Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Spyware Protect 2009 alert


  • This topic is locked This topic is locked
23 replies to this topic

#1 jqdd

jqdd

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 01 May 2009 - 12:17 AM

Please help, my computer is infected.


DDS (Ver_09-03-16.01) - NTFSx86
Run by U_C at 22:13:07.01 on Fri 05/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2579 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NETWORKSCAN\DNSCST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\OBroker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\U_C\Desktop\scan.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {fc7bfae2-c34a-4321-aa42-31760b97964b} - c:\windows\system32\waduzaga.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic 6\SMSystemAnalyzer.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [system tool] c:\windows\sysguard.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunKistEM] c:\program files\emachines bay reader\shwiconem.exe
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [wigegabiwi] Rundll32.exe "c:\windows\system32\pewafahu.dll",s
mRun: [d41a9194] rundll32.exe "c:\windows\system32\rokeyuki.dll",b
mRun: [CPMd729a208] Rundll32.exe "c:\windows\system32\jabohino.dll",a
mRun: [DellNSCST] "c:\program files\dell\dell laser mfp 1600n\networkscan\DNSCST.EXE" /HIDEUI
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
StartupFolder: c:\docume~1\u_c\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - c:\program files\clickclean\ClickClean.exe
IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
AppInit_DLLs: c:\windows\system32\miposaho.dll c:\windows\system32\jabohino.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jabohino.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jabohino.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = cli c:\windows\system32\miposaho.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-5 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-5 27656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-6 298264]
S1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2008-11-19 20504]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-11-13 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-11-13 73856]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-3-4 61529]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-04-30 16:42 292,368 a------- c:\windows\sysguard.exe
2009-04-29 14:38 <DIR> --d----- c:\program files\common files\SWF Studio
2009-04-29 14:36 <DIR> --d----- c:\program files\common files\supportsoft
2009-04-29 14:36 1,843,200 a------- c:\windows\system32\acXMLParser.dll
2009-04-29 14:36 3,518,464 a------- c:\windows\system32\cdintf300.dll
2009-04-29 14:34 <DIR> --d----- c:\program files\common files\Intuit
2009-04-29 14:34 <DIR> --d----- c:\program files\Intuit
2009-04-29 14:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-04-29 14:33 95 a------- c:\windows\QBChanUtil_Trigger.ini
2009-04-29 14:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SQL Anywhere 10
2009-04-29 14:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\COMMON FILES
2009-04-29 13:54 <DIR> --d----- c:\program files\Akamai
2009-04-22 17:42 24,576 -------- c:\windows\SvcCon.exe
2009-04-22 17:42 73,728 a----r-- c:\windows\wiainst.exe
2009-04-22 17:42 151,552 a------- c:\windows\system32\VdSetup.Exe
2009-04-22 17:42 143,360 a------- c:\windows\system32\SSCoinst.exe
2009-04-22 17:42 135,168 a------- c:\windows\system32\SVSetup.Exe
2009-04-22 17:42 57,344 a------- c:\windows\system32\SSCoinst.dll
2009-04-22 17:42 53,248 a------- c:\windows\system32\VdSetup.dll
2009-04-22 17:42 53,248 a------- c:\windows\system32\SVSetup.dll
2009-04-22 17:42 13,227 a------- c:\windows\system32\DelR1LMK.DLL
2009-04-22 17:39 <DIR> --d----- c:\program files\DELL
2009-04-19 23:03 <DIR> --d----- c:\program files\Trend Micro
2009-04-18 01:02 1,410,076 ---sh--- c:\windows\system32\ikuyekor.ini
2009-04-17 13:02 1,409,815 ---sh--- c:\windows\system32\uporafaf.ini
2009-04-17 01:02 1,409,795 ---sh--- c:\windows\system32\enelojob.ini
2009-04-14 20:57 65,536 a------- c:\windows\system32\ssdevm.dll
2009-04-14 20:57 49,152 a------- c:\windows\system32\ssusbpn.dll
2009-04-14 00:07 1,056 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-14 00:07 <DIR> --d----- c:\program files\common files\Corel
2009-04-14 00:06 <DIR> --d----- c:\program files\Corel
2009-04-08 21:35 <DIR> --d----- c:\docume~1\u_c\applic~1\Paltalk

==================== Find3M ====================

2009-03-13 20:18 74,703 a------- c:\windows\system32\mfc45.dll
2009-03-10 16:06 87,608 a------- c:\docume~1\u_c\applic~1\inst.exe
2009-03-10 16:06 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-10 16:06 47,360 a------- c:\docume~1\u_c\applic~1\pcouffin.sys
2009-03-06 17:36 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-06 17:36 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2008-11-19 13:52 608 a--sh--- c:\windows\system32\winzvprt5.sys

============= FINISH: 22:13:24.42 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2008 9:16:33 AM
System Uptime: 5/1/2009 9:59:14 PM (1 hours ago)

Motherboard: Intel Corporation | | D915GAG
Processor: Intel® Pentium® 4 CPU 3.00GHz | | 3000/200mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 195 GiB total, 106.797 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is FIXED (NTFS) - 373 GiB total, 280.863 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_4037107B&REV_04\3&61AAA01&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_4037107B&REV_04\3&61AAA01&0&10
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00\4&5A988DE&0&00F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00\4&5A988DE&0&00F0
Service:

==== System Restore Points ===================

RP1: 3/17/2009 10:57:32 AM - System Checkpoint
RP2: 3/17/2009 11:33:39 AM - Installed Virtual Account Numbers
RP3: 3/18/2009 12:39:46 PM - System Checkpoint
RP4: 3/19/2009 3:06:36 PM - System Checkpoint
RP5: 3/19/2009 5:06:53 PM - Installed USB 2.0 Wireless LAN Card Utility
RP6: 3/20/2009 6:17:40 PM - System Checkpoint
RP7: 3/21/2009 8:42:39 AM -
RP8: 3/21/2009 9:06:12 AM - Shockwave Player
RP9: 3/21/2009 11:16:29 AM - Shockwave Player
RP10: 3/22/2009 7:44:08 PM - System Checkpoint
RP11: 3/23/2009 8:09:32 PM - System Checkpoint
RP12: 3/25/2009 2:41:53 AM - System Checkpoint
RP13: 3/26/2009 5:23:09 AM - System Checkpoint
RP14: 3/26/2009 9:01:30 AM - Avg8 Update
RP15: 3/27/2009 9:50:48 AM - System Checkpoint
RP16: 3/28/2009 10:53:50 AM - System Checkpoint
RP17: 3/30/2009 4:06:04 PM - System Checkpoint
RP18: 3/31/2009 9:29:34 PM - System Checkpoint
RP19: 4/2/2009 9:17:45 AM - System Checkpoint
RP20: 4/3/2009 1:51:34 PM - System Checkpoint
RP21: 4/4/2009 6:54:05 PM - System Checkpoint
RP22: 4/6/2009 5:33:25 AM - System Checkpoint
RP23: 4/7/2009 9:12:33 AM - System Checkpoint
RP24: 4/8/2009 4:27:06 PM - System Checkpoint
RP25: 4/9/2009 11:44:40 PM - System Checkpoint
RP26: 4/11/2009 12:51:15 AM - System Checkpoint
RP27: 4/12/2009 11:00:22 AM - System Checkpoint
RP28: 4/13/2009 1:18:20 PM - System Checkpoint
RP29: 4/14/2009 12:06:28 AM - Installed Corel Paint Shop Pro X - Installation Files
RP30: 4/14/2009 12:07:18 AM - Installed Corel Paint Shop Pro X
RP31: 4/15/2009 7:21:36 AM - System Checkpoint
RP32: 4/16/2009 9:31:07 AM - Avg8 Update
RP33: 4/17/2009 9:48:31 AM - System Checkpoint
RP34: 4/18/2009 12:59:35 PM - System Checkpoint
RP35: 4/19/2009 1:55:30 PM - System Checkpoint
RP36: 4/20/2009 3:31:26 PM - System Checkpoint
RP37: 4/21/2009 5:44:17 PM - System Checkpoint
RP38: 4/22/2009 5:42:15 PM - Printer Driver Dell Laser MFP 1600n PCL 6 Installed
RP39: 4/22/2009 5:42:37 PM - Printer Driver Dell Laser MFP 1600n Installed
RP40: 4/22/2009 5:42:48 PM - Installed InstallShield Restore Point
RP41: 4/22/2009 5:42:57 PM - Installed Network Scan
RP42: 4/24/2009 9:25:21 AM - System Checkpoint
RP43: 4/25/2009 1:17:32 PM - System Checkpoint
RP44: 4/26/2009 1:55:07 PM - System Checkpoint
RP45: 4/27/2009 4:18:54 PM - System Checkpoint
RP46: 4/28/2009 7:32:44 PM - System Checkpoint
RP47: 4/29/2009 2:34:46 PM - Installed QuickBooks.
RP48: 4/30/2009 6:38:03 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP BiDi Channel Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
AVG Free 8.0
Corel Paint Shop Pro X
Dell Laser MFP 1600n Software Uninstall
Driver Installer
DVD Shrink 3.2
DVDFab Platinum 4.0.1.2 Ghosthunter release
eMachines Bay Reader
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Intel® PRO Network Adapters and Drivers
iolo technologies' System Mechanic 6
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Motorola Driver Installation
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Essentials
Nokia Connectivity Adapter Cable DKU-5
Pinnacle Hollywood FX for Studio
PowerDVD
QuickBooks Simple Start 2009
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SmartSound Quicktracks Plugin
Soft Data Fax Modem with SmartCP
Studio 9
SupportSoft Assisted Service
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB 2.0 Wireless LAN Card Utility
Virtual Account Numbers
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format Runtime

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:56 PM

Posted 01 May 2009 - 04:01 AM

Hi jqdd,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:56 PM

Posted 01 May 2009 - 06:23 PM

Hi jqdd,

Yes, you have a few infections which we need to remove.

Firstly,

I need you to run a few more scanning tools.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Next...

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 jqdd

jqdd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 04 May 2009 - 02:08 AM

First, couple days ago, I download the Microsoft window defender. It cleaned my computer very well. It haven't shown the spyware Protect 2009 popup window any more. However, everytime I restart my computer, it shows three window "Run DLL" error. I don't know what it is I will post it after this.

#5 jqdd

jqdd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 04 May 2009 - 12:21 PM

Followings are three 3 "RUNDLL" window.
Error loading C:\WINDOWS\system32\pewafahu.dll
The specified module could not be found.

Error loading C:\WINDOWS\system32\jabohino.dll
The specified module could not be found.

Error loading C:\WINDOWS\system32\rokeyuki.dll
The specified module could not be found.

#6 jqdd

jqdd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 04 May 2009 - 12:24 PM

GMER report

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-04 00:03:19
Windows 5.1.2600 Service Pack 3


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:56 PM

Posted 04 May 2009 - 01:35 PM

Followings are three 3 "RUNDLL" window.
Error loading C:\WINDOWS\system32\pewafahu.dll
The specified module could not be found.

Error loading C:\WINDOWS\system32\jabohino.dll
The specified module could not be found.

Error loading C:\WINDOWS\system32\rokeyuki.dll
The specified module could not be found.


Hi jqdd,

Those files are all Vundo.

Please post the OTViewIt log and then we can see what's there. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 jqdd

jqdd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 04 May 2009 - 02:52 PM

OTViewIt Report with scan all users checked and file age is 30 days. The first run I selected "All" (for file age), and it is too long.

OTViewIt logfile created on: 5/4/2009 12:47:11 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\U_C\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.80 Gb Available in Paging File | 95.11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 106.14 Gb Free Space | 54.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.61 Gb Total Space | 292.04 Gb Free Space | 78.38% Space Free | Partition Type: NTFS

Computer Name: TIFFANYLE
Current User Name: U_C
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2009/03/06 17:36:44 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2008/09/10 22:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2006/10/12 09:44:48 | 00,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
[2009/03/06 17:36:48 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/07/25 12:47:30 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2005/07/25 12:47:08 | 02,806,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2003/10/31 20:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2009/03/06 17:36:47 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2004/03/11 16:18:54 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\eMachines Bay Reader\shwiconEM.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2006/02/02 19:42:26 | 00,578,048 | ---- | M] () -- C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
[2006/06/01 13:32:12 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2009/03/24 10:28:50 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/09/11 00:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
[2006/10/12 12:48:48 | 00,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
[2006/10/26 21:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[2008/04/13 17:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\proquota.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/02/27 21:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/12/07 15:51:16 | 00,102,400 | ---- | M] () -- C:\WINDOWS\system32\OBroker.exe
[2009/05/04 10:22:58 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\U_C\Desktop\OTViewIt.exe
[2008/04/13 17:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2006/10/27 16:23:04 | 00,347,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
[2009/03/06 17:36:48 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

========== (O23) Win32 Services ==========

[2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/03/06 17:36:44 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2009/03/21 09:09:12 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/10/27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2006/06/22 16:13:06 | 00,208,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/10/12 09:45:58 | 00,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC [Disabled | Stopped])
[2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
[2008/09/10 22:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
[2008/08/08 21:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

========== Driver Services ==========

[2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2006/10/26 12:22:00 | 00,020,747 | R--- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/03/10 16:27:18 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k [On_Demand | Running])
[2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2009/03/06 17:36:48 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/03/06 17:36:48 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2006/10/26 12:22:00 | 00,357,344 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02 [On_Demand | Running])
[2004/02/10 15:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/07/16 14:29:33 | 00,017,432 | R--- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK [On_Demand | Stopped])
[2007/07/16 14:29:43 | 00,020,504 | R--- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX [On_Demand | Stopped])
[2005/07/22 12:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2005/07/22 12:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/07/25 12:47:28 | 03,851,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 11:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/06/21 16:03:22 | 00,078,976 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
[2005/10/05 16:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2008/03/06 16:57:32 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
[2002/03/19 09:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2009/03/10 16:06:53 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2001/08/23 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/23 05:00:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sermouse.sys -- (sermouse [On_Demand | Stopped])
[2007/01/25 22:57:20 | 00,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD [On_Demand | Running])
[2004/03/22 12:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Running])
[2004/03/22 12:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39 [On_Demand | Stopped])
[2008/11/13 16:22:51 | 00,026,504 | ---- | M] () -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt [On_Demand | Stopped])
[2007/06/27 10:41:48 | 00,101,248 | R--- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56 [On_Demand | Stopped])
[2007/06/27 10:42:34 | 00,073,856 | R--- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56 [On_Demand | Stopped])
[2005/07/22 12:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2001/08/23 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (156 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
91.212.65.122 browser-security.microsoft.com
91.212.65.122 antiwareprotect.com
91.212.65.122 www.antiwareprotect.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{387EDF53-1CF2-4523-BC2F-13462651BE8C} (HKLM) -- C:\Program Files\Virtual Account Numbers\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{fc7bfae2-c34a-4321-aa42-31760b97964b} (HKLM) -- C:\WINDOWS\system32\waduzaga.dll File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"=ALCWZRD.EXE (RealTek Semicoductor Corp.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CPMd729a208"=Rundll32.exe "c:\windows\system32\jabohino.dll",a File not found
"d41a9194"=rundll32.exe "C:\WINDOWS\system32\rokeyuki.dll",b File not found
"DellNSCST"="C:\Program Files\DELL\Dell Laser MFP 1600n\NETWORKSCAN\DNSCST.EXE" /HIDEUI (Dell)
"High Definition Audio Property Page Shortcut"=HDAShCut.exe (Windows ® Server 2003 DDK provider)
"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"NWEReboot"= File not found
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg ()
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunKistEM"=C:\Program Files\eMachines Bay Reader\shwiconem.exe (Alcor Micro, Corp.)
"wigegabiwi"=Rundll32.exe "C:\WINDOWS\system32\pewafahu.dll",s File not found
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" ()
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wigegabiwi"=Rundll32.exe "C:\WINDOWS\system32\pewafahu.dll",s File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wigegabiwi"=Rundll32.exe "C:\WINDOWS\system32\pewafahu.dll",s File not found

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" ()
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2008/09/11 00:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
[2006/10/12 12:48:48 | 00,921,707 | R--- | M] (Dell Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
[2006/10/26 21:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\U_C\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"EnableProfileQuota"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"EnableProfileQuota"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13}: Button: Cleaner -- %ProgramFiles%\ClickClean\ClickClean.exe File not found
{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}: Button: Virtual Account Numbers -- %ProgramFiles%\Virtual Account Numbers\CitiVAN.exe [2007/12/07 15:52:52 | 00,270,336 | ---- | M] (Orbiscom Ltd. All rights reserved.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} [HKLM] -> %ProgramFiles%\ClickClean\ClickClean.exe [Cleaner] -> File not found
CmdMapping\\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} [HKLM] -> %ProgramFiles%\Virtual Account Numbers\CitiVAN.exe [Virtual Account Numbers] -> [2007/12/07 15:52:52 | 00,270,336 | ---- | M] (Orbiscom Ltd. All rights reserved.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} [HKLM] -> %ProgramFiles%\ClickClean\ClickClean.exe [Cleaner] -> File not found
CmdMapping\\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} [HKLM] -> %ProgramFiles%\Virtual Account Numbers\CitiVAN.exe [Virtual Account Numbers] -> [2007/12/07 15:52:52 | 00,270,336 | ---- | M] (Orbiscom Ltd. All rights reserved.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/C/0...heckControl.cab -- Windows Genuine Advantage Validation Tool
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{D27CDB6E-AE6D-11CF-96B8-444553540000}: https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0323F44D-392F-4856-AF73-5FED1B7F8E3C} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{53361142-FEB5-43A2-BC36-66BC7269C140} (Servers: | Description: )
{59AA043D-5BEE-41D3-AEFC-CC82EF464683} (Servers: | Description: 1394 Net Adapter)
{5D0AC0FA-53BD-4AD9-964D-63DE3839FAEE} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{5D424E32-B357-458A-AA36-E8C00C03ED6F} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{8B759122-2032-4CAF-8FE0-217B5682A74A} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{A9C1EB7A-E8D3-40CB-99E7-273A6C81499D} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{D1AD7B00-9957-4576-8C4C-BAFC565195E3} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\miposaho.dll c:\windows\system32\jabohino.dll
>File not found -- C:\WINDOWS\system32\miposaho.dll
>File not found -- c:\windows\system32\jabohino.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
PRISMAPI.DLL: "DllName" = PRISMAPI.DLL -- C:\WINDOWS\system32\PRISMAPI.dll (Conexant Systems, Inc.)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\windows\system32\jabohino.dll File not found

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\windows\system32\jabohino.dll File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/11/12 10:14:31 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c78e50d-b1d9-11dd-afd0-0013204ee5da}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c78e50d-b1d9-11dd-afd0-0013204ee5da}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c78e50d-b1d9-11dd-afd0-0013204ee5da}\Shell\AutoRun\command]
""=I:\WIN\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/04 12:41:24 | 00,036,062 | ---- | C] () -- C:\Documents and Settings\U_C\My Documents\OTViewIt logfile created on.docx
[2009/05/04 10:22:45 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\U_C\Desktop\OTViewIt.exe
[2009/05/03 23:10:11 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\y18qf48h.exe
[2009/05/03 23:06:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Desktop\Unused Desktop Shortcuts
[2009/05/02 00:06:06 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/02 00:06:05 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/02 00:06:05 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/02 00:06:05 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/02 00:06:05 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/02 00:06:05 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/02 00:06:05 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/02 00:06:04 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/02 00:06:04 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/02 00:05:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/02 00:05:13 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/02 00:05:07 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/02 00:03:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/01 23:54:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/01 23:54:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/01 23:54:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/01 23:54:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/01 23:51:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/01 23:46:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/01 23:39:39 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/01 23:36:34 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/04/29 16:37:12 | 00,211,343 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\Order Report.csv
[2009/04/29 16:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Desktop\QuickBook
[2009/04/29 16:25:01 | 00,150,911 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\Order Report.xlsx
[2009/04/29 14:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/04/29 14:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Local Settings\Application Data\Intuit
[2009/04/29 14:36:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2009/04/29 14:36:46 | 01,843,200 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\acXMLParser.dll
[2009/04/29 14:36:44 | 03,518,464 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2009/04/29 14:36:33 | 00,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/04/29 14:34:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2009/04/29 14:34:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2009/04/29 14:34:57 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit
[2009/04/29 14:34:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/29 14:33:58 | 00,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/29 14:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/04/29 14:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/04/29 14:33:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/04/29 13:54:21 | 33,503,8160 | ---- | C] (Intuit, Inc. ) -- C:\Documents and Settings\U_C\Desktop\QuickBooksSimpleStartChampion2009.exe
[2009/04/29 13:54:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\Download Manager
[2009/04/29 13:54:15 | 00,000,000 | ---D | C] -- C:\Program Files\Akamai
[2009/04/28 22:20:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\My Documents\toyota camry
[2009/04/24 23:50:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Desktop\pix
[2009/04/24 18:37:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\CyberLink
[2009/04/23 16:11:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\My Documents\William practice handwriting
[2009/04/23 03:04:17 | 00,328,976 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\ORDERS.docx
[2009/04/22 22:41:34 | 00,036,349 | ---- | C] () -- C:\Documents and Settings\U_C\My Documents\http___www.eia.doe.gov_cneaf_electricity_epm_table5_6_a.pdf
[2009/04/22 19:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\My Documents\My orders
[2009/04/22 17:42:49 | 00,024,576 | ---- | C] () -- C:\WINDOWS\SvcCon.exe
[2009/04/22 17:42:44 | 00,073,728 | R--- | C] (Samsung Software Center) -- C:\WINDOWS\wiainst.exe
[2009/04/22 17:42:04 | 00,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\VdSetup.Exe
[2009/04/22 17:42:04 | 00,143,360 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SSCoinst.exe
[2009/04/22 17:42:04 | 00,135,168 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SVSetup.Exe
[2009/04/22 17:42:04 | 00,057,344 | ---- | C] (SEC) -- C:\WINDOWS\System32\SSCoinst.dll
[2009/04/22 17:42:04 | 00,053,248 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\VdSetup.dll
[2009/04/22 17:42:04 | 00,053,248 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SVSetup.dll
[2009/04/22 17:42:04 | 00,013,227 | ---- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\DelR1LMK.DLL
[2009/04/22 17:39:51 | 00,000,000 | ---D | C] -- C:\Program Files\DELL
[2009/04/19 23:03:48 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\HijackThis.lnk
[2009/04/19 23:03:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/18 18:47:53 | 00,016,569 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\Phone.xlsx
[2009/04/18 01:02:26 | 01,410,076 | -HS- | C] () -- C:\WINDOWS\System32\ikuyekor.ini
[2009/04/17 13:02:05 | 01,409,815 | -HS- | C] () -- C:\WINDOWS\System32\uporafaf.ini
[2009/04/17 01:02:08 | 01,409,795 | -HS- | C] () -- C:\WINDOWS\System32\enelojob.ini
[2009/04/14 20:57:34 | 00,065,536 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll
[2009/04/14 20:57:34 | 00,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssusbpn.dll
[2009/04/14 11:49:17 | 00,014,140 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\Resume.docx
[2009/04/14 00:07:58 | 00,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/14 00:07:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/14 00:07:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\Corel
[2009/04/14 00:07:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009/04/14 00:07:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\My Documents\My PSP Files
[2009/04/14 00:06:28 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/04/12 11:50:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\My Documents\Wii via USB
[2009/04/09 07:32:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\Mozilla
[2009/04/08 21:35:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\Paltalk

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/04 12:41:24 | 00,036,062 | ---- | M] () -- C:\Documents and Settings\U_C\My Documents\OTViewIt logfile created on.docx
[2009/05/04 10:22:58 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\U_C\Desktop\OTViewIt.exe
[2009/05/04 10:20:18 | 00,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/04 10:20:18 | 00,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/04 10:20:18 | 00,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/04 10:19:47 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/04 10:16:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/04 10:16:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 10:16:10 | 00,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 04:12:27 | 35,736,275 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/04 04:12:27 | 00,047,865 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/03 23:10:19 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\y18qf48h.exe
[2009/05/03 03:00:28 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/02 00:05:21 | 00,097,064 | ---- | M] () -- C:\Documents and Settings\U_C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/02 00:04:45 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/02 00:03:02 | 00,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/01 23:49:21 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/01 10:27:17 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\U_C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/01 10:05:51 | 00,002,002 | ---- | M] () -- C:\WINDOWS\SysMech6.INI
[2009/04/29 16:37:12 | 00,211,343 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\Order Report.csv
[2009/04/29 16:25:01 | 00,150,911 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\Order Report.xlsx
[2009/04/29 15:53:16 | 00,328,976 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\ORDERS.docx
[2009/04/29 14:36:45 | 00,000,095 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/29 14:36:33 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/04/29 14:32:33 | 33,503,8160 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\U_C\Desktop\QuickBooksSimpleStartChampion2009.exe
[2009/04/29 11:28:19 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/22 22:41:34 | 00,036,349 | ---- | M] () -- C:\Documents and Settings\U_C\My Documents\http___www.eia.doe.gov_cneaf_electricity_epm_table5_6_a.pdf
[2009/04/21 13:50:58 | 01,410,076 | -HS- | M] () -- C:\WINDOWS\System32\ikuyekor.ini
[2009/04/19 23:03:48 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\HijackThis.lnk
[2009/04/18 19:49:34 | 00,016,569 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\Phone.xlsx
[2009/04/18 10:18:34 | 00,011,168 | ---- | M] () -- C:\WINDOWS\mayerema
[2009/04/18 03:14:28 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/18 00:34:08 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/17 17:29:39 | 01,409,815 | -HS- | M] () -- C:\WINDOWS\System32\uporafaf.ini
[2009/04/17 01:23:40 | 01,409,795 | -HS- | M] () -- C:\WINDOWS\System32\enelojob.ini
[2009/04/14 11:49:17 | 00,014,140 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\Resume.docx
[2009/04/14 00:12:46 | 00,001,056 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
< End of report >

--------------------------------------------------------------------------------------------------------------------

OTViewIt Extras logfile created on: 5/4/2009 12:47:11 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\U_C\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.80 Gb Available in Paging File | 95.11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 106.14 Gb Free Space | 54.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.61 Gb Total Space | 292.04 Gb Free Space | 78.38% Space Free | Partition Type: NTFS

Computer Name: TIFFANYLE
Current User Name: U_C
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/27 16:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/10/27 16:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2006/10/27 16:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2006/10/12 12:48:48 | 00,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe:*:Enabled:PRISMCFG
[2009/03/06 17:02:47 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/07/13 10:47:42 | 03,764,224 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials
File not found -- C:\Program Files\Paltalk Messenger\paltalk.exe:*:Disabled:PaltalkScene
[2009/02/27 21:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore
[2006/02/20 14:07:08 | 00,278,528 | ---- | M] (Dell) -- C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe:*:Enabled:DNSCST Module
[2008/07/09 23:46:28 | 00,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/27 01:48:02 | 00,222,512 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/11 00:06:18 | 00,070,944 | ---- | M] (Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (intu-help-qb2:{84D77A00-41B5-4b8b-8ADF-86486D72E749} (HKLM) [Intuit Help System Async Pluggable Protocol (v2) for QuickBooks])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/03/06 17:36:46 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{1A15507A-8551-4626-915D-3D5FA095CC1B}"=Corel Paint Shop Pro X
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}"=Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C814DE3-7174-4148-A3E2-43FFC4F21033}"=Nero 7 Essentials
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{50120000-1105-0000-0000-0000000FF1CE}"=Microsoft Office 2007 Primary Interop Assemblies
"{5A3F6A80-7913-475E-8B96-477A952CFA43}"=SupportSoft Assisted Service
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}"=Driver Installer
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=eMachines Bay Reader
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{9579E862-5FC7-4337-B1CC-5E37451524C5}"=Motorola Driver Installation
"{9A2F0810-3619-4E86-9072-973FBE1679C5}"=QuickBooks Simple Start 2009
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}"=32 Bit HP BiDi Channel Components Installer
"{9E491AB7-4589-48CA-9CBB-874CB2788391}"=Studio 9
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}"=USB 2.0 Wireless LAN Card Utility
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}"=Virtual Account Numbers
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}"=Nokia Connectivity Adapter Cable DKU-5
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Amazon MP3 Downloader"=Amazon MP3 Downloader 1.0.3
"AVG8Uninstall"=AVG Free 8.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=Soft Data Fax Modem with SmartCP
"Dell Laser MFP 1600n"=Dell Laser MFP 1600n Software Uninstall
"DVD Shrink_is1"=DVD Shrink 3.2
"DVDFab Platinum_is1"=DVDFab Platinum 4.0.1.2 Ghosthunter release
"ENTERPRISE"=Microsoft Office Enterprise 2007
"HijackThis"=HijackThis 2.0.2
"Hollywood FX 5.5 Additional Effects"=Hollywood FX 5.5 Additional Effects
"Hollywood FX for Studio"=Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=eMachines Bay Reader
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft Visual Studio 2005 Tools for Office Runtime"=Visual Studio 2005 Tools for Office Second Edition Runtime
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PROSet"=Intel® PRO Network Adapters and Drivers
"System Mechanic 6_is1"=iolo technologies' System Mechanic 6
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2009 1:02:13 AM | Computer Name = TIFFANYLE | Source = .NET Runtime | ID = 0
Description =

Error - 5/2/2009 2:05:59 AM | Computer Name = TIFFANYLE | Source = .NET Runtime | ID = 0
Description =

Error - 5/2/2009 2:36:46 AM | Computer Name = TIFFANYLE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024400e, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 5/2/2009 4:34:01 AM | Computer Name = TIFFANYLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x002da8ba.

Error - 5/2/2009 4:34:04 AM | Computer Name = TIFFANYLE | Source = Application Error | ID = 1001
Description = Fault bucket 1159159483.

Error - 5/2/2009 4:43:07 AM | Computer Name = TIFFANYLE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024400e, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 5/1/2009 1:27:21 PM | Computer Name = TIFFANYLE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x044c1710.

Error - 5/1/2009 7:30:27 PM | Computer Name = TIFFANYLE | Source = Application Hang | ID = 1002
Description = Hanging application SysMech6.exe, version 6.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 7:30:28 PM | Computer Name = TIFFANYLE | Source = Application Hang | ID = 1002
Description = Hanging application SysMech6.exe, version 6.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 7:30:48 PM | Computer Name = TIFFANYLE | Source = Application Hang | ID = 1002
Description = Hanging application SysMech6.exe, version 6.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.


< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:56 PM

Posted 05 May 2009 - 11:39 AM

Hi jqdd,

Yes, there's still some Vundo on your PC.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to backup your registry as we will be making changes there.
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    C:\WINDOWS\system32\waduzaga.dll
    c:\windows\system32\jabohino.dll
    C:\WINDOWS\system32\rokeyuki.dll
    C:\WINDOWS\system32\pewafahu.dll
    C:\WINDOWS\system32\miposaho.dll
    C:\Documents and Settings\U_C\Desktop\y18qf48h.exe
    C:\WINDOWS\System32\ikuyekor.ini
    C:\WINDOWS\System32\uporafaf.ini
    C:\WINDOWS\System32\enelojob.ini
    C:\WINDOWS\System32\ikuyekor.ini
    C:\WINDOWS\mayerema
    :Reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc7bfae2-c34a-4321-aa42-31760b97964b}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CPMd729a208"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "d41a9194"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wigegabiwi"=-
    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wigegabiwi"=-
    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wigegabiwi"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SSODL"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
    {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start then All Programs then Accessories then Notepad), click File then Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please download HostsXpert 4.2
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Please post a new OTViewIt log as well. Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:56 PM

Posted 07 May 2009 - 11:44 AM

Hi jqdd,

I have not had a reply from you for 2 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#11 jqdd

jqdd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 07 May 2009 - 08:19 PM

The OTMoveIt3 is freezed when I execute the program. It doesn't create the text file in C:\_OTMoveIt\MovedFiles.
So I can not list the report for you.
I will do the HostsXpert 4.2 next.
Sorry for the lateness.

#12 jqdd

jqdd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 07 May 2009 - 08:34 PM

OTViewIt logfile created on: 5/7/2009 6:24:30 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\My downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.83 Gb Available in Paging File | 95.86% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 171.41 Gb Free Space | 87.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.61 Gb Total Space | 222.52 Gb Free Space | 59.72% Space Free | Partition Type: NTFS

Computer Name: TIFFANYLE
Current User Name: U_C
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2009/03/06 17:36:44 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2008/09/10 22:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2006/10/12 09:44:48 | 00,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
[2009/03/06 17:36:48 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/07/25 12:47:30 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2005/07/25 12:47:08 | 02,806,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2003/10/31 20:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2009/03/06 17:36:47 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2004/03/11 16:18:54 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\eMachines Bay Reader\shwiconEM.exe
[2006/02/20 14:07:08 | 00,278,528 | ---- | M] (Dell) -- C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2006/02/02 19:42:26 | 00,578,048 | ---- | M] () -- C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
[2006/06/01 13:32:12 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2009/03/24 10:28:50 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/09/11 00:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
[2006/10/12 12:48:48 | 00,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
[2006/10/26 21:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[2008/04/13 17:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\proquota.exe
[2009/05/07 18:24:13 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\My downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/03/06 17:36:44 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2009/03/21 09:09:12 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/10/27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2006/06/22 16:13:06 | 00,208,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/10/12 09:45:58 | 00,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC [Disabled | Stopped])
[2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
[2008/09/10 22:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
[2008/08/08 21:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

========== Driver Services ==========

[2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2006/10/26 12:22:00 | 00,020,747 | R--- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/03/10 16:27:18 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k [On_Demand | Running])
[2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2009/03/06 17:36:48 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/03/06 17:36:48 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2006/10/26 12:22:00 | 00,357,344 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02 [On_Demand | Running])
[2004/02/10 15:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/07/16 14:29:33 | 00,017,432 | R--- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK [On_Demand | Stopped])
[2007/07/16 14:29:43 | 00,020,504 | R--- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX [On_Demand | Stopped])
[2005/07/22 12:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2005/07/22 12:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/07/25 12:47:28 | 03,851,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 11:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/06/21 16:03:22 | 00,078,976 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
[2005/10/05 16:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2008/03/06 16:57:32 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
[2002/03/19 09:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2009/03/10 16:06:53 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2001/08/23 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/23 05:00:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sermouse.sys -- (sermouse [On_Demand | Stopped])
[2007/01/25 22:57:20 | 00,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD [On_Demand | Running])
[2004/03/22 12:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Running])
[2004/03/22 12:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39 [On_Demand | Stopped])
[2008/11/13 16:22:51 | 00,026,504 | ---- | M] () -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt [On_Demand | Stopped])
[2007/06/27 10:41:48 | 00,101,248 | R--- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56 [On_Demand | Stopped])
[2007/06/27 10:42:34 | 00,073,856 | R--- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56 [On_Demand | Stopped])
[2005/07/22 12:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2001/08/23 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{387EDF53-1CF2-4523-BC2F-13462651BE8C} (HKLM) -- C:\Program Files\Virtual Account Numbers\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"=ALCWZRD.EXE (RealTek Semicoductor Corp.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"DellNSCST"="C:\Program Files\DELL\Dell Laser MFP 1600n\NETWORKSCAN\DNSCST.EXE" /HIDEUI (Dell)
"High Definition Audio Property Page Shortcut"=HDAShCut.exe (Windows ® Server 2003 DDK provider)
"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"NWEReboot"= File not found
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg ()
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunKistEM"=C:\Program Files\eMachines Bay Reader\shwiconem.exe (Alcor Micro, Corp.)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" ()
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" ()
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2008/09/11 00:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
[2006/10/12 12:48:48 | 00,921,707 | R--- | M] (Dell Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
[2006/10/26 21:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\U_C\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"EnableProfileQuota"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"EnableProfileQuota"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13}: Button: Cleaner -- %ProgramFiles%\ClickClean\ClickClean.exe File not found
{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}: Button: Virtual Account Numbers -- %ProgramFiles%\Virtual Account Numbers\CitiVAN.exe [2007/12/07 15:52:52 | 00,270,336 | ---- | M] (Orbiscom Ltd. All rights reserved.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} [HKLM] -> %ProgramFiles%\ClickClean\ClickClean.exe [Cleaner] -> File not found
CmdMapping\\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} [HKLM] -> %ProgramFiles%\Virtual Account Numbers\CitiVAN.exe [Virtual Account Numbers] -> [2007/12/07 15:52:52 | 00,270,336 | ---- | M] (Orbiscom Ltd. All rights reserved.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-861567501-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} [HKLM] -> %ProgramFiles%\ClickClean\ClickClean.exe [Cleaner] -> File not found
CmdMapping\\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} [HKLM] -> %ProgramFiles%\Virtual Account Numbers\CitiVAN.exe [Virtual Account Numbers] -> [2007/12/07 15:52:52 | 00,270,336 | ---- | M] (Orbiscom Ltd. All rights reserved.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/C/0...heckControl.cab -- Windows Genuine Advantage Validation Tool
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{D27CDB6E-AE6D-11CF-96B8-444553540000}: https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0323F44D-392F-4856-AF73-5FED1B7F8E3C} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{53361142-FEB5-43A2-BC36-66BC7269C140} (Servers: | Description: )
{59AA043D-5BEE-41D3-AEFC-CC82EF464683} (Servers: | Description: 1394 Net Adapter)
{5D0AC0FA-53BD-4AD9-964D-63DE3839FAEE} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{5D424E32-B357-458A-AA36-E8C00C03ED6F} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{8B759122-2032-4CAF-8FE0-217B5682A74A} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{A9C1EB7A-E8D3-40CB-99E7-273A6C81499D} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{D1AD7B00-9957-4576-8C4C-BAFC565195E3} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
PRISMAPI.DLL: "DllName" = PRISMAPI.DLL -- C:\WINDOWS\system32\PRISMAPI.dll (Conexant Systems, Inc.)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= (HKLM) -- CLSID or file not found.

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/11/12 10:14:31 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c78e50d-b1d9-11dd-afd0-0013204ee5da}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c78e50d-b1d9-11dd-afd0-0013204ee5da}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c78e50d-b1d9-11dd-afd0-0013204ee5da}\Shell\AutoRun\command]
""=I:\WIN\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/07 18:20:42 | 00,000,000 | ---D | C] -- C:\HostsXpert
[2009/05/06 13:42:07 | 00,000,000 | ---D | C] -- C:\Timmy folder
[2009/05/06 13:41:00 | 00,000,000 | ---D | C] -- C:\My car
[2009/05/06 13:20:53 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/05/04 14:19:53 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/04 13:10:47 | 00,000,000 | ---D | C] -- C:\temp
[2009/05/04 13:09:57 | 00,000,000 | ---D | C] -- C:\pix temp
[2009/05/04 12:41:24 | 00,036,062 | ---- | C] () -- C:\Documents and Settings\U_C\My Documents\OTViewIt logfile created on.docx
[2009/05/02 00:06:06 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/02 00:06:05 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/02 00:06:05 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/02 00:06:05 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/02 00:06:05 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/02 00:06:05 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/02 00:06:05 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/02 00:06:04 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/02 00:06:04 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/02 00:05:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/02 00:05:13 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/02 00:05:07 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/02 00:03:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/01 23:54:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/01 23:54:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/01 23:54:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/01 23:54:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/01 23:51:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/01 23:46:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/01 23:39:39 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/01 23:36:34 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/04/29 16:37:12 | 00,211,343 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\Order Report.csv
[2009/04/29 16:25:01 | 00,150,911 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\Order Report.xlsx
[2009/04/29 14:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/04/29 14:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Local Settings\Application Data\Intuit
[2009/04/29 14:36:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2009/04/29 14:36:46 | 01,843,200 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\acXMLParser.dll
[2009/04/29 14:36:44 | 03,518,464 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2009/04/29 14:36:33 | 00,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/04/29 14:34:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2009/04/29 14:34:57 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit
[2009/04/29 14:34:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/29 14:33:58 | 00,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/29 14:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/04/29 14:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/04/29 14:33:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/04/29 13:54:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\Download Manager
[2009/04/29 13:54:15 | 00,000,000 | ---D | C] -- C:\Program Files\Akamai
[2009/04/24 18:37:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\CyberLink
[2009/04/23 16:11:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\My Documents\William practice handwriting
[2009/04/23 03:04:17 | 00,328,976 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\ORDERS.docx
[2009/04/22 22:41:34 | 00,036,349 | ---- | C] () -- C:\Documents and Settings\U_C\My Documents\http___www.eia.doe.gov_cneaf_electricity_epm_table5_6_a.pdf
[2009/04/22 19:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\My Documents\My orders
[2009/04/22 17:42:49 | 00,024,576 | ---- | C] () -- C:\WINDOWS\SvcCon.exe
[2009/04/22 17:42:44 | 00,073,728 | R--- | C] (Samsung Software Center) -- C:\WINDOWS\wiainst.exe
[2009/04/22 17:42:04 | 00,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\VdSetup.Exe
[2009/04/22 17:42:04 | 00,143,360 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SSCoinst.exe
[2009/04/22 17:42:04 | 00,135,168 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SVSetup.Exe
[2009/04/22 17:42:04 | 00,057,344 | ---- | C] (SEC) -- C:\WINDOWS\System32\SSCoinst.dll
[2009/04/22 17:42:04 | 00,053,248 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\VdSetup.dll
[2009/04/22 17:42:04 | 00,053,248 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SVSetup.dll
[2009/04/22 17:42:04 | 00,013,227 | ---- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\DelR1LMK.DLL
[2009/04/22 17:39:51 | 00,000,000 | ---D | C] -- C:\Program Files\DELL
[2009/04/19 23:03:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/18 18:47:53 | 00,016,806 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\Phone.xlsx
[2009/04/14 20:57:34 | 00,065,536 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll
[2009/04/14 20:57:34 | 00,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssusbpn.dll
[2009/04/14 11:49:17 | 00,014,140 | ---- | C] () -- C:\Documents and Settings\U_C\Desktop\Resume.docx
[2009/04/14 00:07:58 | 00,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/14 00:07:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/14 00:07:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\Corel
[2009/04/14 00:07:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009/04/14 00:07:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\My Documents\My PSP Files
[2009/04/14 00:06:28 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/04/12 11:50:06 | 00,000,000 | ---D | C] -- C:\Wii via USB
[2009/04/09 07:32:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\Mozilla
[2009/04/08 21:35:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\U_C\Application Data\Paltalk

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/07 17:13:34 | 00,002,064 | ---- | M] () -- C:\WINDOWS\SysMech6.INI
[2009/05/07 03:29:20 | 35,879,638 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/07 03:29:20 | 00,051,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/07 01:56:07 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/06 22:35:37 | 00,016,806 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\Phone.xlsx
[2009/05/06 20:34:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/06 19:28:11 | 00,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/06 19:28:11 | 00,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/06 19:28:11 | 00,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/06 19:24:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/06 19:24:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/06 19:24:00 | 00,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 13:48:46 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\U_C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/04 12:41:24 | 00,036,062 | ---- | M] () -- C:\Documents and Settings\U_C\My Documents\OTViewIt logfile created on.docx
[2009/05/02 00:05:21 | 00,097,064 | ---- | M] () -- C:\Documents and Settings\U_C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/02 00:04:45 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/02 00:03:02 | 00,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/01 23:49:21 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/29 16:37:12 | 00,211,343 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\Order Report.csv
[2009/04/29 16:25:01 | 00,150,911 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\Order Report.xlsx
[2009/04/29 15:53:16 | 00,328,976 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\ORDERS.docx
[2009/04/29 14:36:45 | 00,000,095 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/04/29 14:36:33 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/04/29 11:28:19 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/22 22:41:34 | 00,036,349 | ---- | M] () -- C:\Documents and Settings\U_C\My Documents\http___www.eia.doe.gov_cneaf_electricity_epm_table5_6_a.pdf
[2009/04/18 03:14:28 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/14 11:49:17 | 00,014,140 | ---- | M] () -- C:\Documents and Settings\U_C\Desktop\Resume.docx
[2009/04/14 00:12:46 | 00,001,056 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
< End of report >

====================================================================

OTViewIt Extras logfile created on: 5/7/2009 6:24:30 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\My downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.83 Gb Available in Paging File | 95.86% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 171.41 Gb Free Space | 87.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 372.61 Gb Total Space | 222.52 Gb Free Space | 59.72% Space Free | Partition Type: NTFS

Computer Name: TIFFANYLE
Current User Name: U_C
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/27 16:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/10/27 16:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2006/10/27 16:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2006/10/12 12:48:48 | 00,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe:*:Enabled:PRISMCFG
[2009/03/06 17:02:47 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/07/13 10:47:42 | 03,764,224 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials
File not found -- C:\Program Files\Paltalk Messenger\paltalk.exe:*:Disabled:PaltalkScene
[2009/02/27 21:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore
[2006/02/20 14:07:08 | 00,278,528 | ---- | M] (Dell) -- C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe:*:Enabled:DNSCST Module
[2008/07/09 23:46:28 | 00,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/27 01:48:02 | 00,222,512 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/11 00:06:18 | 00,070,944 | ---- | M] (Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (intu-help-qb2:{84D77A00-41B5-4b8b-8ADF-86486D72E749} (HKLM) [Intuit Help System Async Pluggable Protocol (v2) for QuickBooks])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/03/06 17:36:46 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 20:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{1A15507A-8551-4626-915D-3D5FA095CC1B}"=Corel Paint Shop Pro X
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}"=Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C814DE3-7174-4148-A3E2-43FFC4F21033}"=Nero 7 Essentials
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{50120000-1105-0000-0000-0000000FF1CE}"=Microsoft Office 2007 Primary Interop Assemblies
"{5A3F6A80-7913-475E-8B96-477A952CFA43}"=SupportSoft Assisted Service
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}"=Driver Installer
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=eMachines Bay Reader
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{9579E862-5FC7-4337-B1CC-5E37451524C5}"=Motorola Driver Installation
"{9A2F0810-3619-4E86-9072-973FBE1679C5}"=QuickBooks Simple Start 2009
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}"=32 Bit HP BiDi Channel Components Installer
"{9E491AB7-4589-48CA-9CBB-874CB2788391}"=Studio 9
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}"=USB 2.0 Wireless LAN Card Utility
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}"=Virtual Account Numbers
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}"=Nokia Connectivity Adapter Cable DKU-5
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Amazon MP3 Downloader"=Amazon MP3 Downloader 1.0.3
"AVG8Uninstall"=AVG Free 8.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=Soft Data Fax Modem with SmartCP
"Dell Laser MFP 1600n"=Dell Laser MFP 1600n Software Uninstall
"DVD Shrink_is1"=DVD Shrink 3.2
"DVDFab Platinum_is1"=DVDFab Platinum 4.0.1.2 Ghosthunter release
"ENTERPRISE"=Microsoft Office Enterprise 2007
"HijackThis"=HijackThis 2.0.2
"Hollywood FX 5.5 Additional Effects"=Hollywood FX 5.5 Additional Effects
"Hollywood FX for Studio"=Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=eMachines Bay Reader
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft Visual Studio 2005 Tools for Office Runtime"=Visual Studio 2005 Tools for Office Second Edition Runtime
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PROSet"=Intel® PRO Network Adapters and Drivers
"System Mechanic 6_is1"=iolo technologies' System Mechanic 6
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2009 2:36:46 AM | Computer Name = TIFFANYLE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024400e, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 5/2/2009 4:34:01 AM | Computer Name = TIFFANYLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x002da8ba.

Error - 5/2/2009 4:34:04 AM | Computer Name = TIFFANYLE | Source = Application Error | ID = 1001
Description = Fault bucket 1159159483.

Error - 5/2/2009 4:43:07 AM | Computer Name = TIFFANYLE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024400e, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 5/1/2009 1:27:21 PM | Computer Name = TIFFANYLE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x044c1710.

Error - 5/1/2009 7:30:27 PM | Computer Name = TIFFANYLE | Source = Application Hang | ID = 1002
Description = Hanging application SysMech6.exe, version 6.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 7:30:28 PM | Computer Name = TIFFANYLE | Source = Application Hang | ID = 1002
Description = Hanging application SysMech6.exe, version 6.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 7:30:48 PM | Computer Name = TIFFANYLE | Source = Application Hang | ID = 1002
Description = Hanging application SysMech6.exe, version 6.0.19.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2009 7:38:01 PM | Computer Name = TIFFANYLE | Source = Application Hang | ID = 1002
Description = Hanging application OTMoveIt3.exe, version 1.0.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2009 7:39:51 PM | Computer Name = TIFFANYLE | Source = Application Hang | ID = 1002
Description = Hanging application OTMoveIt3.exe, version 1.0.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/6/2009 11:43:49 AM | Computer Name = TIFFANYLE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/6/2009 11:43:49 AM | Computer Name = TIFFANYLE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/6/2009 11:43:49 AM | Computer Name = TIFFANYLE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/6/2009 11:43:49 AM | Computer Name = TIFFANYLE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:56 PM

Posted 10 May 2009 - 04:16 AM

Hi jqdd,

That's looking a lot better. How's the PC running?

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:56 PM

Posted 13 May 2009 - 11:53 AM

Hi jqdd,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#15 jqdd

jqdd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 13 May 2009 - 03:39 PM

I am scanning now. Sorry about not reply early. I will post right after finishing scanning. Thks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users