Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update turns off repeatedly - with browser popups, See hijackthis log


  • This topic is locked This topic is locked
13 replies to this topic

#1 mrdoenutz

mrdoenutz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 24 April 2009 - 10:07 AM

need help asap....i keep getting c:\windows\system32\yarilimu.dll is not a valid windoes image. please check this against your installation diskette.

i get this when start windows and opening any programs, i get pop ups when using firefox and ie, and windows automatic update keeps turning off.

hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:39 AM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickBooksDB] C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\QBDBMgrN.exe -n QB_STERLING704_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 512M -c 256M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200318009460
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Sterling.local
O17 - HKLM\Software\..\Telephony: DomainName = Sterling.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Sterling.local
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\yarilimu.dll c:\windows\system32\vuvihafo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 11456 bytes




OTListIt logfile created on: 4/24/2009 10:51:15 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\mduncan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.37% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 14.67 Gb Free Space | 21.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1382.30 Gb Total Space | 59.64 Gb Free Space | 4.31% Space Free | Partition Type: NTFS

Computer Name: STERLING704
Current User Name: mduncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/04/24 10:18:41 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/01/05 17:09:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\Ati2evxx.exe
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/04/24 10:18:42 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/02/01 23:23:08 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/01/09 14:24:04 | 03,894,272 | ---- | M] (VIA Technologies, Inc) -- C:\Program Files\Audio Deck\EnMixCPL.exe
PRC - [2009/01/05 17:09:11 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/06/29 14:17:32 | 00,319,488 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2002/12/16 16:51:24 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2007/06/07 09:52:14 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/02/01 23:23:08 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2009/03/12 02:44:02 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/02/09 16:55:38 | 00,300,328 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
PRC - [2009/02/27 10:26:55 | 05,943,296 | ---- | M] (Computer Solutions Engineering, Inc. (CSE)) -- C:\Program Files\Computer Solutions Engineering, Inc\Sterling Marketing\SterlingMarketing.exe
PRC - [2009/04/06 15:32:44 | 01,277,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
PRC - [2009/04/22 10:07:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/24 10:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/11/20 12:21:57 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2003/10/13 17:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/02/01 22:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/21 09:49:51 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/05 17:09:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/24 10:18:41 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/05/11 18:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 08:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - File not found -- -- (x10nets [On_Demand | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/01/23 10:52:31 | 00,258,044 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II [On_Demand | Running])
DRV - [2005/02/01 22:39:18 | 00,970,240 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/01/11 18:14:16 | 00,580,736 | R--- | M] (VIA - IC Ensemble, Inc.) -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS [On_Demand | Running])
DRV - [2009/04/24 10:18:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/01/19 12:45:30 | 00,088,960 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2005/01/12 20:45:44 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/01/12 20:45:46 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])
DRV - [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\S-1-5-21-1245976592-2188668053-4287571042-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\S-1-5-21-1245976592-2188668053-4287571042-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 09:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 10:07:58 | 00,000,000 | ---D | M]

[2008/09/02 10:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Extensions
[2008/09/02 10:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/01/03 11:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Firefox\Profiles\16k7e59g.default\extensions
[2009/04/24 09:50:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 10:07:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/28 15:29:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/03 08:47:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/28 08:59:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/01/05 17:09:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/22 10:07:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 10:07:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/17 11:57:42 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/17 11:57:42 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/17 11:57:42 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 11:57:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/17 11:57:42 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/17 11:57:42 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CPMab6fa73e] Rundll32.exe "c:\windows\system32\vatebogi.dll",a ()
O4 - HKLM..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 (VIA Technologies, Inc)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray (Napster)
O4 - HKLM..\Run: [QuickBooksDB] C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\QBDBMgrN.exe -n QB_STERLING704_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 512M -c 256M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y (Intuit, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKU\S-1-5-18..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
O4 - Startup: C:\Documents and Settings\mduncan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1200318009460 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Sterling.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\yarilimu.dll) - c:\windows\system32\yarilimu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\vuvihafo.dll) - c:\windows\system32\vuvihafo.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\vatebogi.dll) - c:\windows\system32\vatebogi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\SYSTEM32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vatebogi.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\vatebogi.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 14:19:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eef305b9-5d19-11db-9d32-00301bb9b10c}\Shell\AutoRun\command - "" = G:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{eef305b9-5d19-11db-9d32-00301bb9b10c}\Shell\RoboForm2Go\command - "" = G:\PortableRoboForm.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/24 10:52:03 | 00,069,512 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\JavaRa.zip
[2009/04/24 10:50:56 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe
[2009/04/24 10:28:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/24 10:19:07 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/24 10:18:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/24 10:18:03 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/24 10:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/24 10:14:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\Malwarebytes
[2009/04/24 10:14:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/24 10:14:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/24 10:14:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/24 10:14:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/24 10:14:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/24 10:14:03 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mduncan\Desktop\mbam-setup.exe
[2009/04/24 10:05:17 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\mduncan\Desktop\Ad-AwareAE.exe
[2009/04/24 09:24:38 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\YARILIMU.DLL
[2009/04/24 09:19:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/04/24 09:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/24 08:47:47 | 00,006,395 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\History.qbo
[2009/04/24 08:46:58 | 00,079,360 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Q31SHIPPING2009APRIL24.xls
[2009/04/24 04:11:43 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\fomamemi.dll
[2009/04/24 04:11:00 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zikenige.exe
[2009/04/23 04:05:59 | 01,408,293 | -HS- | C] () -- C:\WINDOWS\System32\ababewub.ini
[2009/04/22 16:52:58 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\tradingpins.doc
[2009/04/22 16:52:58 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\mduncan\Desktop\~$adingpins.doc
[2009/04/22 09:53:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Local Settings\Application Data\stardevelop.com
[2009/04/22 04:05:09 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\sehajiwi.exe
[2009/04/21 16:47:34 | 00,297,311 | ---- | C] () -- C:\Documents and Settings\mduncan\My Documents\W9 4-21-09.pdf
[2009/04/21 14:57:11 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Copy of Weekly time sheet with breaks 4-21 to 4-25 Tudy.xls
[2009/04/21 10:29:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/04/21 10:29:47 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/04/21 10:29:47 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/04/21 10:29:36 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/04/21 10:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\PC Tools
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/04/21 08:32:49 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-20 to 4-24hump.xls
[2009/04/20 22:03:34 | 01,409,833 | -HS- | C] () -- C:\WINDOWS\System32\eberamil.ini
[2009/04/20 10:03:27 | 01,409,806 | -HS- | C] () -- C:\WINDOWS\System32\akobajuv.ini
[2009/04/19 22:03:22 | 01,409,806 | -HS- | C] () -- C:\WINDOWS\System32\ebemijig.ini
[2009/04/19 10:03:19 | 01,409,806 | -HS- | C] () -- C:\WINDOWS\System32\ewajozek.ini
[2009/04/18 22:03:14 | 01,409,806 | -HS- | C] () -- C:\WINDOWS\System32\uvepulop.ini
[2009/04/18 10:03:10 | 01,409,806 | -HS- | C] () -- C:\WINDOWS\System32\uguhiwuv.ini
[2009/04/17 22:03:06 | 01,409,793 | -HS- | C] () -- C:\WINDOWS\System32\evelonon.ini
[2009/04/17 10:15:24 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/04/17 10:05:06 | 00,000,174 | ---- | C] () -- C:\WINDOWS\AvDetected.ini
[2009/04/17 09:57:13 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/17 09:51:07 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/04/17 09:51:07 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/04/17 09:51:07 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2009/04/17 09:51:06 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/04/17 09:51:05 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/04/17 09:23:19 | 00,023,722 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_04_17_09_23_19.dmp
[2009/04/16 22:02:10 | 01,409,808 | -HS- | C] () -- C:\WINDOWS\System32\oyivujet.ini
[2009/04/16 13:30:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/16 13:29:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/16 10:02:12 | 01,409,817 | -HS- | C] () -- C:\WINDOWS\System32\owuralam.ini
[2009/04/16 08:45:45 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 08:45:44 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 08:45:44 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 08:45:44 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 08:45:43 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 08:45:43 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 08:45:42 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 08:45:42 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 08:45:42 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 08:45:29 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 08:45:29 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 08:45:29 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/08 10:37:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\My Documents\khang
[2009/04/08 09:42:21 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-20 to 4-24 khang.xls
[2009/03/31 21:00:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/03/31 21:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/03/31 20:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/31 17:48:56 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/31 17:34:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/31 17:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/03/31 17:34:34 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/31 17:34:18 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/31 17:34:18 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/31 17:34:18 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/31 17:34:18 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/31 17:34:18 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/31 17:34:18 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/31 17:34:18 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/31 17:34:17 | 00,000,000 | ---D | C] -- C:\58682b55f93916c302
[2009/03/31 17:19:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/31 17:18:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/31 17:11:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/03/31 17:09:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/03/31 13:54:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\Inspyder InSite
[2009/01/23 16:06:04 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\vatebogi.dll
[2009/01/23 04:05:45 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\huruzizo.dll
[2009/01/21 10:03:48 | 00,000,273 | -HS- | C] () -- C:\WINDOWS\System32\pibahoju.dll
[2009/01/21 10:03:48 | 00,000,248 | -HS- | C] () -- C:\WINDOWS\System32\rerurepo.dll
[2009/01/20 10:03:30 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\pavevoni.dll
[2009/01/19 22:03:24 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\hatebomi.dll
[2009/01/19 10:03:19 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\kalebuji.dll
[2009/01/18 22:03:15 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\pejagamu.dll
[2009/01/18 10:03:12 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\rahogihi.dll
[2009/01/17 22:03:06 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\bonojaji.dll
[2009/01/05 16:56:48 | 00,000,111 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2007/09/11 15:41:38 | 00,000,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/09 15:49:09 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/04/05 10:44:12 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\92EAEB348E.sys
[2007/04/05 10:39:28 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/26 21:21:13 | 00,000,036 | ---- | C] () -- C:\WINDOWS\ezmacros.INI
[2007/02/26 21:21:01 | 00,000,520 | ---- | C] () -- C:\WINDOWS\unezmac.ini
[2006/11/17 11:34:40 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/10/24 12:56:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/09/18 15:37:50 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 00,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/08/09 17:50:51 | 00,018,400 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2006/08/09 16:21:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/08 18:32:46 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/14 13:07:48 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/13 15:37:19 | 00,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2006/02/13 15:37:19 | 00,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2006/02/13 15:37:10 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\UnEnvyNT.dll
[2004/08/06 10:00:00 | 00,006,555 | ---- | C] () -- C:\WINDOWS\System32\grpconv.dll
[2004/08/04 08:00:00 | 00,000,681 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/28 12:42:06 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 09:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/01/04 13:25:00 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/24 10:52:26 | 00,069,512 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\JavaRa.zip
[2009/04/24 10:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe
[2009/04/24 10:46:16 | 00,002,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sterling Marketing.lnk
[2009/04/24 10:45:27 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/24 10:44:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/24 10:44:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/24 10:41:23 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vazedupe
[2009/04/24 10:19:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/24 10:18:56 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/24 10:18:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/24 10:18:03 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/24 10:17:20 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\mduncan\Desktop\Ad-AwareAE.exe
[2009/04/24 10:14:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/24 10:14:03 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mduncan\Desktop\mbam-setup.exe
[2009/04/24 09:24:40 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\YARILIMU.DLL
[2009/04/24 09:01:17 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-20 to 4-24hump.xls
[2009/04/24 08:47:47 | 00,006,395 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\History.qbo
[2009/04/24 08:47:26 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-20 to 4-24 khang.xls
[2009/04/24 08:46:58 | 00,079,360 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Q31SHIPPING2009APRIL24.xls
[2009/04/24 04:11:43 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\fomamemi.dll
[2009/04/24 04:11:00 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zikenige.exe
[2009/04/23 16:06:04 | 00,089,088 | ---- | M] () -- C:\WINDOWS\System32\vatebogi.dll
[2009/04/23 16:06:04 | 00,047,616 | -HS- | M] () -- C:\WINDOWS\System32\nawiyumi.exe
[2009/04/23 15:41:47 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Trillian.lnk
[2009/04/23 14:52:01 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Copy of Weekly time sheet with breaks 4-21 to 4-25 Tudy.xls
[2009/04/23 14:51:10 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/04/23 13:27:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/23 04:27:09 | 01,408,293 | -HS- | M] () -- C:\WINDOWS\System32\ababewub.ini
[2009/04/23 04:05:45 | 00,089,600 | -HS- | M] () -- C:\WINDOWS\System32\huruzizo.dll
[2009/04/23 04:05:43 | 00,047,616 | -HS- | M] () -- C:\WINDOWS\System32\hatizila.exe
[2009/04/22 18:13:11 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\tradingpins.doc
[2009/04/22 18:11:01 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Microsoft Office Outlook 2003.lnk
[2009/04/22 16:52:58 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\mduncan\Desktop\~$adingpins.doc
[2009/04/22 16:05:23 | 00,046,592 | -HS- | M] () -- C:\WINDOWS\System32\sihivubo.exe
[2009/04/22 04:05:09 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\sehajiwi.exe
[2009/04/21 16:47:50 | 00,297,311 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\W9 4-21-09.pdf
[2009/04/21 15:03:58 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\revision response.doc
[2009/04/21 10:28:01 | 01,409,833 | -HS- | M] () -- C:\WINDOWS\System32\eberamil.ini
[2009/04/21 10:03:50 | 00,046,592 | -HS- | M] () -- C:\WINDOWS\System32\zomiduvi.exe
[2009/04/21 10:03:48 | 00,000,273 | -HS- | M] () -- C:\WINDOWS\System32\pibahoju.dll
[2009/04/21 10:03:48 | 00,000,248 | -HS- | M] () -- C:\WINDOWS\System32\rerurepo.dll
[2009/04/20 10:24:58 | 01,409,806 | -HS- | M] () -- C:\WINDOWS\System32\akobajuv.ini
[2009/04/20 10:03:30 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\pavevoni.dll
[2009/04/19 22:03:33 | 01,409,806 | -HS- | M] () -- C:\WINDOWS\System32\ebemijig.ini
[2009/04/19 22:03:24 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\hatebomi.dll
[2009/04/19 10:24:39 | 01,409,806 | -HS- | M] () -- C:\WINDOWS\System32\ewajozek.ini
[2009/04/19 10:03:19 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\kalebuji.dll
[2009/04/18 22:24:25 | 01,409,806 | -HS- | M] () -- C:\WINDOWS\System32\uvepulop.ini
[2009/04/18 22:03:15 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\pejagamu.dll
[2009/04/18 10:24:31 | 01,409,806 | -HS- | M] () -- C:\WINDOWS\System32\uguhiwuv.ini
[2009/04/18 10:03:12 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\rahogihi.dll
[2009/04/17 22:25:16 | 01,409,793 | -HS- | M] () -- C:\WINDOWS\System32\evelonon.ini
[2009/04/17 22:03:06 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\bonojaji.dll
[2009/04/17 10:13:56 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 10:13:56 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 10:13:56 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 10:13:19 | 00,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/17 10:05:06 | 00,000,174 | ---- | M] () -- C:\WINDOWS\AvDetected.ini
[2009/04/17 09:53:57 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/17 09:53:04 | 00,000,111 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/17 09:23:20 | 00,023,722 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_04_17_09_23_19.dmp
[2009/04/16 22:23:30 | 01,409,808 | -HS- | M] () -- C:\WINDOWS\System32\oyivujet.ini
[2009/04/16 13:20:54 | 01,409,817 | -HS- | M] () -- C:\WINDOWS\System32\owuralam.ini
[2009/04/16 10:02:02 | 00,108,544 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\hazikubu.dll
[2009/04/16 09:11:06 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 09:03:06 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\AACoins ORDERFORM.doc
[2009/04/15 08:49:51 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\order confirmed.doc
[2009/04/10 09:46:20 | 00,275,456 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\aac sample.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 08:13:11 | 02,226,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/03/31 21:01:26 | 00,298,656 | ---- | M] () -- C:\Documents and Settings\mduncan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/31 21:01:19 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\My Sharing Folders.lnk
[2009/03/31 17:10:41 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


extras-

OTListIt Extras logfile created on: 4/24/2009 10:51:15 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\mduncan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.37% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 14.67 Gb Free Space | 21.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1382.30 Gb Total Space | 59.64 Gb Free Space | 4.31% Space Free | Partition Type: NTFS

Computer Name: STERLING704
Current User Name: mduncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw
File not found -- C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader
[2008/07/10 00:46:28 | 00,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\QBDBMgrN.exe:*:Enabled:QuickBooks Enterprise 6.0 Data Manager
[2008/11/26 01:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
[2009/04/22 10:07:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
File not found -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe:*:Enabled:MsMpEng
[2005/01/09 14:24:04 | 03,894,272 | ---- | M] (VIA Technologies, Inc) -- C:\Program Files\Audio Deck\EnMixCPL.exe:*:Enabled:EnMixCPL
[2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe:*:Enabled:ZuneLauncher
[2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe:*:Enabled:gnotify
[2008/10/13 12:25:02 | 12,310,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:WINWORD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Common Files\AOL\1139936995\ee\aolsoftware.exe:*:Enabled:AOL Services
File not found -- C:\Program Files\Common Files\AOL\1139936995\ee\aim6.exe:*:Enabled:AIM
File not found -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
File not found -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
File not found -- C:\Program Files\World of Warcraft\WoW-1.11.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw
[2008/11/26 01:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
File not found -- C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2008/07/10 00:46:28 | 00,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\QBDBMgrN.exe:*:Enabled:QuickBooks Enterprise 6.0 Data Manager
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:explorer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{01481D28-0733-46ca-A083-0985A6BBA615}" = eFax Messenger 4.1
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{879AF6A9-4D1D-4F64-A417-B65B014EC635}" = Sterling Marketing
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder 2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A1785DC-3A37-479D-BD63-8DC9F5F60DCE}" = QuickBooks Enterprise Solutions: Professional Services 9.0
"{9A1785DC-3A89-479D-BD63-8DC9F5F60DCE}" = QuickBooks
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{BB562D40-13F5-11D5-B7C5-00105A645748}" = EPSON Copy Utility
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1BAC288-83D3-4715-80E0-83457A531213}" = Live Help Messenger
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{DC161346-D25D-405D-B446-93B2BC843E8F}" = CheckDesigner
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFBC9BD3-4265-44A5-AEEE-962F49D5C78C}" = ATI Decoder
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7}" = ATI Catalyst Control Center
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F774685C-B2B7-4D6C-8407-BCFDDEAE48B8}" = Check Designer
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Ad-Aware" = Ad-Aware
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ATI Display Driver" = ATI Display Driver
"Envy24HF Setup Program" = UnInstall Envy24 Family Audio Device Driver
"EPSON Photo Print" = EPSON Photo Print
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center 9.03
"InstallShield_{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder 2.5
"InstallShield_{DFBC9BD3-4265-44A5-AEEE-962F49D5C78C}" = ATI Decoder
"InterActual Player" = InterActual Player
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Spyware Doctor" = Spyware Doctor 6.0
"ST6UNST #1" = GPO Barcode Coversheet v2.5a
"Trillian" = Trillian
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F774685C-B2B7-4D6C-8407-BCFDDEAE48B8}" = Check Designer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F774685C-B2B7-4D6C-8407-BCFDDEAE48B8}" = Check Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2009 8:28:59 AM | Computer Name = STERLING704 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
LookupPrivilegeValue. hr = 0x800706ba.

Error - 4/24/2009 9:24:30 AM | Computer Name = STERLING704 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 4/24/2009 9:40:28 AM | Computer Name = STERLING704 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3384, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2009 9:40:29 AM | Computer Name = STERLING704 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3384, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2009 9:44:13 AM | Computer Name = STERLING704 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 4/24/2009 9:45:19 AM | Computer Name = STERLING704 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 4/24/2009 9:47:46 AM | Computer Name = STERLING704 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 4/24/2009 9:59:04 AM | Computer Name = STERLING704 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 4/24/2009 10:18:12 AM | Computer Name = STERLING704 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/24/2009 10:30:08 AM | Computer Name = STERLING704 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.36.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/24/2009 10:24:26 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:26 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:27 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:27 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:27 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:28 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:28 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:29 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:29 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/24/2009 10:24:29 AM | Computer Name = STERLING704 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.


< End of report >

Edited by mrdoenutz, 24 April 2009 - 11:00 AM.


BC AdBot (Login to Remove)

 


#2 mrdoenutz

mrdoenutz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 24 April 2009 - 10:56 AM

i have run malwarebytes still seem to have the issue

Malwarebytes' Anti-Malware 1.36
Database version: 2036
Windows 5.1.2600 Service Pack 3

4/24/2009 11:36:26 AM
mbam-log-2009-04-24 (11-36-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 202914
Time elapsed: 25 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\vatebogi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmab6fa73e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vatebogi.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\vatebogi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Config.Msi\3773b9.rbf (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46F6268E-3A1D-4439-A6A5-9E4E10C2EE4B}\RP929\A0140144.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46F6268E-3A1D-4439-A6A5-9E4E10C2EE4B}\RP929\A0140147.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46F6268E-3A1D-4439-A6A5-9E4E10C2EE4B}\RP934\A0141634.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46F6268E-3A1D-4439-A6A5-9E4E10C2EE4B}\RP941\A0152105.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46F6268E-3A1D-4439-A6A5-9E4E10C2EE4B}\RP941\A0152106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46F6268E-3A1D-4439-A6A5-9E4E10C2EE4B}\RP941\A0152108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46F6268E-3A1D-4439-A6A5-9E4E10C2EE4B}\RP941\A0152109.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46F6268E-3A1D-4439-A6A5-9E4E10C2EE4B}\RP941\A0152110.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

#3 mrdoenutz

mrdoenutz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 24 April 2009 - 11:04 AM

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-24 11:56:32
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:02 AM

Posted 24 April 2009 - 04:33 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.



Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Files
    C:\WINDOWS\System32\fomamemi.dll
    C:\WINDOWS\System32\zikenige.exe
    C:\WINDOWS\System32\ababewub.ini
    C:\WINDOWS\System32\sehajiwi.exe
    C:\WINDOWS\System32\eberamil.ini
    C:\WINDOWS\System32\akobajuv.ini
    C:\WINDOWS\System32\ebemijig.ini
    C:\WINDOWS\System32\ewajozek.ini
    C:\WINDOWS\System32\uvepulop.ini
    C:\WINDOWS\System32\uguhiwuv.ini
    C:\WINDOWS\System32\evelonon.ini
    C:\WINDOWS\System32\oyivujet.ini
    C:\WINDOWS\System32\owuralam.ini
    C:\WINDOWS\System32\huruzizo.dll
    C:\WINDOWS\System32\pibahoju.dll
    C:\WINDOWS\System32\rerurepo.dll
    C:\WINDOWS\System32\pavevoni.dll
    C:\WINDOWS\System32\hatebomi.dll
    C:\WINDOWS\System32\kalebuji.dll
    C:\WINDOWS\System32\pejagamu.dll
    C:\WINDOWS\System32\rahogihi.dll
    C:\WINDOWS\System32\bonojaji.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 mrdoenutz

mrdoenutz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 27 April 2009 - 08:10 AM

Hello Sam!

Thank you for your assistance!



Please see below, i am still getting this error atm

c:\windows\system32\yarilimu.dll is not a valid windows image. please check this against your installation diskette.

This is whenever i open any program.

========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\System32\fomamemi.dll
C:\WINDOWS\System32\fomamemi.dll NOT unregistered.
C:\WINDOWS\System32\fomamemi.dll moved successfully.
C:\WINDOWS\System32\zikenige.exe moved successfully.
File/Folder C:\WINDOWS\System32\ababewub.ini not found.
C:\WINDOWS\System32\sehajiwi.exe moved successfully.
File/Folder C:\WINDOWS\System32\eberamil.ini not found.
File/Folder C:\WINDOWS\System32\akobajuv.ini not found.
File/Folder C:\WINDOWS\System32\ebemijig.ini not found.
File/Folder C:\WINDOWS\System32\ewajozek.ini not found.
File/Folder C:\WINDOWS\System32\uvepulop.ini not found.
File/Folder C:\WINDOWS\System32\uguhiwuv.ini not found.
File/Folder C:\WINDOWS\System32\evelonon.ini not found.
File/Folder C:\WINDOWS\System32\oyivujet.ini not found.
File/Folder C:\WINDOWS\System32\owuralam.ini not found.
File/Folder C:\WINDOWS\System32\huruzizo.dll not found.
LoadLibrary failed for C:\WINDOWS\System32\pibahoju.dll
C:\WINDOWS\System32\pibahoju.dll NOT unregistered.
C:\WINDOWS\System32\pibahoju.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\rerurepo.dll
C:\WINDOWS\System32\rerurepo.dll NOT unregistered.
C:\WINDOWS\System32\rerurepo.dll moved successfully.
File/Folder C:\WINDOWS\System32\pavevoni.dll not found.
File/Folder C:\WINDOWS\System32\hatebomi.dll not found.
File/Folder C:\WINDOWS\System32\kalebuji.dll not found.
File/Folder C:\WINDOWS\System32\pejagamu.dll not found.
File/Folder C:\WINDOWS\System32\rahogihi.dll not found.
File/Folder C:\WINDOWS\System32\bonojaji.dll not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Temp\etilqs_ZrCqj5myWJc2vTNkOoMa scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Temp\Perflib_Perfdata_b0c.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Temp\Perflib_Perfdata_f1c.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Temp\~DF41EE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Temp\~DF4C56.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DZIHO2AW\control[4].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04272009_085449

Files moved on Reboot...
File C:\Documents and Settings\mduncan\Local Settings\Temp\etilqs_ZrCqj5myWJc2vTNkOoMa not found!
File C:\Documents and Settings\mduncan\Local Settings\Temp\Perflib_Perfdata_b0c.dat not found!
File C:\Documents and Settings\mduncan\Local Settings\Temp\Perflib_Perfdata_f1c.dat not found!
File C:\Documents and Settings\mduncan\Local Settings\Temp\~DF41EE.tmp not found!
File C:\Documents and Settings\mduncan\Local Settings\Temp\~DF4C56.tmp not found!
File C:\Documents and Settings\mduncan\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DZIHO2AW\control[4].htm moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat not found!
C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\mduncan\Local Settings\Application Data\Mozilla\Firefox\Profiles\16k7e59g.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Edited by mrdoenutz, 27 April 2009 - 08:13 AM.


#6 mrdoenutz

mrdoenutz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 27 April 2009 - 08:13 AM

here is a new log...

OTListIt logfile created on: 4/27/2009 9:05:29 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\mduncan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 63.91% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 14.54 Gb Free Space | 21.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1382.30 Gb Total Space | 58.93 Gb Free Space | 4.26% Space Free | Partition Type: NTFS

Computer Name: STERLING704
Current User Name: mduncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/04/24 10:18:41 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/01/05 17:09:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\Ati2evxx.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2005/02/01 23:23:08 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/01/09 14:24:04 | 03,894,272 | ---- | M] (VIA Technologies, Inc) -- C:\Program Files\Audio Deck\EnMixCPL.exe
PRC - [2009/01/05 17:09:11 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/06/29 14:17:32 | 00,319,488 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2002/12/16 16:51:24 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/04/24 10:18:42 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2007/06/07 09:52:14 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/02/01 23:23:08 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2009/03/12 02:44:02 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/02/09 16:55:38 | 00,300,328 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
PRC - [2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/04/22 10:07:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/24 10:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/11/20 12:21:57 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2003/10/13 17:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/02/01 22:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/21 09:49:51 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/05 17:09:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/24 10:18:41 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/05/11 18:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 08:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - File not found -- -- (x10nets [On_Demand | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/01/23 10:52:31 | 00,258,044 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II [On_Demand | Running])
DRV - [2005/02/01 22:39:18 | 00,970,240 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/01/11 18:14:16 | 00,580,736 | R--- | M] (VIA - IC Ensemble, Inc.) -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS [On_Demand | Running])
DRV - [2009/04/24 10:18:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/01/19 12:45:30 | 00,088,960 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2005/01/12 20:45:44 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/01/12 20:45:46 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\S-1-5-21-1245976592-2188668053-4287571042-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\S-1-5-21-1245976592-2188668053-4287571042-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 09:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 10:07:58 | 00,000,000 | ---D | M]

[2008/09/02 10:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Extensions
[2008/09/02 10:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/01/03 11:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Firefox\Profiles\16k7e59g.default\extensions
[2009/04/24 12:12:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 10:07:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/28 15:29:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/03 08:47:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/28 08:59:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/01/05 17:09:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/22 10:07:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 10:07:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/17 11:57:42 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/17 11:57:42 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/17 11:57:42 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 11:57:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/17 11:57:42 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/17 11:57:42 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 (VIA Technologies, Inc)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray (Napster)
O4 - HKLM..\Run: [QuickBooksDB] C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\QBDBMgrN.exe -n QB_STERLING704_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 512M -c 256M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y (Intuit, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKU\S-1-5-18..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
O4 - Startup: C:\Documents and Settings\mduncan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1200318009460 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Sterling.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\yarilimu.dll) - c:\windows\system32\yarilimu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\vuvihafo.dll) - c:\windows\system32\vuvihafo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\SYSTEM32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 14:19:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eef305b9-5d19-11db-9d32-00301bb9b10c}\Shell\AutoRun\command - "" = G:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{eef305b9-5d19-11db-9d32-00301bb9b10c}\Shell\RoboForm2Go\command - "" = G:\PortableRoboForm.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/27 08:54:49 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/27 08:52:04 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/27 08:51:49 | 00,251,392 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\hijackthis_sfx.exe
[2009/04/27 08:48:07 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 hump.xls
[2009/04/27 08:47:42 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 khang.xls
[2009/04/27 08:45:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\My Documents\contractors
[2009/04/24 18:03:45 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/04/24 17:56:42 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Spybot - Search & Destroy.lnk
[2009/04/24 17:56:36 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/24 17:56:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/24 17:55:06 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\mduncan\Desktop\spybotsd162.exe
[2009/04/24 11:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/24 10:50:56 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe
[2009/04/24 10:28:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/24 10:19:07 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/24 10:18:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/24 10:18:03 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/24 10:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/24 10:14:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\Malwarebytes
[2009/04/24 10:14:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/24 10:14:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/24 10:14:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/24 10:14:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/24 10:14:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/24 09:24:38 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\YARILIMU.DLL
[2009/04/24 09:19:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/04/24 09:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/24 08:47:47 | 00,006,395 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\History.qbo
[2009/04/24 08:46:58 | 00,079,360 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Q31SHIPPING2009APRIL24.xls
[2009/04/22 16:52:58 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\tradingpins.doc
[2009/04/21 16:47:34 | 00,297,311 | ---- | C] () -- C:\Documents and Settings\mduncan\My Documents\W9 4-21-09.pdf
[2009/04/21 14:57:11 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 Tudy.xls
[2009/04/21 10:29:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/04/21 10:29:47 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/04/21 10:29:47 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/04/21 10:29:36 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/04/21 10:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\PC Tools
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/04/17 10:15:24 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/04/17 10:05:06 | 00,000,174 | ---- | C] () -- C:\WINDOWS\AvDetected.ini
[2009/04/17 09:57:13 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/17 09:51:07 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/04/17 09:51:07 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/04/17 09:51:07 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2009/04/17 09:51:06 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/04/17 09:51:05 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/04/17 09:23:19 | 00,023,722 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_04_17_09_23_19.dmp
[2009/04/16 13:30:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/16 13:29:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/16 08:45:45 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 08:45:44 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 08:45:44 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 08:45:44 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 08:45:43 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 08:45:43 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 08:45:42 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 08:45:42 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 08:45:42 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 08:45:29 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 08:45:29 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 08:45:29 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/03/31 21:00:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/03/31 21:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/03/31 20:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/31 17:48:56 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/31 17:34:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/31 17:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/03/31 17:34:34 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/31 17:34:18 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/31 17:34:18 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/31 17:34:18 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/31 17:34:18 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/31 17:34:18 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/31 17:34:18 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/31 17:34:18 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/31 17:34:17 | 00,000,000 | ---D | C] -- C:\58682b55f93916c302
[2009/03/31 17:19:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/31 17:18:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/31 17:11:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/03/31 17:09:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/03/31 13:54:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\Inspyder InSite
[2009/01/05 16:56:48 | 00,000,111 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2007/09/11 15:41:38 | 00,000,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/09 15:49:09 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/04/05 10:44:12 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\92EAEB348E.sys
[2007/04/05 10:39:28 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/26 21:21:13 | 00,000,036 | ---- | C] () -- C:\WINDOWS\ezmacros.INI
[2007/02/26 21:21:01 | 00,000,520 | ---- | C] () -- C:\WINDOWS\unezmac.ini
[2006/11/17 11:34:40 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/10/24 12:56:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/09/18 15:37:50 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 00,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/08/09 17:50:51 | 00,018,400 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2006/08/09 16:21:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/08 18:32:46 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/14 13:07:48 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/13 15:37:19 | 00,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2006/02/13 15:37:19 | 00,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2006/02/13 15:37:10 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\UnEnvyNT.dll
[2004/08/06 10:00:00 | 00,006,555 | ---- | C] () -- C:\WINDOWS\System32\grpconv.dll
[2004/08/04 08:00:00 | 00,000,681 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/28 12:42:06 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 09:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/01/04 13:25:00 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/27 08:59:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/27 08:58:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/27 08:58:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/27 08:51:50 | 00,251,392 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\hijackthis_sfx.exe
[2009/04/27 08:50:40 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 hump.xls
[2009/04/27 08:50:06 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 khang.xls
[2009/04/27 08:47:36 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 Tudy.xls
[2009/04/27 08:43:42 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\order confirmed.doc
[2009/04/24 18:22:29 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Trillian.lnk
[2009/04/24 17:56:42 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Spybot - Search & Destroy.lnk
[2009/04/24 17:55:20 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\mduncan\Desktop\spybotsd162.exe
[2009/04/24 15:30:11 | 00,002,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sterling Marketing.lnk
[2009/04/24 10:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe
[2009/04/24 10:41:23 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vazedupe
[2009/04/24 10:19:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/24 10:18:56 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/24 10:18:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/24 10:18:03 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/24 10:14:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/24 09:24:40 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\YARILIMU.DLL
[2009/04/24 08:47:47 | 00,006,395 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\History.qbo
[2009/04/24 08:46:58 | 00,079,360 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Q31SHIPPING2009APRIL24.xls
[2009/04/23 16:06:04 | 00,047,616 | -HS- | M] () -- C:\WINDOWS\System32\nawiyumi.exe
[2009/04/23 14:51:10 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/04/23 13:27:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/23 04:05:43 | 00,047,616 | -HS- | M] () -- C:\WINDOWS\System32\hatizila.exe
[2009/04/22 18:13:11 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\tradingpins.doc
[2009/04/22 18:11:01 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Microsoft Office Outlook 2003.lnk
[2009/04/22 16:05:23 | 00,046,592 | -HS- | M] () -- C:\WINDOWS\System32\sihivubo.exe
[2009/04/21 16:47:50 | 00,297,311 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\W9 4-21-09.pdf
[2009/04/21 15:03:58 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\revision response.doc
[2009/04/21 10:03:50 | 00,046,592 | -HS- | M] () -- C:\WINDOWS\System32\zomiduvi.exe
[2009/04/17 10:13:56 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 10:13:56 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 10:13:56 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 10:13:19 | 00,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/17 10:05:06 | 00,000,174 | ---- | M] () -- C:\WINDOWS\AvDetected.ini
[2009/04/17 09:53:57 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/17 09:53:04 | 00,000,111 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/17 09:23:20 | 00,023,722 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_04_17_09_23_19.dmp
[2009/04/16 10:02:02 | 00,108,544 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\hazikubu.dll
[2009/04/16 09:11:06 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 09:03:06 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\AACoins ORDERFORM.doc
[2009/04/10 09:46:20 | 00,275,456 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\aac sample.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 08:13:11 | 02,226,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/03/31 21:01:26 | 00,298,656 | ---- | M] () -- C:\Documents and Settings\mduncan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/31 21:01:19 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\My Sharing Folders.lnk
[2009/03/31 17:10:41 | 00,250,048 | RHS- | M] () -- C:\ntldr

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:02 AM

Posted 27 April 2009 - 05:22 PM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

====================



Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - AppInit_DLLs: (c:\windows\system32\yarilimu.dll) - c:\windows\system32\yarilimu.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\vuvihafo.dll) - c:\windows\system32\vuvihafo.dll File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O4 - HKU\.DEFAULT..\Run: [] File not found
    O4 - HKU\S-1-5-18..\Run: [] File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
    
    :Files
    C:\WINDOWS\System32\hazikubu.dll
    C:\WINDOWS\System32\zomiduvi.exe
    C:\WINDOWS\System32\sihivubo.exe
    C:\WINDOWS\System32\hatizila.exe
    C:\WINDOWS\System32\nawiyumi.exe
    C:\WINDOWS\System32\vazedupe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

===================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 mrdoenutz

mrdoenutz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 28 April 2009 - 07:50 AM

Ok, going good so far. I do not get the windows bad image anymore however i am getting this once windows load:

error loading c:\windows\system32\hazikubu.dll , the specified module could not be found.


otl report:

OTListIt logfile created on: 4/27/2009 7:02:04 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\mduncan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.26% Memory free
3.85 Gb Paging File | 2.83 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 14.40 Gb Free Space | 20.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1382.30 Gb Total Space | 55.28 Gb Free Space | 4.00% Space Free | Partition Type: NTFS

Computer Name: STERLING704
Current User Name: mduncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/04/24 10:18:41 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/04/27 18:45:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\Ati2evxx.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2005/02/01 23:23:08 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/01/09 14:24:04 | 03,894,272 | ---- | M] (VIA Technologies, Inc) -- C:\Program Files\Audio Deck\EnMixCPL.exe
PRC - [2006/06/29 14:17:32 | 00,319,488 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2002/12/16 16:51:24 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/04/24 10:18:42 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/04/27 18:45:44 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/06/07 09:52:14 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
PRC - [2005/02/01 23:23:08 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2009/03/12 02:44:02 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/02/09 16:55:38 | 00,300,328 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/04/22 10:07:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/27 18:45:44 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/04/27 18:56:24 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\mduncan\Local Settings\Temp\jkos-mduncan\binaries\ScanningProcess.exe
PRC - [2009/04/24 10:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/11/20 12:21:57 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2003/10/13 17:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/02/01 22:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/21 09:49:51 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/27 18:45:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/24 10:18:41 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/05/11 18:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 08:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - File not found -- -- (x10nets [On_Demand | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/01/23 10:52:31 | 00,258,044 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II [On_Demand | Running])
DRV - [2005/02/01 22:39:18 | 00,970,240 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/01/11 18:14:16 | 00,580,736 | R--- | M] (VIA - IC Ensemble, Inc.) -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS [On_Demand | Running])
DRV - [2009/04/24 10:18:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/01/19 12:45:30 | 00,088,960 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2005/01/12 20:45:44 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/01/12 20:45:46 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\S-1-5-21-1245976592-2188668053-4287571042-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\S-1-5-21-1245976592-2188668053-4287571042-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/27 18:45:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 09:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 10:07:58 | 00,000,000 | ---D | M]

[2008/09/02 10:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Extensions
[2008/09/02 10:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/01/03 11:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Firefox\Profiles\16k7e59g.default\extensions
[2009/04/27 18:53:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 10:07:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/28 15:29:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/03 08:47:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/28 08:59:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/27 18:45:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/22 10:07:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 10:07:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/17 11:57:42 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/17 11:57:42 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/17 11:57:42 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 11:57:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/17 11:57:42 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/17 11:57:42 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CPMab6fa73e] Rundll32.exe "C:\WINDOWS\System32\hazikubu.dll",a File not found
O4 - HKLM..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 (VIA Technologies, Inc)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray (Napster)
O4 - HKLM..\Run: [QuickBooksDB] C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\QBDBMgrN.exe -n QB_STERLING704_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 512M -c 256M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y (Intuit, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKU\S-1-5-18..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
O4 - Startup: C:\Documents and Settings\mduncan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1200318009460 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Sterling.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\SYSTEM32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hazikubu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\hazikubu.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 14:19:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eef305b9-5d19-11db-9d32-00301bb9b10c}\Shell\AutoRun\command - "" = G:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{eef305b9-5d19-11db-9d32-00301bb9b10c}\Shell\RoboForm2Go\command - "" = G:\PortableRoboForm.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/27 18:45:42 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/04/27 18:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Desktop\New Folder
[2009/04/27 12:22:19 | 00,082,432 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Q31SHIPPING2009APRIL25.xls
[2009/04/27 11:57:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Local Settings\Application Data\stardevelop.com
[2009/04/27 08:54:49 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/27 08:52:04 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/27 08:48:07 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 hump.xls
[2009/04/27 08:47:42 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 khang.xls
[2009/04/27 08:45:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\My Documents\contractors
[2009/04/24 18:03:45 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/04/24 17:56:42 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Spybot - Search & Destroy.lnk
[2009/04/24 17:56:36 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/24 17:56:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/24 17:55:06 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\mduncan\Desktop\spybotsd162.exe
[2009/04/24 11:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/24 10:50:56 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe
[2009/04/24 10:28:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/24 10:19:07 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/24 10:18:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/24 10:18:03 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/24 10:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/24 10:14:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\Malwarebytes
[2009/04/24 10:14:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/24 10:14:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/24 10:14:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/24 10:14:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/24 10:14:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/24 09:19:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/04/24 09:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/22 16:52:58 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\tradingpins.doc
[2009/04/21 16:47:34 | 00,297,311 | ---- | C] () -- C:\Documents and Settings\mduncan\My Documents\W9 4-21-09.pdf
[2009/04/21 14:57:11 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 Tudy.xls
[2009/04/21 10:29:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/04/21 10:29:47 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/04/21 10:29:47 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/04/21 10:29:36 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/04/21 10:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\PC Tools
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/04/17 10:15:24 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/04/17 10:05:06 | 00,000,174 | ---- | C] () -- C:\WINDOWS\AvDetected.ini
[2009/04/17 09:57:13 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/17 09:51:07 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/04/17 09:51:07 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/04/17 09:51:07 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2009/04/17 09:51:06 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/04/17 09:51:05 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/04/17 09:23:19 | 00,023,722 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_04_17_09_23_19.dmp
[2009/04/16 13:30:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/16 13:29:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/16 08:45:45 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 08:45:44 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 08:45:44 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 08:45:44 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 08:45:43 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 08:45:43 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 08:45:42 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 08:45:42 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 08:45:42 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 08:45:29 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 08:45:29 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 08:45:29 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/03/31 21:00:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/03/31 21:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/03/31 20:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/31 17:48:56 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/31 17:34:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/31 17:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/03/31 17:34:34 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/31 17:34:18 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/31 17:34:18 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/31 17:34:18 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/31 17:34:18 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/31 17:34:18 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/31 17:34:18 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/31 17:34:18 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/31 17:34:17 | 00,000,000 | ---D | C] -- C:\58682b55f93916c302
[2009/03/31 17:19:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/31 17:18:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/31 17:11:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/03/31 17:09:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/03/31 13:54:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\Inspyder InSite
[2009/01/05 16:56:48 | 00,000,111 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2007/09/11 15:41:38 | 00,000,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/09 15:49:09 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/04/05 10:44:12 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\92EAEB348E.sys
[2007/04/05 10:39:28 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/26 21:21:13 | 00,000,036 | ---- | C] () -- C:\WINDOWS\ezmacros.INI
[2007/02/26 21:21:01 | 00,000,520 | ---- | C] () -- C:\WINDOWS\unezmac.ini
[2006/11/17 11:34:40 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/10/24 12:56:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/09/18 15:37:50 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 00,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/08/09 17:50:51 | 00,018,400 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2006/08/09 16:21:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/08 18:32:46 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/14 13:07:48 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/13 15:37:19 | 00,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2006/02/13 15:37:19 | 00,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2006/02/13 15:37:10 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\UnEnvyNT.dll
[2004/08/06 10:00:00 | 00,006,555 | ---- | C] () -- C:\WINDOWS\System32\grpconv.dll
[2004/08/04 08:00:00 | 00,000,681 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/28 12:42:06 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 09:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/01/04 13:25:00 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/27 18:53:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/27 18:52:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/27 18:52:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/27 17:55:28 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 hump.xls
[2009/04/27 17:27:22 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Trillian.lnk
[2009/04/27 16:54:55 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 khang.xls
[2009/04/27 12:22:19 | 00,082,432 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Q31SHIPPING2009APRIL25.xls
[2009/04/27 10:36:43 | 00,002,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sterling Marketing.lnk
[2009/04/27 10:18:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/27 08:47:36 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 Tudy.xls
[2009/04/27 08:43:42 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\order confirmed.doc
[2009/04/24 17:56:42 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Spybot - Search & Destroy.lnk
[2009/04/24 17:55:20 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\mduncan\Desktop\spybotsd162.exe
[2009/04/24 10:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe
[2009/04/24 10:18:56 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/24 10:18:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/24 10:18:03 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/24 10:14:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 14:51:10 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/04/23 13:27:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/22 18:13:11 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\tradingpins.doc
[2009/04/22 18:11:01 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Microsoft Office Outlook 2003.lnk
[2009/04/21 16:47:50 | 00,297,311 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\W9 4-21-09.pdf
[2009/04/21 15:03:58 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\revision response.doc
[2009/04/17 10:13:56 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 10:13:56 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 10:13:56 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 10:13:19 | 00,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/17 10:05:06 | 00,000,174 | ---- | M] () -- C:\WINDOWS\AvDetected.ini
[2009/04/17 09:53:57 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/17 09:53:04 | 00,000,111 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/17 09:23:20 | 00,023,722 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_04_17_09_23_19.dmp
[2009/04/16 09:11:06 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 09:03:06 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\AACoins ORDERFORM.doc
[2009/04/10 09:46:20 | 00,275,456 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\aac sample.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 08:13:11 | 02,226,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/03/31 21:01:26 | 00,298,656 | ---- | M] () -- C:\Documents and Settings\mduncan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/31 21:01:19 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\My Sharing Folders.lnk
[2009/03/31 17:10:41 | 00,250,048 | RHS- | M] () -- C:\ntldr

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



scan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 28, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, April 28, 2009 00:10:16
Records in database: 2084595
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 76787
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:17:29

No malware has been detected. The scan area is clean.

The selected area was scanned.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:02 AM

Posted 28 April 2009 - 04:36 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O4 - HKLM..\Run: [CPMab6fa73e] Rundll32.exe "C:\WINDOWS\System32\hazikubu.dll",a File not found
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

Let me know if get any error on boot up this time.

How is your computer behaving? Any issues?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 mrdoenutz

mrdoenutz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 28 April 2009 - 04:51 PM

no issues on boot up....and the computer seems to be running as it did before. I just made a donation, let me know if you have received it. new otl2 log below:

OTListIt logfile created on: 4/28/2009 5:39:49 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\mduncan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.70% Memory free
3.85 Gb Paging File | 3.10 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 14.31 Gb Free Space | 20.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1382.30 Gb Total Space | 54.39 Gb Free Space | 3.93% Space Free | Partition Type: NTFS

Computer Name: STERLING704
Current User Name: mduncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/04/24 10:18:41 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/04/27 18:45:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\Ati2evxx.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/02/01 23:23:08 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/01/09 14:24:04 | 03,894,272 | ---- | M] (VIA Technologies, Inc) -- C:\Program Files\Audio Deck\EnMixCPL.exe
PRC - [2006/06/29 14:17:32 | 00,319,488 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2002/12/16 16:51:24 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/04/24 10:18:42 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/04/27 18:45:44 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/06/07 09:52:14 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
PRC - [2005/02/01 23:23:08 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2009/03/12 02:44:02 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/02/09 16:55:38 | 00,300,328 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/04/24 10:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/11/20 12:21:57 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2003/10/13 17:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/02/01 22:36:54 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/02/01 22:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/21 09:49:51 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/27 18:45:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/24 10:18:41 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/05/11 18:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 08:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - File not found -- -- (x10nets [On_Demand | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/01/23 10:52:31 | 00,258,044 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II [On_Demand | Running])
DRV - [2005/02/01 22:39:18 | 00,970,240 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/01/11 18:14:16 | 00,580,736 | R--- | M] (VIA - IC Ensemble, Inc.) -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS [On_Demand | Running])
DRV - [2009/04/24 10:18:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/01/19 12:45:30 | 00,088,960 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2005/01/12 20:45:44 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/01/12 20:45:46 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\S-1-5-21-1245976592-2188668053-4287571042-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\S-1-5-21-1245976592-2188668053-4287571042-1139\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/27 18:45:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 17:03:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 17:03:52 | 00,000,000 | ---D | M]

[2008/09/02 10:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Extensions
[2008/09/02 10:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/01/03 11:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mduncan\Application Data\mozilla\Firefox\Profiles\16k7e59g.default\extensions
[2009/04/28 11:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 17:03:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/28 15:29:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/03 08:47:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/28 08:59:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/27 18:45:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 17:03:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 17:03:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/17 11:57:42 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/17 11:57:42 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/17 11:57:42 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 11:57:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/17 11:57:42 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/17 11:57:42 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 (VIA Technologies, Inc)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray (Napster)
O4 - HKLM..\Run: [QuickBooksDB] C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\QBDBMgrN.exe -n QB_STERLING704_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 512M -c 256M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y (Intuit, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKU\S-1-5-18..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
O4 - Startup: C:\Documents and Settings\mduncan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1245976592-2188668053-4287571042-1139\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1200318009460 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Sterling.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 6.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\SYSTEM32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hazikubu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\hazikubu.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 14:19:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eef305b9-5d19-11db-9d32-00301bb9b10c}\Shell\AutoRun\command - "" = G:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{eef305b9-5d19-11db-9d32-00301bb9b10c}\Shell\RoboForm2Go\command - "" = G:\PortableRoboForm.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/27 19:22:40 | 00,369,264 | ---- | C] () -- C:\Documents and Settings\mduncan\My Documents\DPE 2009 WD3 Price Package.pdf
[2009/04/27 18:45:42 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/04/27 12:22:19 | 00,082,432 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Q31SHIPPING2009APRIL25.xls
[2009/04/27 11:57:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Local Settings\Application Data\stardevelop.com
[2009/04/27 08:54:49 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/27 08:52:04 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/27 08:48:07 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 hump.xls
[2009/04/27 08:47:42 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 khang.xls
[2009/04/27 08:45:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\My Documents\contractors
[2009/04/24 18:03:45 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/04/24 17:56:36 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/24 17:56:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/24 11:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/24 10:50:56 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe
[2009/04/24 10:28:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/24 10:19:07 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/24 10:18:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/24 10:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/24 10:14:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\Malwarebytes
[2009/04/24 10:14:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/24 10:14:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/24 10:14:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/24 10:14:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/24 09:19:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/04/24 09:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/22 16:52:58 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\tradingpins.doc
[2009/04/21 16:47:34 | 00,297,311 | ---- | C] () -- C:\Documents and Settings\mduncan\My Documents\W9 4-21-09.pdf
[2009/04/21 14:57:11 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 Tudy.xls
[2009/04/21 10:29:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/04/21 10:29:47 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/04/21 10:29:47 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/04/21 10:29:36 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/04/21 10:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\PC Tools
[2009/04/21 10:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/04/17 10:15:24 | 00,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/04/17 10:05:06 | 00,000,174 | ---- | C] () -- C:\WINDOWS\AvDetected.ini
[2009/04/17 09:57:13 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/17 09:51:07 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/04/17 09:51:07 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/04/17 09:51:07 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2009/04/17 09:51:06 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/04/17 09:51:05 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/04/17 09:23:19 | 00,023,722 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_04_17_09_23_19.dmp
[2009/04/16 13:30:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/16 13:29:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/16 08:45:45 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 08:45:44 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 08:45:44 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 08:45:44 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 08:45:43 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 08:45:43 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 08:45:42 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 08:45:42 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 08:45:42 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 08:45:29 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 08:45:29 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 08:45:29 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/03/31 21:00:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/03/31 21:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/03/31 20:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/31 17:48:56 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/31 17:34:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/31 17:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/03/31 17:34:34 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/31 17:34:18 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/31 17:34:18 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/31 17:34:18 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/31 17:34:18 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/31 17:34:18 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/31 17:34:18 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/31 17:34:18 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/31 17:34:17 | 00,000,000 | ---D | C] -- C:\58682b55f93916c302
[2009/03/31 17:19:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/31 17:18:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/31 17:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/31 17:11:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/03/31 17:09:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/03/31 13:54:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mduncan\Application Data\Inspyder InSite
[2009/01/05 16:56:48 | 00,000,111 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2007/09/11 15:41:38 | 00,000,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/09 15:49:09 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/04/05 10:44:12 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\92EAEB348E.sys
[2007/04/05 10:39:28 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/26 21:21:13 | 00,000,036 | ---- | C] () -- C:\WINDOWS\ezmacros.INI
[2007/02/26 21:21:01 | 00,000,520 | ---- | C] () -- C:\WINDOWS\unezmac.ini
[2006/11/17 11:34:40 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/10/24 12:56:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/09/18 15:37:50 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 00,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/08/09 17:50:51 | 00,018,400 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2006/08/09 16:21:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/08 18:32:46 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/14 13:07:48 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/13 15:37:19 | 00,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2006/02/13 15:37:19 | 00,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2006/02/13 15:37:10 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\UnEnvyNT.dll
[2004/08/06 10:00:00 | 00,006,555 | ---- | C] () -- C:\WINDOWS\System32\grpconv.dll
[2004/08/04 08:00:00 | 00,000,681 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/28 12:42:06 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 09:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/01/04 13:25:00 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/28 17:39:16 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/28 17:38:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/28 17:38:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/28 16:55:34 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\order confirmed.doc
[2009/04/28 14:35:27 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Trillian.lnk
[2009/04/28 13:32:04 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 hump.xls
[2009/04/28 13:01:37 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 khang.xls
[2009/04/28 09:04:31 | 00,002,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sterling Marketing.lnk
[2009/04/27 19:22:43 | 00,369,264 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\DPE 2009 WD3 Price Package.pdf
[2009/04/27 12:22:19 | 00,082,432 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Q31SHIPPING2009APRIL25.xls
[2009/04/27 10:18:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/27 08:47:36 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Weekly time sheet with breaks 4-27 to 5-1 Tudy.xls
[2009/04/24 10:50:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mduncan\Desktop\OTListIt2.exe
[2009/04/24 10:18:56 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/24 10:18:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/23 14:51:10 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/04/23 13:27:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/22 18:13:11 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\tradingpins.doc
[2009/04/22 18:11:01 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\Microsoft Office Outlook 2003.lnk
[2009/04/21 16:47:50 | 00,297,311 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\W9 4-21-09.pdf
[2009/04/21 15:03:58 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\revision response.doc
[2009/04/17 10:13:56 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 10:13:56 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 10:13:56 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/17 10:13:19 | 00,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/17 10:05:06 | 00,000,174 | ---- | M] () -- C:\WINDOWS\AvDetected.ini
[2009/04/17 09:53:57 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/17 09:53:04 | 00,000,111 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/17 09:23:20 | 00,023,722 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_04_17_09_23_19.dmp
[2009/04/16 09:11:06 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 09:03:06 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\mduncan\Desktop\AACoins ORDERFORM.doc
[2009/04/10 09:46:20 | 00,275,456 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\aac sample.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 08:13:11 | 02,226,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/03/31 21:01:26 | 00,298,656 | ---- | M] () -- C:\Documents and Settings\mduncan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/31 21:01:19 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\mduncan\My Documents\My Sharing Folders.lnk
[2009/03/31 17:10:41 | 00,250,048 | RHS- | M] () -- C:\ntldr

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:02 AM

Posted 28 April 2009 - 05:10 PM

Indeed I did! Thank you very much! :)

Just a few last things and you should be good to go.



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

=================


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.


=================


Run OTListIt and click on the CleanUp button.
Reboot when it asks you to.


=================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 mrdoenutz

mrdoenutz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 28 April 2009 - 05:13 PM

spyware doctor just did a sheduled scan and it said

4/28/2009 6:00:39 PM:223
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}, Compatibility Flags
4/28/2009 6:00:39 PM:223
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}, Pst
4/28/2009 6:00:39 PM:223
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}
4/28/2009 6:00:39 PM:223
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}, Compatibility Flags
4/28/2009 6:00:39 PM:223
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}, Pst
4/28/2009 6:00:39 PM:223
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}
4/28/2009 6:00:39 PM:239
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}, Compatibility Flags
4/28/2009 6:00:39 PM:239
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}, Pst
4/28/2009 6:00:39 PM:239
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}
4/28/2009 6:00:39 PM:239
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}, Compatibility Flags
4/28/2009 6:00:39 PM:239
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}, Pst
4/28/2009 6:00:39 PM:239
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}
4/28/2009 6:01:00 PM:777
Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32, (Default)
4/28/2009 6:01:00 PM:777
Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32, ThreadingModel
4/28/2009 6:01:00 PM:777
Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
4/28/2009 6:01:00 PM:777
Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
4/28/2009 6:01:00 PM:886
Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
4/28/2009 6:01:01 PM:480
Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, SSODL
4/28/2009 6:02:48 PM:870
Infection was detected on this computer
Threat Name - Trojan.Adclicker
Type - Modified Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll
4/28/2009 6:02:48 PM:901
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 280173
Threats Detected - 2
Infections Detected - 19
Infections Ignored - 0
4/28/2009 6:03:16 PM:866
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Modified Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll
4/28/2009 6:03:16 PM:866
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}
4/28/2009 6:03:16 PM:882
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}, Pst
4/28/2009 6:03:16 PM:882
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}, Compatibility Flags
4/28/2009 6:03:16 PM:882
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}
4/28/2009 6:03:16 PM:897
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}, Pst
4/28/2009 6:03:16 PM:897
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}, Compatibility Flags
4/28/2009 6:03:16 PM:897
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}
4/28/2009 6:03:16 PM:897
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}, Pst
4/28/2009 6:03:16 PM:913
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}, Compatibility Flags
4/28/2009 6:03:16 PM:913
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}
4/28/2009 6:03:16 PM:913
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}, Pst
4/28/2009 6:03:16 PM:913
Infection quarantined
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}, Compatibility Flags
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Modified Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}, Pst
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF4552-94F1-42BD-F434-3604812C856D}, Compatibility Flags
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}, Pst
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}, Compatibility Flags
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}, Pst
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54485651-524A-4245-5846-2D514F312230}, Compatibility Flags
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}, Pst
4/28/2009 6:03:16 PM:944
Infection cleaned
Threat Name - Trojan.Adclicker
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}, Compatibility Flags
4/28/2009 6:03:16 PM:960
Infection quarantined
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, SSODL
4/28/2009 6:03:16 PM:975
Infection quarantined
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
4/28/2009 6:03:16 PM:975
Infection quarantined
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
4/28/2009 6:03:16 PM:975
Infection quarantined
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
4/28/2009 6:03:16 PM:991
Infection quarantined
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32, ThreadingModel
4/28/2009 6:03:16 PM:991
Infection quarantined
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32, (Default)
4/28/2009 6:03:17 PM:6
Infection cleaned
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, SSODL
4/28/2009 6:03:17 PM:6
Infection cleaned
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
4/28/2009 6:03:17 PM:6
Infection cleaned
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
4/28/2009 6:03:17 PM:6
Infection cleaned
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
4/28/2009 6:03:17 PM:6
Infection cleaned
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32, ThreadingModel
4/28/2009 6:03:17 PM:6
Infection cleaned
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32, (Default)
4/28/2009 6:03:19 PM:53
Infections Quarantined/Removed Summary
Quarantined - 19
Quarantine Failed - 0
Removed - 19
Remove Failed - 0

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:02 AM

Posted 28 April 2009 - 05:18 PM

Looks like everything is in the registry and I'm not seeing any files. It's not uncommon to have remnants. Just a matter of having the right program (like Spyware Doctor) to clean them up.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:02 AM

Posted 14 May 2009 - 11:15 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users