA FIREFOX\COMPONENTS [2008/10/15 12:59:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Plugins: C:\PROGRA~1\MOZILLA FIREFOX\PLUGINS [2008/12/03 15:59:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX3\COMPONENTS [2009/03/28 11:34:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX3\PLUGINS [2009/03/28 11:34:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/23 15:04:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2008/12/03 15:59:26 | 00,000,000 | ---D | M]

[2008/08/27 15:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Extensions
[2008/08/27 15:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/12 22:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions
[2009/02/14 15:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/01/20 04:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/02/24 18:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/01/20 04:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/03/09 16:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\feedly@devhd
[2009/02/24 18:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\firebug@software.joehewitt.com
[2008/12/30 12:02:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2009/03/28 22:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\nasanightlaunch@example.com
[2009/04/13 04:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\feedly@devhd\content\app\extension
[2009/04/12 21:06:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/12 22:06:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3457EF99-CE31-441D-8FBD-2C9E1DC34575}
[2009/04/12 21:06:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{891DFF25-8343-46F2-8A30-2839D69338C9}
[2009/04/09 16:17:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8CC3C1AE-9AD6-474C-B2F9-D095D8238DD1}
[2008/10/15 12:59:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/06 18:55:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B0A4AA36-376C-498F-A23D-5903241CF1DB}
[2007/12/19 14:09:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/20 19:07:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/15 09:52:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/12 21:06:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{DC103FCE-B87C-4A1C-B2E3-461B348862D9}
[2008/10/15 12:59:05 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/10/15 12:59:05 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/10/15 12:59:06 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/10/15 12:59:06 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/10/15 12:59:06 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/09/19 22:56:46 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2007/09/19 22:56:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/09/19 22:56:46 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2007/09/19 22:56:46 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/09/19 22:56:46 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/09/19 22:56:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (190678 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 6761 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {e16ce56a-3c85-5501-6824-7719acf3770c} - Reg Error: Key error. File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Akamifafawiw] rundll32.exe "C:\WINDOWS\elabatid.dll",e File not found
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [Google Update] "C:\Documents and Settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html File not found
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html File not found
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html File not found
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html File not found
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1181230335111 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c00CD9DC: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/04/13 04:07:09 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/11 19:46:05 | 00,040,741 | ---- | C] () -- C:\WINDOWS\System32\pic.jpg
[2009/04/11 04:29:48 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\17rjcet5.exe
[2009/04/11 04:29:19 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe
[2009/04/09 17:04:41 | 00,000,000 | ---D | C] -- C:\Backup409_1
[2009/04/09 16:34:52 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/04/09 16:31:44 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/04/08 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Desktop\navbuttons.psd
[2009/04/08 19:03:30 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\dds.scr
[2009/04/08 18:43:03 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\HijackThis.lnk
[2009/04/08 18:43:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/08 18:42:37 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/08 18:41:59 | 10,246,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\driver\Desktop\windows-kb890830-v2.8.exe
[2009/04/08 18:37:29 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\driver\Desktop\HJTInstall.exe
[2009/04/08 17:17:48 | 00,649,563 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\virus.psd
[2009/04/08 16:35:26 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\driver\Desktop\setup-spybotsd162.exe
[2009/04/08 16:10:38 | 00,389,877 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\navbuttons.psd.zip
[2009/04/08 12:58:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ekewamomigob.bin
[2009/04/08 12:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Local Settings\Application Data\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818}
[2009/04/08 10:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Desktop\hn_items
[2009/04/08 10:55:54 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\hn_displays.png
[2009/04/06 19:44:29 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/06 19:44:29 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/06 19:44:28 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/06 19:44:28 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/06 19:44:26 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/06 19:44:25 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/06 19:44:25 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/06 19:44:25 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/06 19:44:25 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/06 19:44:12 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/06 19:44:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/06 19:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/06 19:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/04/06 19:11:32 | 00,028,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vivdzgbr.sys
[2009/04/06 19:11:11 | 00,028,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ajeoimnp.sys
[2009/04/06 18:55:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Application Data\nidle
[2009/04/03 15:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009/03/24 23:17:55 | 00,001,355 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\2.jpg
[2009/03/22 16:52:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/03/22 16:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Application Data\U3
[2009/01/22 22:26:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/12/14 14:06:22 | 00,007,233 | ---- | C] () -- C:\WINDOWS\aketepinukon.dll
[2008/12/14 13:00:19 | 00,007,233 | ---- | C] () -- C:\WINDOWS\ipimoqix.dll
[2008/11/04 02:34:11 | 00,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/02 01:26:46 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/02 01:26:46 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/03/02 20:07:45 | 00,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/13 19:40:52 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/06/07 11:26:36 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/11/10 16:12:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/01 12:30:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/01 12:29:18 | 00,000,366 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/01 12:10:08 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 10:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/11 11:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/11 19:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:37 | 00,000,671 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/13 04:14:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/13 04:14:01 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/13 04:11:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/13 04:10:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 04:10:47 | 21,451,73504 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/12 21:06:34 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1413686000-3873681467-2847599248-1009.job
[2009/04/11 19:46:05 | 00,040,741 | ---- | M] () -- C:\WINDOWS\System32\pic.jpg
[2009/04/11 04:29:48 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\17rjcet5.exe
[2009/04/11 04:29:20 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe
[2009/04/09 19:30:15 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Jgivejiguluk.dat
[2009/04/09 17:07:14 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\dds.scr
[2009/04/09 02:11:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ekewamomigob.bin
[2009/04/08 19:05:53 | 00,389,877 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\navbuttons.psd.zip
[2009/04/08 18:43:03 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\HijackThis.lnk
[2009/04/08 18:42:05 | 10,246,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\driver\Desktop\windows-kb890830-v2.8.exe
[2009/04/08 18:37:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\driver\Desktop\HJTInstall.exe
[2009/04/08 17:17:50 | 00,649,563 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\virus.psd
[2009/04/08 17:14:49 | 00,000,366 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/08 16:35:57 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\driver\Desktop\setup-spybotsd162.exe
[2009/04/08 10:55:54 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\hn_displays.png
[2009/04/06 19:46:51 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\megawowa
[2009/04/06 19:44:29 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/06 19:44:25 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/06 19:11:32 | 00,028,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vivdzgbr.sys
[2009/04/06 19:11:11 | 00,028,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ajeoimnp.sys
[2009/04/03 15:54:12 | 00,138,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/03 15:52:29 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\driver\Application Data\PnkBstrK.sys
[2009/04/03 15:52:09 | 02,246,144 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/04/03 15:51:33 | 03,977,216 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\QuakeLiveNP.msi
[2009/03/26 08:21:43 | 00,001,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/03/24 23:17:55 | 00,001,355 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\2.jpg
[2009/03/22 16:52:51 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\driver\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 456 bytes -> C:\WINDOWS\System32\drivers\vivdzgbr.sys:changelist
@Alternate Data Stream - 456 bytes -> C:\WINDOWS\System32\drivers\ajeoimnp.sys:changelist
< End of report >

===============================================================
-----------Virus Scan Results--C:\WINDOWS\System32\drivers\vivdzgbr.sys--------------------------
===============================================================

VirSCAN.org Scanned Report :
Scanned time : 2009/04/13 04:17:10 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : vivdzgbr.sys
File Size : 28320 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 404543538d9dcaab6f5e0f6821318723
SHA1 : d45705e4566dbe9eaa7155a7296e637bedec7c70
Online report : http://virscan.org/report/d51f1d0f51a0959c...4c035895ba.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090412200212 2009-04-12 1.99 -
AhnLab V3 2009.04.13.00 2009.04.13 2009-04-13 0.65 -
AntiVir 7.9.0.138 7.1.3.42 2009-04-11 1.98 -
Antiy 2.0.18 20090413.2293849 2009-04-13 0.12 -
Authentium 5.1.1 200904111622 2009-04-11 1.23 -
AVAST! 3.0.1 090412-0 2009-04-12 0.01 -
AVG 7.5.52.442 270.11.54/2055 2009-04-12 2.13 -
BitDefender 7.81008.2846238 7.24769 2009-04-13 2.64 -
CA (VET) 9.0.0.143 31.6.6450 2009-04-10 3.40 -
ClamAV 0.95 9227 2009-04-13 0.01 -
Comodo 3.8 1111 2009-04-12 0.55 -
CP Secure 1.1.0.715 2009.04.13 2009-04-13 8.17 -
Dr.Web 4.44.0.9170 2009.04.13 2009-04-13 4.37 -
F-Prot 4.4.4.56 20090411 2009-04-11 1.17 -
F-Secure 5.51.6100 2009.04.13.02 2009-04-13 0.07 -
Fortinet 2.81-3.117 10.278 2009-04-12 0.18 -
GData 19.4583/19.297 20090413 2009-04-13 3.29 -
ViRobot 20090410 2009.04.10 2009-04-10 0.41 -
Ikarus T3.1.01.49 2009.04.13.72569 2009-04-13 2.90 -
JiangMin 11.0.706 2009.04.12 2009-04-12 1.75 -
Kaspersky 5.5.10 2009.04.13 2009-04-13 0.05 -
KingSoft 2009.2.5.15 2009.4.13.7 2009-04-13 0.71 -
McAfee 5.3.00 5582 2009-04-12 2.78 -
Microsoft 1.4502 2009.04.13 2009-04-13 6.15 -
mks_vir 2.01 2009.04.12 2009-04-12 2.85 -
Norman 6.00.06 6.00.00 2009-04-09 8.01 -
Panda 9.05.01 2009.04.12 2009-04-12 1.60 -
Trend Micro 8.700-1004 5.964.01 2009-04-12 0.03 -
Quick Heal 10.00 2009.04.13 2009-04-13 1.16 -
Rising 20.0 21.25.00.00 2009-04-13 0.82 -
Sophos 2.85.0 4.40 2009-04-13 2.18 -
Sunbelt 5089 5089 2009-04-12 0.85 -
Symantec 1.3.0.24 20090412.003 2009-04-12 0.25 -
nProtect 20090413.01 3464164 2009-04-13 6.74 -
The Hacker 6.3.4.0 v00306 2009-04-12 0.56 -
VBA32 3.12.10.2 20090412.1026 2009-04-12 1.81 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.51 -


===================================================================
-----------------------------Virscan.org Results-----C:\WINDOWS\Jgivejiguluk.dat------------------------------
===================================================================

VirSCAN.org Scanned Report :
Scanned time : 2009/04/13 04:42:30 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : Jgivejiguluk.dat
File Size : 408 byte
File Type : ASCII text, with very long lines, with no line terminators
MD5 : 97992b41e6581cdcf5bc235d4e82d693
SHA1 : 5722bdd7bd3a8d0613147ae1404f9edee42c690a
Online report : http://virscan.org/report/4b1a432b1b793b57...a47c684308.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090412200212 2009-04-12 1.95 -
AhnLab V3 2009.04.13.00 2009.04.13 2009-04-13 0.60 -
AntiVir 7.9.0.138 7.1.3.42 2009-04-11 1.98 -
Antiy 2.0.18 20090413.2293849 2009-04-13 0.12 -
Authentium 5.1.1 200904111622 2009-04-11 1.15 -
AVAST! 3.0.1 090412-0 2009-04-12 0.00 -
AVG 7.5.52.442 270.11.54/2055 2009-04-12 2.00 -
BitDefender 7.81008.2846238 7.24769 2009-04-13 2.64 -
CA (VET) 9.0.0.143 31.6.6450 2009-04-10 3.92 -
ClamAV 0.95 9227 2009-04-13 0.00 -
Comodo 3.8 1111 2009-04-12 1.19 -
CP Secure 1.1.0.715 2009.04.13 2009-04-13 8.16 -
Dr.Web 4.44.0.9170 2009.04.13 2009-04-13 4.37 -
F-Prot 4.4.4.56 20090411 2009-04-11 1.11 -
F-Secure 5.51.6100 2009.04.13.02 2009-04-13 0.05 -
Fortinet 2.81-3.117 10.278 2009-04-12 0.14 -
GData 19.4583/19.297 20090413 2009-04-13 3.52 -
ViRobot 20090410 2009.04.10 2009-04-10 0.57 -
Ikarus T3.1.01.49 2009.04.13.72569 2009-04-13 2.88 -
JiangMin 11.0.706 2009.04.12 2009-04-12 1.66 -
Kaspersky 5.5.10 2009.04.13 2009-04-13 0.03 -
KingSoft 2009.2.5.15 2009.4.13.7 2009-04-13 2.91 -
McAfee 5.3.00 5582 2009-04-12 2.79 -
Microsoft 1.4502 2009.04.13 2009-04-13 4.41 -
mks_vir 2.01 2009.04.12 2009-04-12 2.66 -
Norman 6.00.06 6.00.00 2009-04-09 8.01 -
Panda 9.05.01 2009.04.12 2009-04-12 1.83 -
Trend Micro 8.700-1004 5.964.01 2009-04-12 0.02 -
Quick Heal 10.00 2009.04.13 2009-04-13 1.90 -
Rising 20.0 21.25.00.00 2009-04-13 0.40 -
Sophos 2.85.0 4.40 2009-04-13 2.11 -
Sunbelt 5089 5089 2009-04-12 0.61 -
Symantec 1.3.0.24 20090412.003 2009-04-12 0.13 -
nProtect 20090413.01 3464164 2009-04-13 6.13 -
The Hacker 6.3.4.0 v00306 2009-04-12 1.08 -
VBA32 3.12.10.2 20090412.1026 2009-04-12 1.70 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.49 -

==================================================================
-------------------------------------The Other virscan.org file----------------------------------------------------
==================================================================

I was only able to rescan the jgivejiguluk file.

These two files did not give me the option to rescan.

C:\WINDOWS\System32\drivers\ajeoimnp.sys
and
C:\WINDOWS\System32\drivers\vivdzgbr.sys

When the ajeoimnp.sys file was finished scanning the results page displayed the same exact information for the vivdzgbr.sys scan including the file name vivdzgbr

I was unable to scan the follow files as they were not found
C:\WINDOWS\System32\winsetupgl.exe
C:\WINDOWS\System32\winsetupsm.exe

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:10 AM

Posted 13 April 2009 - 12:04 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O2 - BHO: (no name) - {e16ce56a-3c85-5501-6824-7719acf3770c} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [Akamifafawiw] rundll32.exe "C:\WINDOWS\elabatid.dll",e File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Reg Error: Key error.)
    O20 - Winlogon\Notify\__c00CD9DC: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

==================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Thundarr

Thundarr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 13 April 2009 - 09:47 PM

Ok I followed the instructions that you gave me. I no longer receive rundl32 errors on start up. However my My Documents folder is still opening for some reason (possibly a setting).

Here are the results you requested

======================================================================
---------------------------------------------New OTL2 Scan log-----------------------------------------------------------
======================================================================
OTListIt logfile created on: 4/13/2009 9:41:11 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\driver\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.06% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 85.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 147.33 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRIVERS-SYSTEM
Current User Name: driver
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2006/05/01 17:07:44 | 00,843,776 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/01/02 19:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/09/08 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/12/12 09:07:08 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/12 09:07:08 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2006/03/17 19:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2008/07/14 18:45:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/16 01:11:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/12 09:07:06 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2009/03/11 18:51:28 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2006/12/12 09:07:08 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/09/02 15:28:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/01/02 19:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2009/04/11 04:29:20 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/09/14 13:22:19 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2006/03/17 19:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/07/14 18:45:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/14 20:55:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/12/16 01:11:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/12 09:07:06 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/11 18:51:28 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2006/06/21 13:08:48 | 00,937,984 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2006/07/05 23:08:28 | 00,241,152 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/06/08 00:08:58 | 01,580,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/08/28 11:28:56 | 00,156,160 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2005/04/07 17:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2003/04/24 18:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND [Auto | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 14:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 14:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 05:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2004/06/22 09:05:12 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/10/14 14:44:16 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
DRV - [2008/10/14 14:44:18 | 00,015,472 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb [On_Demand | Running])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2009/04/03 15:54:12 | 00,138,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/03/18 02:18:58 | 00,392,960 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2006/02/14 18:18:52 | 00,005,632 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2006/02/14 18:19:14 | 00,006,144 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: feedly@devhd:1.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.3.3
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {D4073836-4CF6-4855-B9BD-F6CB6E8CF818}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090322
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818}: C:\DOCUMENTS AND SETTINGS\DRIVER\LOCAL SETTINGS\APPLICATION DATA\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818} [2009/04/08 12:58:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/16 01:11:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Components: C:\PROGRA~1\MOZILLA FIREFOX\COMPONENTS [2008/10/15 12:59:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Plugins: C:\PROGRA~1\MOZILLA FIREFOX\PLUGINS [2008/12/03 15:59:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX3\COMPONENTS [2009/03/28 11:34:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX3\PLUGINS [2009/03/28 11:34:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/23 15:04:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2008/12/03 15:59:26 | 00,000,000 | ---D | M]

[2008/08/27 15:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Extensions
[2008/08/27 15:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/12 22:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions
[2009/02/14 15:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/01/20 04:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/02/24 18:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/01/20 04:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/03/09 16:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\feedly@devhd
[2009/02/24 18:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\firebug@software.joehewitt.com
[2008/12/30 12:02:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2009/03/28 22:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\nasanightlaunch@example.com
[2009/04/13 04:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\driver\Application Data\mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\feedly@devhd\content\app\extension
[2009/04/13 14:37:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/12 22:06:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3457EF99-CE31-441D-8FBD-2C9E1DC34575}
[2009/04/13 14:37:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5BF0B6BB-E732-4AE5-9997-2DB62AFC03C8}
[2009/04/12 21:06:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{891DFF25-8343-46F2-8A30-2839D69338C9}
[2009/04/09 16:17:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8CC3C1AE-9AD6-474C-B2F9-D095D8238DD1}
[2008/10/15 12:59:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/06 18:55:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B0A4AA36-376C-498F-A23D-5903241CF1DB}
[2007/12/19 14:09:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/20 19:07:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/15 09:52:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/12 21:06:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{DC103FCE-B87C-4A1C-B2E3-461B348862D9}
[2008/10/15 12:59:05 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/10/15 12:59:05 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/10/15 12:59:06 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/10/15 12:59:06 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/10/15 12:59:06 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/09/19 22:56:46 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2007/09/19 22:56:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/09/19 22:56:46 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2007/09/19 22:56:46 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/09/19 22:56:46 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/09/19 22:56:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (190678 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 6761 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {e16ce56a-3c85-5501-6824-7719acf3770c} - Reg Error: Key error. File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [Google Update] "C:\Documents and Settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html File not found
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html File not found
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html File not found
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html File not found
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1413686000-3873681467-2847599248-1009\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1181230335111 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/04/13 19:00:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/13 14:41:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Application Data\Malwarebytes
[2009/04/13 14:41:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/13 14:41:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 14:41:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/13 14:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/13 14:41:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 14:21:30 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\driver\Desktop\mbam-setup.exe
[2009/04/13 04:07:09 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/11 19:46:05 | 00,040,741 | ---- | C] () -- C:\WINDOWS\System32\pic.jpg
[2009/04/11 04:29:48 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\17rjcet5.exe
[2009/04/11 04:29:19 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe
[2009/04/09 17:04:41 | 00,000,000 | ---D | C] -- C:\Backup409_1
[2009/04/09 16:34:52 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/04/09 16:31:44 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/04/08 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Desktop\navbuttons.psd
[2009/04/08 19:03:30 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\dds.scr
[2009/04/08 18:43:03 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\HijackThis.lnk
[2009/04/08 18:43:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/08 18:42:37 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/08 18:41:59 | 10,246,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\driver\Desktop\windows-kb890830-v2.8.exe
[2009/04/08 18:37:29 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\driver\Desktop\HJTInstall.exe
[2009/04/08 17:17:48 | 00,649,563 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\virus.psd
[2009/04/08 16:35:26 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\driver\Desktop\setup-spybotsd162.exe
[2009/04/08 16:10:38 | 00,389,877 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\navbuttons.psd.zip
[2009/04/08 12:58:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ekewamomigob.bin
[2009/04/08 12:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Local Settings\Application Data\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818}
[2009/04/08 10:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Desktop\hn_items
[2009/04/08 10:55:54 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\hn_displays.png
[2009/04/06 19:44:29 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/06 19:44:29 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/06 19:44:28 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/06 19:44:28 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/06 19:44:26 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/06 19:44:25 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/06 19:44:25 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/06 19:44:25 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/06 19:44:25 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/06 19:44:12 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/06 19:44:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/06 19:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/06 19:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/04/06 19:11:32 | 00,028,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vivdzgbr.sys
[2009/04/06 19:11:11 | 00,028,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ajeoimnp.sys
[2009/04/03 15:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009/03/24 23:17:55 | 00,001,355 | ---- | C] () -- C:\Documents and Settings\driver\Desktop\2.jpg
[2009/03/22 16:52:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/03/22 16:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\driver\Application Data\U3
[2009/01/22 22:26:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/12/14 14:06:22 | 00,007,233 | ---- | C] () -- C:\WINDOWS\aketepinukon.dll
[2008/12/14 13:00:19 | 00,007,233 | ---- | C] () -- C:\WINDOWS\ipimoqix.dll
[2008/11/04 02:34:11 | 00,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/02 01:26:46 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/02 01:26:46 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/03/02 20:07:45 | 00,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/13 19:40:52 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/06/07 11:26:36 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/11/10 16:12:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/01 12:30:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/01 12:29:18 | 00,000,366 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/01 12:10:08 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 10:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/11 11:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/11 19:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:37 | 00,000,671 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/13 19:05:08 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1413686000-3873681467-2847599248-1009.job
[2009/04/13 14:50:06 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/13 14:47:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/13 14:47:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/13 14:46:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 14:46:52 | 21,451,73504 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/13 14:41:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 14:21:35 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\driver\Desktop\mbam-setup.exe
[2009/04/11 19:46:05 | 00,040,741 | ---- | M] () -- C:\WINDOWS\System32\pic.jpg
[2009/04/11 04:29:48 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\17rjcet5.exe
[2009/04/11 04:29:20 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\driver\Desktop\OTListIt2.exe
[2009/04/09 17:07:14 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\dds.scr
[2009/04/09 02:11:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ekewamomigob.bin
[2009/04/08 19:05:53 | 00,389,877 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\navbuttons.psd.zip
[2009/04/08 18:43:03 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\HijackThis.lnk
[2009/04/08 18:42:05 | 10,246,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\driver\Desktop\windows-kb890830-v2.8.exe
[2009/04/08 18:37:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\driver\Desktop\HJTInstall.exe
[2009/04/08 17:17:50 | 00,649,563 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\virus.psd
[2009/04/08 17:14:49 | 00,000,366 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/08 16:35:57 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\driver\Desktop\setup-spybotsd162.exe
[2009/04/08 10:55:54 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\hn_displays.png
[2009/04/06 19:46:51 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\megawowa
[2009/04/06 19:44:29 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/06 19:44:25 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/06 19:11:32 | 00,028,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vivdzgbr.sys
[2009/04/06 19:11:11 | 00,028,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ajeoimnp.sys
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 15:54:12 | 00,138,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/04/03 15:53:59 | 00,189,784 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/03 15:52:29 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\driver\Application Data\PnkBstrK.sys
[2009/04/03 15:52:09 | 02,246,144 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/04/03 15:51:33 | 03,977,216 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\QuakeLiveNP.msi
[2009/03/26 08:21:43 | 00,001,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/03/24 23:17:55 | 00,001,355 | ---- | M] () -- C:\Documents and Settings\driver\Desktop\2.jpg
[2009/03/22 16:52:51 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\driver\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 456 bytes -> C:\WINDOWS\System32\drivers\vivdzgbr.sys:changelist
@Alternate Data Stream - 456 bytes -> C:\WINDOWS\System32\drivers\ajeoimnp.sys:changelist
< End of report >


============================================================================
-------------------------------------------------------Malware log--------------------------------------------------------------------
============================================================================
Malwarebytes' Anti-Malware 1.36
Database version: 1976
Windows 5.1.2600 Service Pack 3

4/13/2009 2:45:30 PM
mbam-log-2009-04-13 (14-45-30).txt

Scan type: Quick Scan
Objects scanned: 84595
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00cd9dc (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxefaf (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\driver\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\config\SystemProfile\Application Data\psvr32.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\WINDOWS\Jgivejiguluk.dat (Trojan.Agent) -> Quarantined and deleted successfully.

So far so good your help is greatly appreciated!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:10 AM

Posted 14 April 2009 - 07:59 AM

I just don't feel like everything is clean yet.
So your My Documents folder is opening on startup? Does it seem to happen right at the beginning of boot up or later as your tray programs are still loading?


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Thundarr

Thundarr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 14 April 2009 - 02:01 PM

It seems that the My Docs opens up after the desktop is loaded but right before the tray starts to fill up.

I ran Kaspersky and it found four infected items.

Here is the report

===================================================================
------------------------------------------Kaspersky Online Scan Report-------------------------------------------
===================================================================

KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 14, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, April 14, 2009 17:32:50
Records in database: 2043913
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
Scan statistics
Files scanned 174941
Threat name 2
Infected objects 4
Suspicious objects 0
Duration of the scan 02:19:45

File name Threat name Threats count
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\part.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.bo 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1RN02T23\part[1].exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.bo 1
C:\_OTListIt\MovedFiles\04132009_040709\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.bo 1
C:\_OTListIt\MovedFiles\04132009_040709\WINDOWS\system32\ldr.exe Infected: Trojan-Spy.Win32.Zbot.rmo 1
The selected area was scanned.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:10 AM

Posted 15 April 2009 - 12:10 PM

Locate and delete these files.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\part.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1RN02T23\part[1].exe



================




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Thundarr

Thundarr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 15 April 2009 - 05:39 PM

Okay THanks I will move attempt to remove those files.

My gilrlfriend was on the computer this morning and it was moving normal. When I started up firefox it immediately shut down. Now when ever I try to run anything it automatically shuts the program down. The only programs that do not shut themselves down are windows explorer and notepad. I ran all my virus programs in safe mode and removed 22 infected files. I have know idea what is happening.

I will remove those programs and look for your reply

Thank you for your assistance

Update. I removed those programs in safe mode and Firefox and the other programs seem to be running normally again?

I will run the ComboFix momentarily

===================
Update
===================
I restarted before running combo fix to remove avast from start up and its acting up again. I am in safe mode with networking right now.

Edited by Thundarr, 15 April 2009 - 07:10 PM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:10 AM

Posted 16 April 2009 - 08:58 AM

Go ahead and run Combofix and post back with the log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Thundarr

Thundarr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 16 April 2009 - 01:11 PM

I ran the combo fix while in safe mode. While the program was running I received the follow error.

Exception Processing Message c0000012 parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

If I clicked continue the program continued to run. I have not started it in regular mode yet. I will post an updated once I have restarted in regular windows mode

Here is my log

=====================================================================
-------------------------------------------Combo Fix Log----------------------------------------------------------------
=====================================================================

ComboFix 09-04-16.02 - driver 04/16/2009 11:17.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1738 [GMT -4:00]
Running from: c:\documents and settings\driver\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthoqyrctxoxthcebqmeqfwijueosixxohw.sys
c:\windows\system32\ovfsthclpdkanocdtceeqgicwotrhgiapjmgdq.dat
c:\windows\system32\ovfsthiiqrgqityvivnhphjghfrhydsjmeqngu.dat
c:\windows\system32\ovfsthjjjlptbmmbpdceewhpcjpyohaoofgbnh.dll
c:\windows\system32\ovfsthoojicilqrcvomoayoqcimwdpogqiywci.dll
c:\windows\system32\ovfsthrrvutstmpacjdpqebafnivjctcnfpuvf.dll
c:\windows\system32\pic.jpg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthfjyglmpsnpwrsnqogeuuviiiylkgsixb


((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-15 23:04 . 2009-04-15 23:09 -------- d-----w C:\lexarTemp
2009-04-15 12:43 . 2009-04-15 12:43 74240 ----a-w c:\windows\system32\zlib.dll
2009-04-13 18:41 . 2009-04-13 18:41 -------- d-----w c:\documents and settings\driver\Application Data\Malwarebytes
2009-04-13 18:41 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 18:41 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 18:41 . 2009-04-13 18:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 18:41 . 2009-04-13 18:41 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-13 08:07 . 2009-04-13 08:07 -------- d-----w C:\_OTListIt
2009-04-09 21:04 . 2009-04-09 21:06 -------- d-----w C:\Backup409_1
2009-04-09 20:34 . 2009-04-09 20:36 -------- d-----w c:\program files\Cobian Backup 8
2009-04-09 20:31 . 2009-04-09 20:33 -------- d-----w c:\program files\Cobian Backup 9
2009-04-08 22:43 . 2009-04-08 22:43 -------- d-----w c:\program files\Trend Micro
2009-04-08 16:58 . 2009-04-09 06:11 0 ------w c:\windows\Ekewamomigob.bin
2009-04-08 16:58 . 2009-04-08 16:58 -------- d-----w c:\documents and settings\driver\Local Settings\Application Data\{D4073836-4CF6-4855-B9BD-F6CB6E8CF818}
2009-04-06 23:44 . 2009-04-06 23:44 -------- d-----w c:\program files\Alwil Software
2009-04-06 23:41 . 2009-04-06 23:41 -------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2009-04-06 23:41 . 2009-04-06 23:41 262144 ------w c:\documents and settings\JMERCE~3.COD
2009-04-06 23:39 . 2009-04-06 23:39 262144 ------w c:\documents and settings\JMERCE~2.COD
2009-04-06 23:11 . 2009-04-06 23:11 28320 ------w c:\windows\system32\drivers\vivdzgbr.sys
2009-04-06 23:11 . 2009-04-06 23:11 28320 ------w c:\windows\system32\drivers\ajeoimnp.sys
2009-04-03 19:52 . 2009-04-03 19:52 -------- d-----w c:\documents and settings\All Users\Application Data\id Software
2009-03-22 20:52 . 2009-03-22 20:52 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-22 20:50 . 2009-03-22 20:56 -------- d-----w c:\documents and settings\driver\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 08:44 . 2008-08-27 19:21 -------- d-----w c:\program files\Mozilla Firefox3
2009-04-16 00:06 . 2007-10-12 17:56 -------- d-----w c:\documents and settings\driver\Application Data\WTablet
2009-04-15 23:35 . 2007-10-18 18:55 -------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-04-15 15:45 . 2007-09-14 00:30 -------- d-----w c:\program files\Steam
2009-04-14 19:16 . 2008-04-28 19:19 -------- d-----w c:\documents and settings\driver\Application Data\FileZilla
2009-04-11 22:28 . 2009-04-11 22:28 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009041120090412\index.dat
2009-04-10 16:31 . 2009-04-10 04:04 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009041020090411\index.dat
2009-04-10 00:31 . 2009-04-09 18:04 32768 --sh--w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009040920090410\index.dat
2009-04-08 20:51 . 2007-10-10 17:32 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-08 20:43 . 2007-10-10 17:32 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 21:30 . 2009-04-08 04:03 32768 --sh--w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009040820090409\index.dat
2009-04-07 21:30 . 2009-04-07 21:30 32768 --sh--w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009040720090408\index.dat
2009-04-06 18:36 . 2008-07-02 15:55 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-03 19:54 . 2008-03-03 00:07 138944 ------w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-03 19:53 . 2008-03-03 00:07 189784 ------w c:\windows\system32\PnkBstrB.exe
2009-04-03 19:52 . 2009-02-26 08:46 22328 ------w c:\documents and settings\driver\Application Data\PnkBstrK.sys
2009-04-03 19:52 . 2009-02-26 08:45 2246144 ------w c:\windows\system32\pbsvc.exe
2009-03-11 22:51 . 2008-03-03 00:07 75064 ------w c:\windows\system32\PnkBstrA.exe
2009-03-09 14:55 . 2007-12-27 23:44 -------- d-----w c:\documents and settings\driver\Application Data\mIRC
2009-03-09 14:20 . 2009-03-09 14:15 -------- d-----w c:\program files\mIRC
2009-03-03 16:07 . 2009-03-03 16:07 -------- d-----w c:\program files\Dyson
2009-02-26 08:47 . 2009-02-26 08:47 -------- d-----w c:\documents and settings\driver\Application Data\id Software
2009-02-22 22:13 . 2009-02-22 22:13 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2009-02-22 22:13 . 2009-02-22 22:13 -------- d-----w c:\program files\Pando Networks
2009-02-11 07:22 . 2007-09-09 15:47 67664 ------w c:\documents and settings\driver\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-10 17:05 . 2009-02-10 17:05 726008 ------w c:\documents and settings\driver\gotomypc_438.exe
2009-02-09 11:13 . 2008-10-15 10:14 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-11 23:00 1846784 ------w c:\windows\system32\win32k.sys
2009-01-23 02:23 . 2009-01-23 02:23 2560 ------w c:\windows\_MSRSTRT.EXE
2009-01-17 02:35 . 2006-05-19 14:08 3594752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-07 18:41 . 2007-09-15 00:30 67272 ------w c:\documents and settings\driver\Application Data\GDIPFONTCACHEV1.DAT
2007-09-09 15:47 . 2007-09-09 15:46 129 ------w c:\documents and settings\driver\Local Settings\Application Data\fusioncache.dat
2007-09-09 15:41 . 2007-09-09 15:41 17608 ------w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-07 16:52 . 2007-06-07 16:52 17608 ------w c:\documents and settings\jmerrill.ITS-402509\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-07 16:52 . 2007-06-07 16:51 142 ------w c:\documents and settings\jmerrill.ITS-402509\Local Settings\Application Data\fusioncache.dat
2007-06-07 16:34 . 2007-06-07 16:34 17608 ------w c:\documents and settings\jmerrill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-07 16:06 . 2007-06-07 16:06 75264 ------w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-06-07 15:21 . 2007-06-07 15:21 131 ------w c:\documents and settings\jmerrill\Local Settings\Application Data\fusioncache.dat
2006-11-01 16:28 . 2006-11-01 16:28 136 ------w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2004-07-22 15:51 . 2004-07-22 15:51 3432656 ------w c:\program files\ManagedDX.CAB
2004-07-20 03:58 . 2004-07-20 03:58 1156363 ------w c:\program files\BDANT.cab
2004-07-20 03:53 . 2004-07-20 03:53 976020 ------w c:\program files\BDAXP.cab
2004-07-09 19:17 . 2004-07-09 19:17 13265040 ------w c:\program files\dxnt.cab
2004-07-09 14:13 . 2004-07-09 14:13 15493481 ------w c:\program files\DirectX.cab
2004-07-09 14:13 . 2004-07-09 14:13 703080 ------w c:\program files\BDA.cab
2004-07-09 09:08 . 2004-07-09 09:08 472576 ------w c:\program files\dxsetup.exe
2004-07-09 09:08 . 2004-07-09 09:08 2242560 ------w c:\program files\dsetup32.dll
2004-07-09 08:03 . 2004-07-09 08:03 62976 ------w c:\program files\DSETUP.dll
2008-10-15 16:2007-09-13 23:33 59:05 . c:\program files\mozilla firefox\components\jar50.dll
2008-10-15 16:2007-09-13 23:33 59:05 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-15 16:2007-09-13 23:33 59:06 . c:\program files\mozilla firefox\components\myspell.dll
2008-10-15 16:2007-09-13 23:33 59:06 . c:\program files\mozilla firefox\components\spellchk.dll
2008-10-15 16:2007-09-13 23:33 59:06 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-12 136768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-14 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2005-10-7 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-23 02:29 210168 ------w c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli wmupr2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\}apk{ zygote\\day of defeat\\hl.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\games\\UrbanTerror\\ioUrbanTerror.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Home\\wsftpgui.exe"=
"c:\\webtools\\FileZilla FTP Client\\filezilla.exe"=
"c:\\games\\nexuiz-242\\Nexuiz\\nexuiz-dedicated.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox3\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\}apk{ zygote\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58514:TCP"= 58514:TCP:Pando Media Booster
"58514:UDP"= 58514:UDP:Pando Media Booster

R1 ghidpxyb;ghidpxyb; [x]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-03-17 65536]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R3 Nuljoaltea;Nuljoaltea; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413686000-3873681467-2847599248-1009.job
- c:\documents and settings\driver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:28]

2009-04-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{e16ce56a-3c85-5501-6824-7719acf3770c} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\documents and settings\driver\Application Data\Mozilla\Firefox\Profiles\w1lhq7fv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\driver\Application Data\Mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\driver\Application Data\Mozilla\Firefox\Profiles\w1lhq7fv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\driver\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox3\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox3\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\XStandard\Bin\NPXStandard.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 11:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1413686000-3873681467-2847599248-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FB86169-30A5-AB68-5616-6F7746839474}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajgcjgejbcdeallbb"=hex:69,61,67,70,6f,63,63,62,68,69,6b,6d,6d,67,63,65,6a,70,
00,00
"hapiikelnfnjmlgn"=hex:69,61,67,70,6f,63,63,62,68,69,6b,6d,6d,67,63,65,6a,70,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FB86169-30A5-AB68-5616-6F7746839474}\InProcServer32*]
"jalgkojbapmfonjdeona"=hex:69,61,67,70,6f,63,63,62,68,69,6b,6d,6d,67,63,65,6a,
70,00,00
"ialgaodcdgldenjphm"=hex:69,61,67,70,6f,63,63,62,68,69,6b,6d,6d,67,63,65,6a,70,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
.
**************************************************************************
.
Completion time: 2009-04-16 11:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 15:34

Pre-Run: 159,383,932,928 bytes free
Post-Run: 159,323,877,376 bytes free

243 --- E O F --- 2009-04-13 23:00

#14 Thundarr

Thundarr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 16 April 2009 - 01:48 PM

I started up in regular windows mode and the My Documents folder is not opening anymore. My programs are still opening and closing shortly there after.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:10 AM

Posted 17 April 2009 - 09:22 AM

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/ind...howtopic=218176

Suspect::[52]
c:\windows\Ekewamomigob.bin
c:\windows\system32\drivers\vivdzgbr.sys
c:\windows\system32\drivers\ajeoimnp.sys

Driver::
ghidpxyb
Nuljoaltea


Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users