Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown virus/malware problem win32\heur possible


  • This topic is locked This topic is locked
9 replies to this topic

#1 exasperatedinal

exasperatedinal

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 10 April 2009 - 09:02 AM

Hello,

I have some sort of virus / malware. When I run a AVG virus scan, it finds and heals files in the Documents and Setting/chet/Local Settings/Temp directory. Thuese files are a series of numbers.exe (like 2333455667.exe). But I can't get Spybot Search and Destroy or Malware bytes to run (or internet explorer for that matter). They are installed, but when I click on them, nothing happens. And when I run AVG again, the same stuff shows up, saying it's infected with the win32/heur virus

Thanks for your help.

Chet

Here are the DDS logs

DDS (Ver_09-03-16.01) - NTFSx86
Run by chet at 8:43:21.70 on Fri 04/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.43 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\chet\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: c:\windows\system32\nhser43uhjnefr.dll: {c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Diagnostic Manager] c:\docume~1\chet\locals~1\temp\2131732.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ffowojoc] rundll32.exe "c:\windows\axaxuvedi.dll",e
StartupFolder: c:\docume~1\chet\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://66.133.171.94/rcm/VMRCActiveXClient1.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} - hxxp://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} - hxxp://vlab1se-ekt2.elementk.com/vlab/ax/PortTester.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://sslvpn.sanmina-sci.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\golorojo.dll kjhdgx.dll c:\windows\system32\yigafuya.dll c:\windows\system32\tasurepa.dll c:\windows\system32\mowatino.dll c:\windows\system32\bayelegi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bayelegi.dll
STS: c:\windows\system32\nhser43uhjnefr.dll: {c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\bayelegi.dll
SEH: MCOEShellHook Class: {b9e618a2-a4fe-11d4-83c2-005004636c96} - c:\program files\metamail inc\metamail reader\oe\OESHook.dll
LSA: Notification Packages = scecli c:\windows\system32\golorojo.dll LFimcod.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chet\applic~1\mozilla\firefox\profiles\vpsz9euz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {F6BAA989-545B-4E53-8D04-EAED6F8595AF} - c:\documents and settings\chet\local settings\application data\{F6BAA989-545B-4E53-8D04-EAED6F8595AF}
FF - HiddenExtension: XUL Cache: {B98A09A9-94C6-439B-93F3-503FD0879251} - c:\documents and settings\administrator\local settings\application data\{b98a09a9-94c6-439b-93f3-503fd0879251}\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-8 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-8 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-8 108552]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2009-3-7 6144]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-8 298264]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-7-2 9161]
S2 BridDfu;LINKSYS WAP11 USB Device Driver;c:\windows\system32\drivers\BridDFU.sys [2006-7-13 16302]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-7-2 114080]
S3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\windows\system32\drivers\CsMini20.sys [2003-3-18 46248]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-11-12 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-11-12 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-11-12 21504]
S3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\drivers\usbscan.sys [2007-11-19 15104]

=============== Created Last 30 ================

2009-04-10 08:12 <DIR> --d----- C:\VundoFix Backups
2009-04-10 07:27 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-10 07:00 <DIR> --d----- c:\program files\CCleaner
2009-04-10 06:59 <DIR> --d----- C:\help
2009-04-05 20:36 16 a------- c:\windows\Mhusipoxaziguqux.bin
2009-04-05 20:36 1,420 a------- c:\windows\Qbovebod.dat
2009-03-30 02:49 122 ---sh--- c:\windows\system32\irorumik.ini
2009-03-30 02:26 122 ---sh--- c:\windows\system32\urazemet.ini
2009-03-29 18:07 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-29 14:07 122 ---sh--- c:\windows\system32\ejupoduj.ini
2009-03-29 11:48 101,998 a------- c:\windows\system32\drivers\f9a32f4b.sys
2009-03-29 11:46 2 a------- C:\-602949652
2009-03-29 11:45 15,000 a------- c:\windows\system32\nhser43uhjnefr.dll
2009-03-29 11:45 45,056 a------- C:\dmsiacq.exe
2009-03-28 23:27 122 ---sh--- c:\windows\system32\eyabatal.ini
2009-03-28 05:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-28 05:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-28 05:13 <DIR> --d----- c:\program files\Lavasoft
2009-03-27 20:42 16,409,960 a------- c:\temp\setup-spybotsd162.exe
2009-03-27 20:30 37,452,296 a------- c:\temp\Ad-AwareAE.exe
2009-03-27 20:25 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-27 20:25 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-27 20:25 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-27 20:25 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-23 13:16 <DIR> --d----- C:\ProgramData
2009-03-23 13:16 <DIR> --d----- c:\program files\Angle Interactive
2009-03-23 00:07 <DIR> --d----- c:\docume~1\chet\applic~1\Research In Motion
2009-03-21 08:09 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-03-20 20:43 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-03-20 20:43 <DIR> --d----- c:\program files\Research In Motion
2009-03-20 20:43 <DIR> --d----- c:\program files\common files\Research In Motion
2009-03-18 04:58 244 a---h--- C:\sqmnoopt07.sqm
2009-03-18 04:58 232 a---h--- C:\sqmdata07.sqm
2009-03-18 04:58 244 a---h--- C:\sqmnoopt06.sqm
2009-03-18 04:58 232 a---h--- C:\sqmdata06.sqm
2009-03-18 04:58 244 a---h--- C:\sqmnoopt05.sqm
2009-03-18 04:58 232 a---h--- C:\sqmdata05.sqm
2009-03-18 04:58 244 a---h--- C:\sqmnoopt04.sqm
2009-03-18 04:58 232 a---h--- C:\sqmdata04.sqm
2009-03-18 04:57 244 a---h--- C:\sqmnoopt03.sqm
2009-03-18 04:57 232 a---h--- C:\sqmdata03.sqm
2009-03-18 04:56 244 a---h--- C:\sqmnoopt02.sqm
2009-03-18 04:56 232 a---h--- C:\sqmdata02.sqm
2009-03-18 04:56 244 a---h--- C:\sqmnoopt01.sqm
2009-03-18 04:56 232 a---h--- C:\sqmdata01.sqm
2009-03-18 04:56 244 a---h--- C:\sqmnoopt00.sqm
2009-03-18 04:56 232 a---h--- C:\sqmdata00.sqm

==================== Find3M ====================

2009-04-08 11:00 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-14 11:15 5,402 a------- c:\docume~1\chet\applic~1\wklnhst.dat
2009-03-09 01:49 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-03-09 01:49 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-03-09 01:49 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-03-08 20:04 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-07 08:44 110,072 a------- c:\windows\hpoins08.dat
2009-03-06 07:40 17 a------- C:\TEMP.DAT
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 05:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2006-04-04 06:29 5,224 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 8:44:59.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 11 April 2009 - 09:52 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 exasperatedinal

exasperatedinal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 11 April 2009 - 06:33 PM

Thanks, Sam...

Here's the logs (there were two)

OTListIt logfile created on: 4/11/2009 6:07:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\help
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 80.55 Mb Available Physical Memory | 15.79% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1500;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.99 Gb Total Space | 33.47 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive D: | 55.98 Gb Total Space | 21.21 Gb Free Space | 37.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 211.76 Mb Total Space | 10.44 Mb Free Space | 4.93% Space Free | Partition Type: NTFS
Drive H: | 368.68 Mb Total Space | 165.04 Mb Free Space | 44.77% Space Free | Partition Type: NTFS
Drive I: | 697.94 Mb Total Space | 421.02 Mb Free Space | 60.32% Space Free | Partition Type: FAT

Computer Name: DELLHSV
Current User Name: chet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/08 20:03:50 | 01,932,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2001/09/10 19:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
PRC - [2004/07/29 02:53:58 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe
PRC - [2008/11/10 06:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/07/12 13:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2008/01/03 18:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2005/12/15 12:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/07/29 04:02:34 | 01,269,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2009/01/09 20:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/09 21:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2005/03/14 13:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/12/15 13:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/08/30 18:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2007/08/13 18:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/08/13 18:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/04 05:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/03/09 14:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/03/08 20:03:44 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/08 20:03:59 | 00,485,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/03/08 20:04:01 | 00,594,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/03/08 20:03:47 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/03/08 20:03:55 | 00,691,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/03/08 20:03:41 | 00,760,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/03/08 20:03:55 | 00,691,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/04/11 17:15:13 | 00,022,529 | ---- | M] () -- C:\Documents and Settings\chet\Local Settings\Temp\4221503240.exe
PRC - [2006/06/18 16:25:32 | 00,079,360 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe
PRC - [2009/04/11 18:06:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\help\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/03/08 20:03:47 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/03/08 20:03:44 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2001/09/10 19:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/07/29 02:53:58 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity [Auto | Running])
SRV - [2009/03/24 16:10:42 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/06/14 16:23:58 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2008/11/10 06:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/03/30 16:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [On_Demand | Stopped])
SRV - [2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Running])
SRV - [2006/07/12 13:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2007/06/27 20:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2004/07/29 04:02:34 | 01,269,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2005/03/14 13:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2004/08/03 23:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/08/03 23:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinrvxx.sys -- (atinrvxx [On_Demand | Running])
DRV - [2004/08/03 23:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atintuxx.sys -- (ATITUNEP [On_Demand | Running])
DRV - [2004/08/03 23:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinraxx.sys -- (ativraxx [On_Demand | Running])
DRV - [2004/08/03 23:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinxsxx.sys -- (ATIXSAudio [On_Demand | Running])
DRV - [2009/03/08 20:04:52 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/03/08 20:04:38 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/04/08 11:00:02 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2001/07/06 17:02:00 | 00,016,302 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BridDfu.sys -- (BridDfu [Auto | Stopped])
DRV - [2001/09/10 19:09:46 | 00,057,392 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla [On_Demand | Stopped])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [1995/11/07 04:57:00 | 00,006,144 | ---- | M] (Corel Corporation) -- C:\WINDOWS\System32\drivers\crlscsi.sys -- (crlscsi [System | Running])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/03/18 15:55:04 | 00,046,248 | ---- | M] (Crescentec Corporation) -- C:\WINDOWS\System32\Drivers\CsMini20.sys -- (DCamUSB20 [On_Demand | Stopped])
DRV - [2005/06/16 14:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys -- (DcCam [System | Running])
DRV - [2005/03/31 07:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
DRV - [2005/03/31 07:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\dcfs2k.sys -- (DCFS2K [Auto | Running])
DRV - [2005/03/31 07:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys -- (DcLps [On_Demand | Stopped])
DRV - [2005/03/31 07:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys -- (DcPTP [On_Demand | Stopped])
DRV - [2005/04/22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/04/21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2004/02/10 21:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2002/04/22 14:50:14 | 00,009,161 | R--- | M] (Nortel Networks) -- C:\WINDOWS\system32\DRIVERS\eacfilt.sys -- (Eacfilt [On_Demand | Running])
DRV - [2005/03/31 08:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\exportit.sys -- (Exportit [System | Stopped])
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [System | Running])
DRV - [2005/10/21 20:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2005/10/27 20:24:29 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2005/10/21 20:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/06 04:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/06 04:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/16 03:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2002/08/06 12:04:08 | 00,114,080 | ---- | M] (Nortel Networks) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys -- (IPSECEXT [Auto | Stopped])
DRV - [2002/08/06 12:04:08 | 00,114,080 | ---- | M] (Nortel Networks) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM [On_Demand | Running])
DRV - [2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2007/08/30 22:12:47 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/06 04:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2007/02/27 15:31:18 | 00,017,792 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys -- (motccgp [On_Demand | Stopped])
DRV - [2007/01/23 20:03:44 | 00,007,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped])
DRV - [2007/02/27 15:31:28 | 00,021,504 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2007/02/27 15:31:30 | 00,021,504 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motport.sys -- (motport [On_Demand | Stopped])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 23:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinmdxx.sys -- (MVDCODEC [On_Demand | Running])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2007/12/04 17:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2004/08/03 23:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinpdxx.sys -- (PCDCODEC [On_Demand | Running])
DRV - [2004/07/29 04:13:28 | 00,046,779 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount [System | Running])
DRV - [2004/07/29 03:33:08 | 00,138,780 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/10/19 19:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2005/01/27 21:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/05/13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2005/05/13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2005/05/31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2002/11/05 16:56:48 | 00,012,692 | ---- | M] () -- C:\WINDOWS\System32\Drivers\cresscan.sys -- (Usb20Scan [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\s-1-5-21-1648643079-1763753199-1403380001-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F6BAA989-545B-4E53-8D04-EAED6F8595AF}:1.0
FF - prefs.js..extensions.enabledItems: {B98A09A9-94C6-439B-93F3-503FD0879251}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/24 20:20:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/08 20:03:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{F6BAA989-545B-4E53-8D04-EAED6F8595AF}: C:\DOCUMENTS AND SETTINGS\CHET\LOCAL SETTINGS\APPLICATION DATA\{F6BAA989-545B-4E53-8D04-EAED6F8595AF} [2009/04/09 17:59:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B98A09A9-94C6-439B-93F3-503FD0879251}: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{B98A09A9-94C6-439B-93F3-503FD0879251} [2009/04/03 06:38:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/05 22:41:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/05 22:41:09 | 00,000,000 | ---D | M]

[2009/04/04 12:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Extensions
[2009/04/04 12:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/10 17:40:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Firefox\Profiles\vpsz9euz.default\extensions
[2006/07/11 19:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Firefox\Profiles\vpsz9euz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/10/11 19:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Firefox\Profiles\vpsz9euz.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009/04/10 17:40:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/05 22:41:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/15 06:56:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/29 07:52:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/24 20:21:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/08 20:14:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/05 22:40:38 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/05 22:40:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/05 22:40:57 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/05 22:40:57 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/05 22:40:57 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/05 22:40:57 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/05 22:40:57 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/05 22:40:57 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/05 22:40:57 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303918 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\system32\nhser43uhjnefr.dll) - {c2ba40a2-74f3-42bd-f434-2604812c8954} - C:\WINDOWS\system32\nhser43uhjnefr.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Ffowojoc] rundll32.exe "C:\WINDOWS\axaxuvedi.dll",e (Mozilla Foundation)
O4 - HKU\s-1-5-19..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\vupivino.dll",s File not found
O4 - HKU\s-1-5-20..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\vupivino.dll",s File not found
O4 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006..\Run: [Diagnostic Manager] C:\DOCUME~1\chet\LOCALS~1\Temp\4221503240.exe ()
O4 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\chet\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm File not found
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm File not found
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm File not found
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .UVR - C:\Program Files\Internet Explorer\Plugins\NPUPano.dll (Ulead Systems, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.default\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-19\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-20\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://66.133.171.94/rcm/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (GMNRev Class)
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab (BLS_SpeedOP.systemcheck)
O16 - DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} http://vlab1se-ekt2.elementk.com/vlab/ax/PortTester.cab (PortDetector Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://sslvpn.sanmina-sci.com/dana-cached/...perSetupSP1.cab (JuniperSetupSP1 Control)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\golorojo.dll) - C:\WINDOWS\system32\golorojo.dll File not found
O20 - AppInit_DLLs: (kjhdgx.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\yigafuya.dll) - c:\windows\system32\yigafuya.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\tasurepa.dll) - c:\windows\system32\tasurepa.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\mowatino.dll) - c:\windows\system32\mowatino.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\bayelegi.dll) - c:\windows\system32\bayelegi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bayelegi.dll File not found
O22 - SharedTaskScheduler: {C2BA40A2-74F3-42BD-F434-2604812C8954} - kjm6t5rinmhp8o87t7r6gh - C:\WINDOWS\system32\nhser43uhjnefr.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\bayelegi.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OE\OESHook.dll (Metamail Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/12 01:32:48 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/30 04:16:42 | 00,000,066 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a093cab2-794b-11dd-a76f-444553544200}\Shell\AutoRun\command - "" = G:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/11 08:17:08 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\chet\My Documents\billsale lincoln.doc
[2009/04/10 12:02:33 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/10 08:12:17 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/10 07:33:08 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\chet\Desktop\Spybot - Search & Destroy.lnk
[2009/04/10 07:27:23 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/10 07:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chet\Application Data\Yahoo!
[2009/04/10 07:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/10 07:00:35 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\chet\Desktop\CCleaner.lnk
[2009/04/10 07:00:33 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/10 06:59:46 | 00,000,000 | ---D | C] -- C:\help
[2009/04/10 06:44:56 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\chet\Desktop\Opera.lnk
[2009/04/09 17:59:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chet\Local Settings\Application Data\{F6BAA989-545B-4E53-8D04-EAED6F8595AF}
[2009/04/05 20:57:05 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/04/05 20:51:51 | 02,906,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\chet\Desktop\mbam-setup.exe
[2009/04/05 20:49:26 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\chet\Desktop\IE7-WindowsXP-x86-enu.exe
[2009/04/05 20:36:51 | 00,000,016 | ---- | C] () -- C:\WINDOWS\Mhusipoxaziguqux.bin
[2009/04/05 20:36:47 | 00,001,420 | ---- | C] () -- C:\WINDOWS\Qbovebod.dat
[2009/03/30 02:49:20 | 00,000,122 | -HS- | C] () -- C:\WINDOWS\System32\irorumik.ini
[2009/03/30 02:26:41 | 00,000,122 | -HS- | C] () -- C:\WINDOWS\System32\urazemet.ini
[2009/03/29 18:07:47 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/29 18:07:46 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/29 14:07:59 | 00,000,122 | -HS- | C] () -- C:\WINDOWS\System32\ejupoduj.ini
[2009/03/29 11:48:38 | 00,101,998 | ---- | C] () -- C:\WINDOWS\System32\drivers\f9a32f4b.sys
[2009/03/29 11:46:08 | 00,000,002 | ---- | C] () -- C:\-602949652
[2009/03/29 11:45:59 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\nhser43uhjnefr.dll
[2009/03/28 23:27:50 | 00,000,122 | -HS- | C] () -- C:\WINDOWS\System32\eyabatal.ini
[2009/03/28 05:18:45 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/28 05:18:13 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/28 05:13:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/28 05:13:41 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/28 05:13:06 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/28 05:13:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/27 20:25:47 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/03/27 20:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/03/27 20:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/03/27 20:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/03/24 16:10:44 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/23 13:16:31 | 00,000,000 | ---D | C] -- C:\ProgramData
[2009/03/23 13:16:31 | 00,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2009/03/23 00:07:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chet\Application Data\Research In Motion
[2009/03/21 08:09:36 | 00,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2009/03/20 20:43:40 | 00,026,496 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2009/03/20 20:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/03/20 20:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/03/18 04:58:43 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2009/03/18 04:58:43 | 00,000,232 | -H-- | C] () -- C:\sqmdata07.sqm
[2009/03/18 04:58:37 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2009/03/18 04:58:37 | 00,000,232 | -H-- | C] () -- C:\sqmdata06.sqm
[2009/03/18 04:58:21 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2009/03/18 04:58:21 | 00,000,232 | -H-- | C] () -- C:\sqmdata05.sqm
[2009/03/18 04:58:10 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2009/03/18 04:58:10 | 00,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2009/03/18 04:57:32 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2009/03/18 04:57:32 | 00,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2009/03/18 04:56:59 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2009/03/18 04:56:59 | 00,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2009/03/18 04:56:44 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2009/03/18 04:56:44 | 00,000,232 | -H-- | C] () -- C:\sqmdata01.sqm
[2009/03/18 04:56:00 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2009/03/18 04:56:00 | 00,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2009/03/16 19:51:54 | 00,012,518 | ---- | C] () -- C:\Documents and Settings\chet\My Documents\compumpteen.odt
[2009/03/07 08:32:35 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/03/07 07:29:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/03/06 21:31:09 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.chet.ini
[2009/01/22 07:49:57 | 00,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/06/16 21:16:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2008/01/29 08:38:59 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/09 06:18:12 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/09 06:16:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/09 06:16:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/12/11 14:43:44 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/30 05:58:42 | 00,000,336 | ---- | C] () -- C:\WINDOWS\svpoker.ini
[2007/01/30 04:33:56 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/07/13 19:53:15 | 00,016,302 | ---- | C] () -- C:\WINDOWS\System32\drivers\BridDFU.sys
[2006/05/04 22:16:42 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/04 06:29:14 | 00,005,224 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/20 21:17:39 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/03/20 21:17:39 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/03/20 21:17:39 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/16 23:05:21 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2005/10/06 21:47:59 | 00,000,171 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/10/06 21:47:57 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/09/22 14:12:24 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.dll
[2005/07/21 21:44:27 | 00,006,412 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/07/20 20:22:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Smtp.dll
[2005/07/20 20:22:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\QvtNet.dll
[2005/06/15 08:57:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/15 08:48:13 | 00,000,718 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/15 08:43:04 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/15 08:15:22 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/06/15 08:14:58 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/04 20:58:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,844 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/11/10 14:07:38 | 00,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/11/10 14:07:38 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/11/10 14:07:26 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/08/07 14:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/18 22:48:40 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\cresvfw.dll
[2002/11/05 16:56:48 | 00,099,672 | ---- | C] () -- C:\WINDOWS\dibapi32.dll
[2002/11/05 16:56:48 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\preview.dll
[2002/11/05 16:56:48 | 00,012,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\cresscan.sys
[2001/07/06 17:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009/04/11 18:09:04 | 00,101,998 | ---- | M] () -- C:\WINDOWS\System32\drivers\f9a32f4b.sys
[2009/04/11 17:34:38 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/11 16:17:09 | 00,005,666 | ---- | M] () -- C:\Documents and Settings\chet\Application Data\wklnhst.dat
[2009/04/11 16:17:08 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\chet\My Documents\billsale lincoln.doc
[2009/04/11 09:28:03 | 35,043,589 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/11 09:28:03 | 00,093,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/11 08:11:59 | 00,000,016 | ---- | M] () -- C:\WINDOWS\Mhusipoxaziguqux.bin
[2009/04/11 08:11:58 | 00,001,420 | ---- | M] () -- C:\WINDOWS\Qbovebod.dat
[2009/04/11 05:18:34 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/10 19:40:47 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\chet\Desktop\Microsoft Word.lnk
[2009/04/10 12:05:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/10 12:02:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/10 12:02:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/10 12:02:33 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/10 08:02:40 | 02,096,656 | -H-- | M] () -- C:\Documents and Settings\chet\Local Settings\Application Data\IconCache.db
[2009/04/10 08:02:30 | 00,000,844 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/10 08:02:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/10 08:02:30 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/04/10 07:55:58 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/10 07:33:08 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\chet\Desktop\Spybot - Search & Destroy.lnk
[2009/04/10 07:00:35 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\chet\Desktop\CCleaner.lnk
[2009/04/09 19:58:36 | 00,478,886 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/09 19:58:36 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/09 19:58:36 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/09 19:53:21 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\chet\My Documents\desktop.ini
[2009/04/09 15:09:37 | 00,012,518 | ---- | M] () -- C:\Documents and Settings\chet\My Documents\compumpteen.odt
[2009/04/08 13:53:42 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/08 11:00:02 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/05 20:53:24 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\chet\Desktop\IE7-WindowsXP-x86-enu.exe
[2009/04/05 20:53:12 | 02,906,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\chet\Desktop\mbam-setup.exe
[2009/04/03 06:27:10 | 00,282,624 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/03 06:27:10 | 00,219,136 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/03/30 13:28:20 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\nonevomu
[2009/03/30 02:49:45 | 00,000,122 | -HS- | M] () -- C:\WINDOWS\System32\irorumik.ini
[2009/03/30 02:26:57 | 00,000,122 | -HS- | M] () -- C:\WINDOWS\System32\urazemet.ini
[2009/03/29 18:07:47 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/29 18:07:46 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/29 17:10:44 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\chet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 14:08:57 | 00,000,122 | -HS- | M] () -- C:\WINDOWS\System32\ejupoduj.ini
[2009/03/29 13:18:01 | 00,000,718 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/29 11:47:13 | 00,000,002 | ---- | M] () -- C:\-602949652
[2009/03/29 11:45:59 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\nhser43uhjnefr.dll
[2009/03/28 23:27:52 | 00,000,122 | -HS- | M] () -- C:\WINDOWS\System32\eyabatal.ini
[2009/03/28 18:14:48 | 00,303,918 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/28 05:13:41 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/27 23:09:13 | 00,303,918 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090328-181448.backup
[2009/03/27 20:01:57 | 00,000,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090327-230913.backup
[2009/03/18 04:58:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/18 04:58:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/18 04:58:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/03/18 04:58:37 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/03/18 04:58:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/18 04:58:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/03/18 04:58:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/18 04:58:10 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/18 04:57:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/18 04:57:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/18 04:56:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/18 04:56:59 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/18 04:56:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/18 04:56:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/03/18 04:56:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/18 04:56:00 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
< End of report >


start second report
==================================================
OTListIt Extras logfile created on: 4/11/2009 6:07:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\help
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 80.55 Mb Available Physical Memory | 15.79% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1500;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.99 Gb Total Space | 33.47 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive D: | 55.98 Gb Total Space | 21.21 Gb Free Space | 37.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 211.76 Mb Total Space | 10.44 Mb Free Space | 4.93% Space Free | Partition Type: NTFS
Drive H: | 368.68 Mb Total Space | 165.04 Mb Free Space | 44.77% Space Free | Partition Type: NTFS
Drive I: | 697.94 Mb Total Space | 421.02 Mb Free Space | 60.32% Space Free | Partition Type: FAT

Computer Name: DELLHSV
Current User Name: chet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 18:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
[2002/08/06 11:55:22 | 00,618,496 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client
[2004/08/04 05:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program
[2000/05/06 08:37:58 | 00,151,552 | ---- | M] () -- C:\Program Files\QPC\QvtNet\bin\Ftp.exe:*:Enabled:FTP
[2000/05/06 08:38:14 | 00,081,920 | ---- | M] () -- C:\Program Files\QPC\QvtNet\bin\Ftpd.exe:*:Enabled:FTPD
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
File not found -- C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime
[2005/11/01 03:57:40 | 00,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2007/08/30 18:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Linksys\WAP11 SNMP\SNMPmanager.exe:*:Enabled:SNMPmanager
[2007/08/13 18:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2006/06/14 16:48:00 | 14,276,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\temp\linksys\WAP11 wizard v1.1.exe:*:Enabled:WAP11 wizard v1.1
File not found -- C:\Documents and Settings\chet\Local Settings\Temp\Temporary Directory 1 for wap11_dr_ver26,0.zip\setup.exe:*:Enabled:Setup Wizard of WAP11 v2.6
[2002/01/18 19:24:32 | 00,524,288 | ---- | M] () -- C:\Program Files\Linksys WAP11\WAP11 SNMP\SNMPmanager.exe:*:Enabled:SNMPmanager
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/03 15:27:52 | 00,267,632 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\chet\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:dsTermServ Module
[2007/07/12 17:45:32 | 00,749,568 | ---- | M] (BVRP Software) -- C:\Program Files\Motorola Phone Tools\mPhonetools.exe:*:Enabled:mobile Phone Software
[2007/06/27 20:02:38 | 00,697,640 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home
[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2005/12/15 12:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 13:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/23 19:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/23 19:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/23 19:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/20 22:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/20 22:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/23 20:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/20 22:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/23 19:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/09/16 01:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/09/16 01:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/23 20:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 13:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2009/04/05 22:40:45 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\ocqkmoc.exe:*:Disabled:ocqkmoc
[2009/03/08 20:03:47 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2009/03/08 20:03:48 | 01,057,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/03/08 20:04:01 | 00,594,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A22C818-D44D-4691-BF27-8884CB5B44B1}" = AVerDVD EZMaker USB 2.0 Driver
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = MMC88
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F695596-85E6-4224-BC70-538F9036797A}" = MovieShop
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}" = DAO
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6D10B089-6F8F-41C5-9B43-A001FC048B42}" = Album To Go 2.0
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7516254D-7F98-49DD-8209-5D2208BD1033}" = Nero 7 Essentials
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87C76990-6474-468D-BC0B-D86A0E212429}" = Opera 9.0
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93AE099E-1500-42C2-8174-7AED23D33A73}" = Motorola Phone Tools
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95C42225-F0E2-4480-AD65-560D854F252E}" = Palm Desktop by ACCESS
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C26D7EF1-A5AD-4B46-9F49-535E9255A669}" = BlackBerry Desktop Software 4.7
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC527773-5AB3-11D5-AD9A-0050BA1AB546}" = WAP11 Utility
"{CD7F9976-33AE-4C07-BAE5-FCB50CA6E371}" = STOIK Capturer
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDstandard4
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F0620409-8B20-48A0-ACA0-09D5FC90D316}" = Visual Basic .NET Standard 2003 - English
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"Applian FLV Player2.0.24" = Applian FLV Player
"Arcade! Classic Arcade Pack" = Arcade! Classic Arcade Pack 3.7
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"AVG8Uninstall" = AVG Free 8.5
"BlackBerry_{C26D7EF1-A5AD-4B46-9F49-535E9255A669}" = BlackBerry Desktop Software 4.7
"ccleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"Comcast Rhapsody" = Comcast Rhapsody
"Corel Applications" = Corel Applications
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Printer Software
"FreeRIP_is1" = FreeRIP v2.951
"Gold Imaging" = Gold Imaging
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1A22C818-D44D-4691-BF27-8884CB5B44B1}" = AVerDVD EZMaker USB 2.0 Driver
"InstallShield_{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center 8.8.0.0
"InstallShield_{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}" = DAO
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDstandard
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JAJC" = JAJC (remove only)
"Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch" = Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"LMS" = C-Dilla Licence Management System
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MyWaySearchAssistantDE" = My Way Search Assistant
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PacBomber" = PacBomber
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PROSet" = Intel® PRO Network Adapters and Drivers
"PST Walker_is1" = PST Walker Evaluation 4.14
"QvtNetDeinstKey" = QVT/Net
"RealPlayer 6.0" = RealPlayer
"Riva FLV Player_is1" = Riva FLV Player
"SAP Download Manager" = SAP Download Manager
"ScanModule V5.1" = ScanModule V5.1
"Scribus 1.3.3.12" = Scribus 1.3.3.12
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Tar-1.13-bin_is1" = Tar-1.13 Binaries (GnuWin32)
"Tomb Raider II" = Tomb Raider II
"Ulead COOL 360 Viewer Plugin" = Ulead COOL 360 Viewer Plugin
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Basic .NET Standard 2003 - English" = Microsoft Visual Basic .NET Standard 2003 - English
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinPac 2" = WinPac 2 (remove only)
"winscp3_is1" = WinSCP 3.8.2
"WMFDist11" = Windows Media Format 11 runtime
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"yahoo! companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"Juniper_Term_Services" = Juniper Terminal Services Client

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"Juniper_Term_Services" = Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2009 12:15:19 AM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2009 6:12:28 AM | Computer Name = DELLHSV | Source = MsiInstaller | ID = 11704
Description = Product: Visual C++ 2008 x86 Runtime - (v9.0.30729) -- Error 1704.An
installation for SmartSound Quicktracks Plugin is currently suspended. You must
undo the changes made by that installation to continue. Do you want to undo those
changes?

Error - 3/28/2009 6:14:07 AM | Computer Name = DELLHSV | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/29/2009 12:38:49 AM | Computer Name = DELLHSV | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.

Error - 3/29/2009 11:23:05 AM | Computer Name = DELLHSV | Source = Application Error | ID = 1000
Description = Faulting application photohse.exe, version 1.71.0.0, faulting module
crestw.ds, version 2.0.7.0, fault address 0x0000644d.

Error - 3/29/2009 11:39:32 AM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application PD3.EXE, version 1.1.128.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2009 11:52:09 AM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 10:26:19 PM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2009 7:40:57 PM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2009 9:27:19 AM | Computer Name = DELLHSV | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 00000000. The machine must now be restarted.

[ Application Events ]
Error - 3/28/2009 12:15:19 AM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2009 6:12:28 AM | Computer Name = DELLHSV | Source = MsiInstaller | ID = 11704
Description = Product: Visual C++ 2008 x86 Runtime - (v9.0.30729) -- Error 1704.An
installation for SmartSound Quicktracks Plugin is currently suspended. You must
undo the changes made by that installation to continue. Do you want to undo those
changes?

Error - 3/28/2009 6:14:07 AM | Computer Name = DELLHSV | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/29/2009 12:38:49 AM | Computer Name = DELLHSV | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.

Error - 3/29/2009 11:23:05 AM | Computer Name = DELLHSV | Source = Application Error | ID = 1000
Description = Faulting application photohse.exe, version 1.71.0.0, faulting module
crestw.ds, version 2.0.7.0, fault address 0x0000644d.

Error - 3/29/2009 11:39:32 AM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application PD3.EXE, version 1.1.128.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2009 11:52:09 AM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 10:26:19 PM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2009 7:40:57 PM | Computer Name = DELLHSV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2009 9:27:19 AM | Computer Name = DELLHSV | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 00000000. The machine must now be restarted.

[ System Events ]
Error - 4/11/2009 2:37:12 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 2:39:12 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 2:47:09 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 2:49:10 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 2:57:09 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 2:59:09 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 3:07:09 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 3:09:10 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 3:17:09 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/11/2009 3:19:09 PM | Computer Name = DELLHSV | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 11 April 2009 - 07:41 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - [2009/04/11 17:15:13 | 00,022,529 | ---- | M] () -- C:\Documents and Settings\chet\Local Settings\Temp\4221503240.exe
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\golorojo.dll) - C:\WINDOWS\system32\golorojo.dll File not found
    O20 - AppInit_DLLs: (kjhdgx.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\yigafuya.dll) - c:\windows\system32\yigafuya.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\tasurepa.dll) - c:\windows\system32\tasurepa.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\mowatino.dll) - c:\windows\system32\mowatino.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\bayelegi.dll) - c:\windows\system32\bayelegi.dll File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bayelegi.dll File not found
    O22 - SharedTaskScheduler: {C2BA40A2-74F3-42BD-F434-2604812C8954} - kjm6t5rinmhp8o87t7r6gh - C:\WINDOWS\system32\nhser43uhjnefr.dll ()
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\bayelegi.dll File not found
    O4 - HKLM..\Run: [Ffowojoc] rundll32.exe "C:\WINDOWS\axaxuvedi.dll",e (Mozilla Foundation)
    O4 - HKU\s-1-5-19..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\vupivino.dll",s File not found
    O4 - HKU\s-1-5-20..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\vupivino.dll",s File not found
    O4 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006..\Run: [Diagnostic Manager] C:\DOCUME~1\chet\LOCALS~1\Temp\4221503240.exe ()
    O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    
    :Files
    C:\WINDOWS\System32\eyabatal.ini
    C:\WINDOWS\System32\nhser43uhjnefr.dll
    C:\WINDOWS\System32\ejupoduj.ini
    C:\WINDOWS\System32\irorumik.ini
    C:\WINDOWS\System32\urazemet.ini
    C:\WINDOWS\System32\drivers\f9a32f4b.sys
    C:\WINDOWS\Mhusipoxaziguqux.bin
    C:\WINDOWS\Qbovebod.dat
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

See if you can run a scan with Malwarebytes now.
If so, please post that log also.

Let me know how your computer is behaving now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 exasperatedinal

exasperatedinal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 12 April 2009 - 05:34 PM

I really appreciate your help.

Internet Explorer still won't run.
Malware Bytes still won't install.

I don't see the random {NUMBERS}.exe anymore.

Here's the log...


OTListIt logfile created on: 4/12/2009 5:23:46 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\help
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 117.02 Mb Available Physical Memory | 22.95% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): C:\pagefile.sys 768 1500;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.99 Gb Total Space | 33.54 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive D: | 55.98 Gb Total Space | 21.21 Gb Free Space | 37.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 211.76 Mb Total Space | 10.44 Mb Free Space | 4.93% Space Free | Partition Type: NTFS
Drive H: | 368.68 Mb Total Space | 165.04 Mb Free Space | 44.77% Space Free | Partition Type: NTFS
Drive I: | 697.94 Mb Total Space | 421.02 Mb Free Space | 60.32% Space Free | Partition Type: FAT

Computer Name: DELLHSV
Current User Name: chet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/08 20:03:50 | 01,932,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/03/08 20:03:44 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2001/09/10 19:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
PRC - [2008/01/03 18:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2004/07/29 02:53:58 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe
PRC - [2005/12/15 12:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/11/10 06:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/09 20:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/09 21:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2006/07/12 13:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2004/07/29 04:02:34 | 01,269,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2009/03/08 20:03:59 | 00,485,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/03/08 20:04:01 | 00,594,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2005/03/14 13:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2009/03/08 20:03:47 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/03/08 20:03:55 | 00,691,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2005/12/15 13:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/08/30 18:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2007/08/13 18:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/05 20:53:12 | 02,906,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\chet\Desktop\mbam-setup.exe
PRC - [2009/04/11 18:06:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\help\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/03/08 20:03:47 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/03/08 20:03:44 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2001/09/10 19:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/07/29 02:53:58 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity [Auto | Running])
SRV - [2009/03/24 16:10:42 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/06/14 16:23:58 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2008/11/10 06:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/03/30 16:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [On_Demand | Stopped])
SRV - [2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2006/07/12 13:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2007/06/27 20:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2004/07/29 04:02:34 | 01,269,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2005/03/14 13:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2004/08/03 23:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/08/03 23:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinrvxx.sys -- (atinrvxx [On_Demand | Running])
DRV - [2004/08/03 23:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atintuxx.sys -- (ATITUNEP [On_Demand | Running])
DRV - [2004/08/03 23:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinraxx.sys -- (ativraxx [On_Demand | Running])
DRV - [2004/08/03 23:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinxsxx.sys -- (ATIXSAudio [On_Demand | Running])
DRV - [2009/03/08 20:04:52 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/03/08 20:04:38 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/04/08 11:00:02 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2001/07/06 17:02:00 | 00,016,302 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BridDfu.sys -- (BridDfu [Auto | Stopped])
DRV - [2001/09/10 19:09:46 | 00,057,392 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla [On_Demand | Stopped])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [1995/11/07 04:57:00 | 00,006,144 | ---- | M] (Corel Corporation) -- C:\WINDOWS\System32\drivers\crlscsi.sys -- (crlscsi [System | Running])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/03/18 15:55:04 | 00,046,248 | ---- | M] (Crescentec Corporation) -- C:\WINDOWS\System32\Drivers\CsMini20.sys -- (DCamUSB20 [On_Demand | Stopped])
DRV - [2005/06/16 14:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys -- (DcCam [System | Running])
DRV - [2005/03/31 07:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
DRV - [2005/03/31 07:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\dcfs2k.sys -- (DCFS2K [Auto | Running])
DRV - [2005/03/31 07:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys -- (DcLps [On_Demand | Stopped])
DRV - [2005/03/31 07:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys -- (DcPTP [On_Demand | Stopped])
DRV - [2005/04/22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/04/21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2004/02/10 21:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2002/04/22 14:50:14 | 00,009,161 | R--- | M] (Nortel Networks) -- C:\WINDOWS\system32\DRIVERS\eacfilt.sys -- (Eacfilt [On_Demand | Running])
DRV - [2005/03/31 08:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\exportit.sys -- (Exportit [System | Stopped])
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [System | Running])
DRV - [2005/10/21 20:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2005/10/27 20:24:29 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2005/10/21 20:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/06 04:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/06 04:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/16 03:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2002/08/06 12:04:08 | 00,114,080 | ---- | M] (Nortel Networks) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys -- (IPSECEXT [Auto | Stopped])
DRV - [2002/08/06 12:04:08 | 00,114,080 | ---- | M] (Nortel Networks) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM [On_Demand | Running])
DRV - [2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2007/08/30 22:12:47 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/06 04:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2007/02/27 15:31:18 | 00,017,792 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys -- (motccgp [On_Demand | Stopped])
DRV - [2007/01/23 20:03:44 | 00,007,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped])
DRV - [2007/02/27 15:31:28 | 00,021,504 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2007/02/27 15:31:30 | 00,021,504 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motport.sys -- (motport [On_Demand | Stopped])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 23:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinmdxx.sys -- (MVDCODEC [On_Demand | Running])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2007/12/04 17:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2004/08/03 23:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinpdxx.sys -- (PCDCODEC [On_Demand | Running])
DRV - [2004/07/29 04:13:28 | 00,046,779 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount [System | Running])
DRV - [2004/07/29 03:33:08 | 00,138,780 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/10/19 19:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2005/01/27 21:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/05/13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2005/05/13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2005/05/31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/05/31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2002/11/05 16:56:48 | 00,012,692 | ---- | M] () -- C:\WINDOWS\System32\Drivers\cresscan.sys -- (Usb20Scan [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\s-1-5-21-1648643079-1763753199-1403380001-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F6BAA989-545B-4E53-8D04-EAED6F8595AF}:1.0
FF - prefs.js..extensions.enabledItems: {B98A09A9-94C6-439B-93F3-503FD0879251}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/24 20:20:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/08 20:03:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{F6BAA989-545B-4E53-8D04-EAED6F8595AF}: C:\DOCUMENTS AND SETTINGS\CHET\LOCAL SETTINGS\APPLICATION DATA\{F6BAA989-545B-4E53-8D04-EAED6F8595AF} [2009/04/09 17:59:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B98A09A9-94C6-439B-93F3-503FD0879251}: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{B98A09A9-94C6-439B-93F3-503FD0879251} [2009/04/03 06:38:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/12 07:54:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/05 22:41:09 | 00,000,000 | ---D | M]

[2009/04/04 12:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Extensions
[2009/04/04 12:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/12 00:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Firefox\Profiles\vpsz9euz.default\extensions
[2006/07/11 19:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Firefox\Profiles\vpsz9euz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/10/11 19:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chet\Application Data\mozilla\Firefox\Profiles\vpsz9euz.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009/04/12 00:03:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/05 22:41:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/15 06:56:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/29 07:52:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/24 20:21:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/08 20:14:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/05 22:40:38 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/05 22:40:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/05 22:40:57 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/05 22:40:57 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/05 22:40:57 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/05 22:40:57 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/05 22:40:57 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/05 22:40:57 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/05 22:40:57 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303918 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {c2ba40a2-74f3-42bd-f434-2604812c8954} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {f7a7db12-7774-45fd-a0b8-71a7d1a5cd2a} - C:\WINDOWS\system32\tebanara.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CPMdf3c84df] Rundll32.exe "c:\windows\system32\sidefevi.dll",a ()
O4 - HKLM..\Run: [dc0fb743] rundll32.exe "C:\WINDOWS\system32\tapuwaba.dll",b ()
O4 - HKLM..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\jajepibe.dll",s ()
O4 - HKU\s-1-5-19..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\jajepibe.dll",s ()
O4 - HKU\s-1-5-20..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\jajepibe.dll",s ()
O4 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006..\Run: [Diagnostic Manager] C:\DOCUME~1\chet\LOCALS~1\Temp\389254066.exe File not found
O4 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\chet\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm File not found
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm File not found
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm File not found
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .UVR - C:\Program Files\Internet Explorer\Plugins\NPUPano.dll (Ulead Systems, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.default\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-19\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-20\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://66.133.171.94/rcm/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (GMNRev Class)
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab (BLS_SpeedOP.systemcheck)
O16 - DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} http://vlab1se-ekt2.elementk.com/vlab/ax/PortTester.cab (PortDetector Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://sslvpn.sanmina-sci.com/dana-cached/...perSetupSP1.cab (JuniperSetupSP1 Control)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\homirohu.dll) - c:\windows\system32\homirohu.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sidefevi.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\sidefevi.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OE\OESHook.dll (Metamail Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/12 01:32:48 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/30 04:16:42 | 00,000,066 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a093cab2-794b-11dd-a76f-444553544200}\Shell\AutoRun\command - "" = G:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/12 17:08:02 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/12 10:52:41 | 00,009,216 | ---- | C] () -- C:\WINDOWS\instsp2.exe
[2009/04/11 22:33:42 | 01,403,910 | -HS- | C] () -- C:\WINDOWS\System32\abawupat.ini
[2009/04/11 08:17:08 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\chet\My Documents\billsale lincoln.doc
[2009/04/10 12:02:33 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/10 08:12:17 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/10 07:33:08 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\chet\Desktop\Spybot - Search & Destroy.lnk
[2009/04/10 07:27:23 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/10 07:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chet\Application Data\Yahoo!
[2009/04/10 07:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/10 07:00:35 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\chet\Desktop\CCleaner.lnk
[2009/04/10 07:00:33 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/10 06:59:46 | 00,000,000 | ---D | C] -- C:\help
[2009/04/10 06:44:56 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\chet\Desktop\Opera.lnk
[2009/04/09 17:59:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chet\Local Settings\Application Data\{F6BAA989-545B-4E53-8D04-EAED6F8595AF}
[2009/04/05 20:57:05 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/04/05 20:51:51 | 02,906,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\chet\Desktop\mbam-setup.exe
[2009/04/05 20:49:26 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\chet\Desktop\IE7-WindowsXP-x86-enu.exe
[2009/03/29 18:07:47 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/29 18:07:46 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/29 11:48:38 | 00,101,998 | ---- | C] () -- C:\WINDOWS\System32\drivers\f9a32f4b.sys
[2009/03/29 11:46:08 | 00,000,002 | ---- | C] () -- C:\-602949652
[2009/03/28 05:18:45 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/28 05:18:13 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/28 05:13:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/28 05:13:41 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/28 05:13:06 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/28 05:13:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/27 20:25:47 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/03/27 20:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/03/27 20:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/03/27 20:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/03/24 16:10:44 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/23 13:16:31 | 00,000,000 | ---D | C] -- C:\ProgramData
[2009/03/23 13:16:31 | 00,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2009/03/23 00:07:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chet\Application Data\Research In Motion
[2009/03/21 08:09:36 | 00,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2009/03/20 20:43:40 | 00,026,496 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2009/03/20 20:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/03/20 20:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/03/18 04:58:43 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2009/03/18 04:58:43 | 00,000,232 | -H-- | C] () -- C:\sqmdata07.sqm
[2009/03/18 04:58:37 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2009/03/18 04:58:37 | 00,000,232 | -H-- | C] () -- C:\sqmdata06.sqm
[2009/03/18 04:58:21 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2009/03/18 04:58:21 | 00,000,232 | -H-- | C] () -- C:\sqmdata05.sqm
[2009/03/18 04:58:10 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2009/03/18 04:58:10 | 00,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2009/03/18 04:57:32 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2009/03/18 04:57:32 | 00,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2009/03/18 04:56:59 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2009/03/18 04:56:59 | 00,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2009/03/18 04:56:44 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2009/03/18 04:56:44 | 00,000,232 | -H-- | C] () -- C:\sqmdata01.sqm
[2009/03/18 04:56:00 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2009/03/18 04:56:00 | 00,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2009/03/16 19:51:54 | 00,012,518 | ---- | C] () -- C:\Documents and Settings\chet\My Documents\compumpteen.odt
[2009/03/07 08:32:35 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/03/07 07:29:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/03/06 21:31:09 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.chet.ini
[2009/01/22 07:49:57 | 00,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2009/01/12 11:37:47 | 00,109,568 | -HS- | C] () -- C:\WINDOWS\System32\sidefevi.dll
[2009/01/11 22:34:02 | 00,071,680 | -HS- | C] () -- C:\WINDOWS\System32\tebanara.dll
[2009/01/11 22:34:02 | 00,071,680 | -HS- | C] () -- C:\WINDOWS\System32\jajepibe.dll
[2009/01/11 22:33:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\tapuwaba.dll
[2008/06/16 21:16:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2008/01/29 08:38:59 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/09 06:18:12 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/09 06:16:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/09 06:16:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/12/11 14:43:44 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/30 05:58:42 | 00,000,336 | ---- | C] () -- C:\WINDOWS\svpoker.ini
[2007/01/30 04:33:56 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/07/13 19:53:15 | 00,016,302 | ---- | C] () -- C:\WINDOWS\System32\drivers\BridDFU.sys
[2006/05/04 22:16:42 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/04 06:29:14 | 00,005,224 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/20 21:17:39 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/03/20 21:17:39 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/03/20 21:17:39 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/16 23:05:21 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2005/10/06 21:47:59 | 00,000,171 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/10/06 21:47:57 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/09/22 14:12:24 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.dll
[2005/07/21 21:44:27 | 00,006,412 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/07/20 20:22:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Smtp.dll
[2005/07/20 20:22:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\QvtNet.dll
[2005/06/15 08:57:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/15 08:48:13 | 00,000,718 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/15 08:43:04 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/15 08:15:22 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/06/15 08:14:58 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/04 20:58:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,844 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/11/10 14:07:38 | 00,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/11/10 14:07:38 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/11/10 14:07:26 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/08/07 14:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/18 22:48:40 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\cresvfw.dll
[2002/11/05 16:56:48 | 00,099,672 | ---- | C] () -- C:\WINDOWS\dibapi32.dll
[2002/11/05 16:56:48 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\preview.dll
[2002/11/05 16:56:48 | 00,012,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\cresscan.sys
[2001/07/06 17:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2009/04/12 17:28:48 | 00,101,998 | ---- | M] () -- C:\WINDOWS\System32\drivers\f9a32f4b.sys
[2009/04/12 17:28:41 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\nonevomu
[2009/04/12 17:21:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/12 17:19:44 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/12 17:19:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/12 17:19:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/12 17:19:06 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/12 11:37:51 | 00,009,216 | ---- | M] () -- C:\WINDOWS\instsp2.exe
[2009/04/12 11:37:50 | 00,109,568 | -HS- | M] () -- C:\WINDOWS\System32\sidefevi.dll
[2009/04/12 11:37:48 | 00,064,000 | -HS- | M] () -- C:\WINDOWS\System32\tujikabu.exe
[2009/04/12 11:15:15 | 00,109,568 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\dujujewo.dll
[2009/04/12 11:15:14 | 00,064,000 | -HS- | M] () -- C:\WINDOWS\System32\pamobeto.exe
[2009/04/12 10:52:40 | 00,109,568 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\godojuje.dll
[2009/04/12 10:52:39 | 00,064,000 | -HS- | M] () -- C:\WINDOWS\System32\noguyiyu.exe
[2009/04/12 00:05:50 | 01,403,910 | -HS- | M] () -- C:\WINDOWS\System32\abawupat.ini
[2009/04/11 22:33:53 | 00,071,680 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\polohisu.dll
[2009/04/11 22:33:26 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\tapuwaba.dll
[2009/04/11 22:33:24 | 00,109,056 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\vunipibu.dll
[2009/04/11 22:33:23 | 00,062,976 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\napijelu.exe
[2009/04/11 16:17:09 | 00,005,666 | ---- | M] () -- C:\Documents and Settings\chet\Application Data\wklnhst.dat
[2009/04/11 16:17:08 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\chet\My Documents\billsale lincoln.doc
[2009/04/11 09:28:03 | 35,043,589 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/11 09:28:03 | 00,093,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/11 05:18:34 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/10 19:40:47 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\chet\Desktop\Microsoft Word.lnk
[2009/04/10 08:02:40 | 02,096,656 | -H-- | M] () -- C:\Documents and Settings\chet\Local Settings\Application Data\IconCache.db
[2009/04/10 08:02:30 | 00,000,844 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/10 08:02:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/10 08:02:30 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/04/10 07:55:58 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/10 07:33:08 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\chet\Desktop\Spybot - Search & Destroy.lnk
[2009/04/10 07:00:35 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\chet\Desktop\CCleaner.lnk
[2009/04/09 19:58:36 | 00,478,886 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/09 19:58:36 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/09 19:58:36 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/09 19:53:21 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\chet\My Documents\desktop.ini
[2009/04/09 15:09:37 | 00,012,518 | ---- | M] () -- C:\Documents and Settings\chet\My Documents\compumpteen.odt
[2009/04/08 13:53:42 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/08 11:00:02 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/05 20:53:24 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\chet\Desktop\IE7-WindowsXP-x86-enu.exe
[2009/04/05 20:53:12 | 02,906,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\chet\Desktop\mbam-setup.exe
[2009/04/03 06:27:10 | 00,282,624 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/03 06:27:10 | 00,219,136 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/03/29 18:07:47 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/03/29 18:07:46 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/29 17:10:44 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\chet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 13:18:01 | 00,000,718 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/29 11:47:13 | 00,000,002 | ---- | M] () -- C:\-602949652
[2009/03/28 18:14:48 | 00,303,918 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/28 05:13:41 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/27 23:09:13 | 00,303,918 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090328-181448.backup
[2009/03/27 20:01:57 | 00,000,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090327-230913.backup
[2009/03/18 04:58:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/18 04:58:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/18 04:58:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/03/18 04:58:37 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/03/18 04:58:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/18 04:58:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/03/18 04:58:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/18 04:58:10 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/18 04:57:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/18 04:57:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/18 04:56:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/18 04:56:59 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/18 04:56:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/18 04:56:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/03/18 04:56:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/18 04:56:00 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 13 April 2009 - 11:42 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (no name) - {c2ba40a2-74f3-42bd-f434-2604812c8954} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {f7a7db12-7774-45fd-a0b8-71a7d1a5cd2a} - C:\WINDOWS\system32\tebanara.dll ()
    O3 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [CPMdf3c84df] Rundll32.exe "c:\windows\system32\sidefevi.dll",a ()
    O4 - HKLM..\Run: [dc0fb743] rundll32.exe "C:\WINDOWS\system32\tapuwaba.dll",b ()
    O4 - HKLM..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\jajepibe.dll",s ()
    O4 - HKU\s-1-5-19..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\jajepibe.dll",s ()
    O4 - HKU\s-1-5-20..\Run: [husekivago] Rundll32.exe "C:\WINDOWS\system32\jajepibe.dll",s ()
    O4 - HKU\s-1-5-21-1648643079-1763753199-1403380001-1006..\Run: [Diagnostic Manager] C:\DOCUME~1\chet\LOCALS~1\Temp\389254066.exe File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O20 - AppInit_DLLs: (c:\windows\system32\homirohu.dll) - c:\windows\system32\homirohu.dll File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sidefevi.dll ()
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\sidefevi.dll ()
    
    
    :Files
    C:\WINDOWS\instsp2.exe
    C:\WINDOWS\System32\abawupat.ini
    C:\WINDOWS\System32\sidefevi.dll
    C:\WINDOWS\System32\tebanara.dll
    C:\WINDOWS\System32\jajepibe.dll
    C:\WINDOWS\System32\tapuwaba.dll
    C:\WINDOWS\System32\tujikabu.exe
    C:\WINDOWS\System32\dujujewo.dll
    C:\WINDOWS\System32\pamobeto.exe
    C:\WINDOWS\System32\godojuje.dll
    C:\WINDOWS\System32\noguyiyu.exe
    C:\WINDOWS\System32\abawupat.ini
    C:\WINDOWS\System32\polohisu.dll
    C:\WINDOWS\System32\vunipibu.dll
    C:\WINDOWS\System32\napijelu.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

Rename "mbam-setup.exe" to "mbytes-setup.exe" and double click to see if Malwarebytes will install this time.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 exasperatedinal

exasperatedinal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 13 April 2009 - 09:26 PM

I'm out of town... it wil be Friday before I can do this... I'll post the results then. Thanks for your patience!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 14 April 2009 - 07:56 AM

No problem. I'll be around. :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 exasperatedinal

exasperatedinal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 18 April 2009 - 02:50 PM

Buckeye_sam,

Thanks for your help... I gave up... the virus(es) won... I wiped the disk and reloaded this morning.

Thanks again,

Chet

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:18 PM

Posted 19 April 2009 - 11:05 AM

Sometimes that is the best course of action.

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users