Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJ_VUNDO.HGO


  • This topic is locked This topic is locked
18 replies to this topic

#1 ricrac

ricrac

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 05 August 2009 - 05:34 PM

Trend Micro House Call diagnosed my box as having this Malware. Here is RSIT log.
Any assistance appreciated. Trend Micro's solution of deleting REG Keys does not match the malware files found on this box.
Thanks in advance.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rick at 2009-08-05 18:07:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (44%) free of 114 GB
Total RAM: 2430 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:32 PM, on 8/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System\CmFlywav.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rick\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fuse.net/windwood
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {933defff-8770-4480-9460-f0895fceea48} - C:\WINDOWS\system32\bayunivu.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [sifewuhura] Rundll32.exe "C:\WINDOWS\system32\mofawulo.dll",s
O4 - HKLM\..\Run: [CPMcfa91305] Rundll32.exe "c:\windows\system32\detujedu.dll",a
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S110.tmp"
O4 - HKUS\S-1-5-19\..\Run: [sifewuhura] Rundll32.exe "C:\WINDOWS\system32\mofawulo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sifewuhura] Rundll32.exe "C:\WINDOWS\system32\mofawulo.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221057294429
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202391765640
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\niwogepi.dll c:\windows\system32\detujedu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\detujedu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\detujedu.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7567 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-28 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{933defff-8770-4480-9460-f0895fceea48}]
C:\WINDOWS\system32\bayunivu.dll [2009-05-03 50176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"EPSON Stylus Photo 2200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-25 1948440]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-08-19 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"CmFlywaveName"=C:\WINDOWS\System\CmFlywav.exe [2007-10-05 283466]
"sifewuhura"=C:\WINDOWS\system32\mofawulo.dll [2009-05-03 50176]
"CPMcfa91305"=c:\windows\system32\detujedu.dll [2009-08-05 85504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EPSON Stylus Photo 2200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMcfa91305]
c:\windows\system32\tezojuyu.dll [2009-08-04 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
C:\Program Files\Intel Audio Studio\\INTELAUDIOSTUDIO.EXE TRAY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Registration Reminder]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sifewuhura]
C:\WINDOWS\system32\mofawulo.dll [2009-05-03 50176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-17 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMem]
C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe [2007-04-03 507392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logo Calibration Loader.lnk]
C:\PROGRA~1\GRETAG~1\i1\EYE-ON~1\CALIBR~1\CALIBR~1.EXE [2005-04-29 540672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ProfileReminder.lnk]
C:\PROGRA~1\GRETAG~1\i1\EYE-ON~1\PROFIL~1.EXE [2005-04-29 786432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
C:\Documents and Settings\Rick\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-01-13 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
C:\PROGRA~1\Memeo\AutoSync\MEMEOL~1.EXE [2007-07-06 125976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\niwogepi.dll c:\windows\system32\detujedu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-25 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1}
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\detujedu.dll [2009-08-05 85504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\detujedu.dll [2009-08-05 85504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\niwogepi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoStrCmpLogical"=00000000
"NoDrives"=02E0FF03
"NoRecentDocsNetHood"=01000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"G:\Setup.exe"="G:\Setup.exe:*:Enabled:Setup"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Documents and Settings\Rick\Application Data\Thunderbird\Profiles\wrpssa75.default\extensions\{83d1f945-8280-11db-96a7-00e08161165f}\spambayes\win\sbpython.exe"="C:\Documents and Settings\Rick\Application Data\Thunderbird\Profiles\wrpssa75.default\extensions\{83d1f945-8280-11db-96a7-00e08161165f}\spambayes\win\sbpython.exe:*:Enabled:sbpython"
"C:\Program Files\Lantern Manager\xshld894.tmp"="C:\Program Files\Lantern Manager\xshld894.tmp:*:Enabled:Lantern"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Documents and Settings\Rick\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Rick\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Spiceworks\bin\spiceworks.exe"="C:\Program Files\Spiceworks\bin\spiceworks.exe:*:Enabled:spiceworks"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Netscape\Communicator\Program\nsabppin.exe"="C:\Program Files\Netscape\Communicator\Program\nsabppin.exe:*:Disabled:Address Book Palm Sync Install"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\LANDesk\System Manager\BIN\ssm.exe"="C:\Program Files\LANDesk\System Manager\BIN\ssm.exe:*:Enabled:LANDesk® System Manager"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Spiceworks\bin\spiceworks-finder.exe"="C:\Program Files\Spiceworks\bin\spiceworks-finder.exe:*:Enabled:spiceworks-finder"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Rick\Local Settings\Temp\Temporary Directory 6 for WMB54G_V1.3_XP-and-Vista_SetupWizard,0.zip\WMB54G_20071113\Setup.exe"="C:\Documents and Settings\Rick\Local Settings\Temp\Temporary Directory 6 for WMB54G_V1.3_XP-and-Vista_SetupWizard,0.zip\WMB54G_20071113\Setup.exe:*:Enabled:Setup"
"C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe"="C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe:*:Enabled:SeaMonkey"
"C:\Documents and Settings\Rick\Desktop\Linksys\2.18 Firmware\WMB54G Firmware v2.18 Upgrade Utility\Setup.exe"="C:\Documents and Settings\Rick\Desktop\Linksys\2.18 Firmware\WMB54G Firmware v2.18 Upgrade Utility\Setup.exe:*:Enabled:Setup"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}]
shell\Auto\command - Cn911.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a804a158-1e84-11dd-95e4-0018f809c15a}]
shell\AutoRun\command - M:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-08-05 18:07:14 ----D---- C:\rsit
2009-08-05 17:17:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-26 18:49:41 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-07-15 07:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 07:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 07:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-13 09:28:20 ----D---- C:\Program Files\jv16 PowerTools 2009

======List of files/folders modified in the last 1 months======

2009-08-05 17:41:12 ----D---- C:\Program Files\Mozilla Firefox
2009-08-05 17:36:01 ----D---- C:\WINDOWS\system32\ias
2009-08-05 17:19:03 ----SHD---- C:\RECYCLER
2009-08-05 17:17:34 ----D---- C:\WINDOWS
2009-08-05 17:08:20 ----D---- C:\WINDOWS\system32
2009-08-05 16:50:42 ----D---- C:\WINDOWS\Temp
2009-08-05 13:47:48 ----D---- C:\DATA FILES
2009-08-05 13:33:27 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-05 08:55:43 ----ASH---- C:\WINDOWS\system32\detujedu.dll
2009-08-05 08:55:42 ----ASH---- C:\WINDOWS\system32\rezizafo.dll
2009-08-04 21:13:05 ----SHD---- C:\System Volume Information
2009-08-04 21:13:05 ----D---- C:\WINDOWS\system32\Restore
2009-08-04 20:59:11 ----SH---- C:\boot.ini
2009-08-04 20:59:11 ----A---- C:\WINDOWS\win.ini
2009-08-04 20:59:11 ----A---- C:\WINDOWS\system.ini
2009-08-04 20:55:36 ----ASH---- C:\WINDOWS\system32\gijeluhe.dll
2009-08-04 20:55:35 ----ASH---- C:\WINDOWS\system32\tezojuyu.dll
2009-08-04 20:55:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-04 20:24:20 ----D---- C:\Program Files\BearShare Applications
2009-08-04 10:32:09 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-04 09:05:33 ----HD---- C:\$AVG8.VAULT$
2009-08-04 08:57:40 ----D---- C:\Documents and Settings\Rick\Application Data\BearShare
2009-08-04 08:55:19 ----N---- C:\WINDOWS\system32\kawoyake.dll
2009-08-04 08:55:18 ----ASH---- C:\WINDOWS\system32\hikemavi.dll
2009-08-03 20:57:07 ----ASH---- C:\WINDOWS\system32\wobaheve.dll
2009-08-03 20:56:58 ----ASH---- C:\WINDOWS\system32\wepanibe.dll
2009-08-03 06:10:32 ----ASH---- C:\WINDOWS\system32\mawumure.dll
2009-08-03 06:10:31 ----ASH---- C:\WINDOWS\system32\pelabuse.dll
2009-08-02 22:59:30 ----D---- C:\Program Files\FTP Commander
2009-08-02 18:10:24 ----ASH---- C:\WINDOWS\system32\fimesoba.dll
2009-08-02 18:10:22 ----ASH---- C:\WINDOWS\system32\vufayigu.dll
2009-08-02 06:10:47 ----ASH---- C:\WINDOWS\system32\verigigo.dll
2009-08-02 06:10:16 ----ASH---- C:\WINDOWS\system32\kudatusa.dll
2009-08-02 06:10:16 ----ASH---- C:\WINDOWS\system32\jezopuki.dll
2009-08-01 18:10:05 ----ASH---- C:\WINDOWS\system32\rikajiro.dll
2009-08-01 18:10:04 ----ASH---- C:\WINDOWS\system32\hugezese.dll
2009-08-01 08:10:50 ----D---- C:\Documents and Settings\Rick\Application Data\LimeWire
2009-07-29 07:02:32 ----HD---- C:\WINDOWS\inf
2009-07-29 07:02:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 07:01:59 ----D---- C:\Program Files\Internet Explorer
2009-07-29 07:00:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 07:00:28 ----SHD---- C:\WINDOWS\Installer
2009-07-29 07:00:28 ----D---- C:\WINDOWS\WinSxS
2009-07-28 19:20:48 ----A---- C:\WINDOWS\msicpl.ini
2009-07-28 11:52:49 ----D---- C:\WINDOWS\system32\drivers
2009-07-28 07:22:11 ----D---- C:\Documents and Settings\Rick\Application Data\Winamp
2009-07-27 13:34:36 ----D---- C:\Program Files\Winamp
2009-07-27 13:28:22 ----SD---- C:\WINDOWS\Tasks
2009-07-27 13:26:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-25 15:41:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-25 05:49:25 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-22 13:35:57 ----D---- C:\Program Files\RocketDock
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 07:05:42 ----A---- C:\WINDOWS\imsins.BAK
2009-07-13 09:28:20 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-28 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-03 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 PDIHWCTL;PDIHWCTL; \??\C:\WINDOWS\system32\drivers\pdihwctl.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmvad;Linksys Wireless-G Music Bridge Interface; C:\WINDOWS\system32\drivers\cmudaxv.sys [2007-03-29 1410240]
R3 Eplpdx02;Eplpdx02; \??\C:\WINDOWS\system32\Drivers\EPLPDX02.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-06 4968448]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2005-04-07 229720]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-10-25 17664]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RTL8023xp;Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\EG1032xp.sys [2005-02-01 71040]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2005-04-07 653960]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2005-04-07 13216]
R3 SMBios;Intel ® System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2004-06-07 36484]
R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2004-12-17 21248]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 DumaNT;NVIDIA Stereo Helper Service; C:\WINDOWS\system32\DRIVERS\dumant.sys []
S3 eyeonedp;eye-one display; C:\WINDOWS\system32\DRIVERS\eyeonedp.sys [2005-03-27 44344]
S3 FlexBios;FlexBIOS Service; \??\C:\WINDOWS\System32\Drivers\FlexBios.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 Invoker;Flash5 Invoker Service; \??\C:\WINDOWS\System32\Drivers\Invoker.sys []
S3 laguna;laguna; C:\WINDOWS\system32\DRIVERS\cl546xm.sys [2001-08-17 248064]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2005-04-07 1396048]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2005-04-07 100176]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-28 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-25 298776]
R2 EPSON_PM_RPCV2_02;EPSON V3 Service2(02); C:\WINDOWS\system32\E_S00RP2.EXE [2004-02-19 65536]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2005-04-07 57344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-04 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AutoSyncService;Memeo AutoSync ; C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-17 152984]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 07 August 2009 - 04:31 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 08 August 2009 - 10:12 AM

Here's the mbam log:


Malwarebytes' Anti-Malware 1.40
Database version: 2578
Windows 5.1.2600 Service Pack 3

8/8/2009 11:01:32 AM
mbam-log-2009-08-08 (11-01-32).txt

Scan type: Quick Scan
Objects scanned: 101084
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\goyutula.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lobofenu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\woheluba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\baborefe.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\zewewegi.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{933defff-8770-4480-9460-f0895fceea48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{933defff-8770-4480-9460-f0895fceea48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{933defff-8770-4480-9460-f0895fceea48} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sifewuhura (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmcfa91305 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\goyutula.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\goyutula.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\baborefe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\baborefe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\baborefe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\lobofenu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\goyutula.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\woheluba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\baborefe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\larihisu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\detujedu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dudeheru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nanuleya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pijavobe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wepanibe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zewewegi.dll (Trojan.Vundo) -> Delete on reboot.

#4 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 08 August 2009 - 10:25 AM

OTL Logfile:

OTL logfile created on: 8/8/2009 11:14:10 AM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Rick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 87.88% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 460 460 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 49.53 Gb Free Space | 44.31% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 178.71 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 88.68 Gb Free Space | 79.33% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 54.36 Gb Free Space | 18.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICK
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/06/30 15:05:00 | 00,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
PRC - [2009/06/25 08:19:26 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/06/25 08:19:20 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/19 14:26:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/01/29 16:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2002/07/17 05:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP2.EXE
PRC - [2008/06/19 17:42:44 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2007/10/05 12:22:38 | 00,283,466 | ---- | M] (C-Media) -- C:\WINDOWS\System\CmFlywav.exe
PRC - [2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/08/03 15:23:28 | 02,185,216 | ---- | M] () -- C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
PRC - [2005/04/07 18:54:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe
PRC - [2009/07/28 11:50:45 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/06/25 08:19:42 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/03 09:20:48 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/06/25 08:19:42 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/02/26 14:28:57 | 01,085,513 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WMB54G\WMB54G.EXE
PRC - [2009/08/03 13:36:10 | 01,295,632 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/08/04 20:35:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/08 11:13:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/07/06 18:28:44 | 00,031,768 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService [Disabled | Stopped])
SRV - [2009/07/28 11:50:45 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/25 08:19:20 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/01/29 16:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2002/07/17 05:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02 [Auto | Running])
SRV - [2008/04/04 10:29:24 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/17 16:23:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/04/07 18:54:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/07/28 11:50:53 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/25 08:19:42 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/03 09:20:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2007/03/29 11:25:18 | 01,410,240 | ---- | M] (C-Media Electronics Inc) -- C:\WINDOWS\System32\drivers\cmudaxv.sys -- (cmvad [On_Demand | Running])
DRV - [2001/08/09 14:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\System32\Drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
DRV - [2005/03/27 06:06:00 | 00,044,344 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\eyeonedp.sys -- (eyeonedp [On_Demand | Stopped])
DRV - [2004/10/12 15:56:06 | 00,033,148 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Drivers\FlexBios.sys -- (FlexBios [On_Demand | Stopped])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/01/06 20:00:08 | 04,968,448 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2004/10/12 15:56:06 | 00,034,004 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Drivers\Invoker.sys -- (Invoker [On_Demand | Stopped])
DRV - [2001/08/17 14:57:36 | 00,248,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\cl546xm.sys -- (laguna [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2005/04/07 18:53:00 | 00,229,720 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2005/04/07 18:53:00 | 01,396,048 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/10/25 15:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Running])
DRV - [2005/03/27 06:01:24 | 00,014,416 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pdihwctl.sys -- (PDIHWCTL [Auto | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/24 04:06:28 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/04/07 18:53:00 | 00,014,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2005/02/01 13:20:50 | 00,071,040 | ---- | M] (Linksys, A Division of Cisco Systems, Inc ) -- C:\WINDOWS\System32\DRIVERS\EG1032xp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007/11/13 04:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/04/07 18:54:00 | 00,653,960 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Running])
DRV - [2005/04/07 18:54:00 | 00,100,176 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2005/04/07 18:54:00 | 00,013,216 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [2004/06/07 14:43:51 | 00,036,484 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\SMBios.sys -- (SMBios [On_Demand | Running])
DRV - [2004/12/17 11:27:26 | 00,021,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\intelsmb.sys -- (smbusp [On_Demand | Running])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2008/02/01 16:07:23 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
IE - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.fuse.net/windwood
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\S-1-5-21-1417001333-362288127-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\S-1-5-21-1417001333-362288127-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.fuse.net/Windwood/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.026.001
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.4.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.9
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/25 08:22:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 16:23:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/04 08:11:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 20:36:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 20:36:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/27 10:22:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/18 10:34:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.11\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/06/18 10:33:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.11\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009/06/18 10:34:31 | 00,000,000 | ---D | M]

[2009/06/02 07:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions
[2008/07/15 17:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 07:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/08 07:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions
[2008/09/10 12:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/08/04 07:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/05 17:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/22 12:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/23 11:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/16 20:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/18 22:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\smartbookmarksbar@remy.juteau
[2008/11/12 09:56:33 | 00,002,749 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\FireFox\Profiles\n09yplyv.default\searchplugins\cuil.xml
[2009/08/08 07:04:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/25 06:37:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 16:24:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/04 20:35:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 20:35:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/17 16:23:12 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/04 20:35:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/29 08:23:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/29 08:23:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/25 10:06:35 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/04/29 08:23:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 08:23:02 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/29 08:23:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 08:23:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 08:23:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (290793 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10016 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe (C-Media)
O4 - HKLM..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003..\Run: [RemoveIT Pro v7Ent] C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe ()
O4 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeCaption =
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O7 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data]
O7 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 02 E0 FF 03 [binary data]
O7 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1221057294429 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1202391765640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.68.4.10 216.68.5.10
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - CLSID or File not found.
O24 - Desktop Components:0 () -
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/12 21:00:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\Shell - "" = AutoRun
O33 - MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\Shell\Auto\command - "" = Cn911.exe
O33 - MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a804a158-1e84-11dd-95e4-0018f809c15a}\Shell\AutoRun\command - "" = M:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/08 11:12:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2009/08/08 10:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\Malwarebytes
[2009/08/08 10:45:10 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/08 10:45:06 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/08 10:45:05 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/08 10:45:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/08 10:45:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/08 10:39:26 | 03,942,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick\Desktop\mbam-setup.exe
[2009/08/08 09:17:36 | 00,001,773 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\RemoveIT Pro v7 Enterprise (Trial).lnk
[2009/08/08 09:17:32 | 00,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2009/08/08 09:14:55 | 03,513,369 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\removeitpro_trial.exe
[2009/08/06 08:52:25 | 25,478,26688 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/05 18:07:14 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/05 18:06:48 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\RSIT.exe
[2009/08/04 10:53:16 | 00,847,768 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Rick\Desktop\avg_free_stb_all_8_30_cnet.exe
[2009/07/27 13:28:22 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
[2009/07/26 18:49:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/07/26 18:49:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/07/26 18:49:37 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/07/26 18:49:37 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/07/26 18:49:17 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/07/26 18:49:17 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/07/22 13:35:15 | 17,056,829 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\KitchenAid_Service_Manual.pdf
[2009/07/16 07:23:36 | 00,026,036 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\prefs.js
[2009/07/13 09:34:24 | 00,001,696 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\Buy jv16 PowerTools.lnk
[2009/07/13 09:28:48 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/13 09:28:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml
[2009/07/13 09:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2009
[2009/07/13 09:25:46 | 06,195,541 | ---- | C] (Macecraft Software ) -- C:\Documents and Settings\Rick\Desktop\jv16pt_setup_hb.exe
[2009/05/08 06:31:13 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\kelibomo.dll
[2009/05/07 10:09:44 | 00,083,968 | -HS- | C] () -- C:\WINDOWS\System32\keneluga.dll
[2009/05/07 10:09:44 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\desaruzi.dll
[2009/05/06 22:09:50 | 00,037,376 | -HS- | C] () -- C:\WINDOWS\System32\vopevade.dll
[2009/05/06 08:56:05 | 00,037,376 | -HS- | C] () -- C:\WINDOWS\System32\zanowapu.dll
[2009/05/05 08:55:41 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\rezizafo.dll
[2009/05/04 20:55:34 | 00,085,504 | -HS- | C] () -- C:\WINDOWS\System32\tezojuyu.dll
[2009/05/04 20:55:34 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\gijeluhe.dll
[2009/05/04 08:55:17 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\kawoyake.dll
[2009/05/04 08:55:17 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\hikemavi.dll
[2009/05/03 20:56:56 | 00,084,992 | -HS- | C] () -- C:\WINDOWS\System32\wobaheve.dll
[2009/05/03 06:10:30 | 00,083,968 | -HS- | C] () -- C:\WINDOWS\System32\mawumure.dll
[2009/05/03 06:10:30 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\pelabuse.dll
[2009/05/02 18:10:21 | 00,084,480 | -HS- | C] () -- C:\WINDOWS\System32\fimesoba.dll
[2009/05/02 18:10:21 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\vufayigu.dll
[2009/05/02 06:10:15 | 00,084,480 | -HS- | C] () -- C:\WINDOWS\System32\kudatusa.dll
[2009/05/02 06:10:15 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\verigigo.dll
[2009/05/02 06:10:14 | 00,037,376 | -HS- | C] () -- C:\WINDOWS\System32\jezopuki.dll
[2009/05/01 18:10:03 | 00,083,968 | -HS- | C] () -- C:\WINDOWS\System32\rikajiro.dll
[2009/05/01 18:10:03 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\hugezese.dll
[2009/02/26 14:31:30 | 00,274,490 | ---- | C] () -- C:\WINDOWS\System32\flac.dll
[2009/02/26 14:31:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\WMB54G.dll
[2009/02/26 14:31:29 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\cmaudiow.dll
[2009/02/26 14:31:29 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\cmrmdrvw.dll
[2009/01/04 14:11:22 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\CISMBIOS.SYS
[2008/12/08 11:01:02 | 00,000,077 | ---- | C] () -- C:\WINDOWS\mydebug.ini
[2008/11/30 09:25:22 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/09/01 10:54:40 | 00,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/17 17:19:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/06/09 11:51:23 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2008/06/09 11:51:23 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2008/06/09 11:51:23 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2008/06/09 11:51:23 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2008/06/09 11:30:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2008/06/09 11:30:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2008/06/09 11:26:52 | 01,396,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2008/06/09 11:26:52 | 00,653,960 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2008/06/09 11:26:52 | 00,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2008/06/09 11:26:52 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2008/06/09 11:26:52 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2008/06/09 11:26:52 | 00,100,176 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2008/06/09 11:26:52 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2008/06/09 11:26:52 | 00,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2008/06/09 11:26:52 | 00,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2008/04/29 23:28:35 | 00,000,803 | ---- | C] () -- C:\WINDOWS\ldp.INI
[2008/04/29 22:18:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/03/24 17:37:25 | 00,022,016 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2008/02/24 14:38:03 | 00,000,080 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2008/02/24 13:39:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2008/01/02 20:11:42 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/07 01:51:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/07 01:51:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/07 01:51:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/07 01:51:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/07 01:51:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/29 17:50:20 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/10/14 15:23:15 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/14 13:53:54 | 00,000,030 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2007/10/13 14:28:41 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2007/10/13 14:28:41 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2007/10/13 14:28:41 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2007/10/13 13:59:22 | 00,000,138 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/10/13 11:41:37 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007/10/13 11:41:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007/10/13 11:41:37 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007/10/13 11:40:36 | 00,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2005/03/27 06:06:00 | 00,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2004/08/04 08:00:00 | 00,000,385 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/16 20:35:47 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\anti_deb.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/08/08 11:13:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2009/08/08 11:07:06 | 00,000,438 | ---- | M] () -- C:\WINDOWS\System\Flywave.dll
[2009/08/08 11:06:47 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/08 11:05:38 | 00,177,382 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/08 11:04:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/08 11:04:43 | 25,478,26688 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/08 11:00:26 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dujivava
[2009/08/08 10:45:10 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/08 10:44:18 | 03,942,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick\Desktop\mbam-setup.exe
[2009/08/08 09:17:36 | 00,001,773 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\RemoveIT Pro v7 Enterprise (Trial).lnk
[2009/08/08 09:17:02 | 03,513,369 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\removeitpro_trial.exe
[2009/08/08 06:31:15 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\kelibomo.dll
[2009/08/07 10:09:47 | 00,083,968 | -HS- | M] () -- C:\WINDOWS\System32\keneluga.dll
[2009/08/07 10:09:46 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\desaruzi.dll
[2009/08/06 22:09:51 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\vopevade.dll
[2009/08/06 09:21:40 | 00,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009/08/06 08:56:06 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\zanowapu.dll
[2009/08/05 18:06:53 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\RSIT.exe
[2009/08/05 08:55:42 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\rezizafo.dll
[2009/08/04 20:59:11 | 00,000,385 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/04 20:59:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/04 20:59:11 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/04 20:55:36 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\gijeluhe.dll
[2009/08/04 20:55:35 | 00,085,504 | -HS- | M] () -- C:\WINDOWS\System32\tezojuyu.dll
[2009/08/04 10:53:16 | 00,847,768 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Rick\Desktop\avg_free_stb_all_8_30_cnet.exe
[2009/08/04 08:55:19 | 00,085,504 | ---- | M] () -- C:\WINDOWS\System32\kawoyake.dll
[2009/08/04 08:55:18 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\hikemavi.dll
[2009/08/03 20:57:07 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\wobaheve.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 06:10:32 | 00,083,968 | -HS- | M] () -- C:\WINDOWS\System32\mawumure.dll
[2009/08/03 06:10:31 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\pelabuse.dll
[2009/08/02 18:10:24 | 00,084,480 | -HS- | M] () -- C:\WINDOWS\System32\fimesoba.dll
[2009/08/02 18:10:22 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\vufayigu.dll
[2009/08/02 10:03:32 | 00,000,000 | ---- | M] () -- C:\testwma.raw
[2009/08/02 06:10:47 | 00,050,176 | -HS- | M] () -- C:\WINDOWS\System32\verigigo.dll
[2009/08/02 06:10:16 | 00,084,480 | -HS- | M] () -- C:\WINDOWS\System32\kudatusa.dll
[2009/08/02 06:10:16 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\jezopuki.dll
[2009/08/01 18:10:05 | 00,083,968 | -HS- | M] () -- C:\WINDOWS\System32\rikajiro.dll
[2009/08/01 18:10:04 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\hugezese.dll
[2009/08/01 09:23:08 | 39,444,481 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/01 09:23:08 | 00,056,075 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/28 19:20:48 | 00,000,138 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2009/07/28 11:50:53 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/27 13:28:24 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
[2009/07/25 05:49:25 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/22 13:35:17 | 17,056,829 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\KitchenAid_Service_Manual.pdf
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/15 07:06:23 | 00,026,036 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\prefs.js
[2009/07/15 07:05:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/13 09:34:24 | 00,001,696 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\Buy jv16 PowerTools.lnk
[2009/07/13 09:28:48 | 00,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/13 09:28:48 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml
[2009/07/13 09:27:01 | 06,195,541 | ---- | M] (Macecraft Software ) -- C:\Documents and Settings\Rick\Desktop\jv16pt_setup_hb.exe
[2009/07/10 23:09:44 | 00,038,680 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/07/10 07:00:29 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

#5 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 08 August 2009 - 10:36 AM

Sam,
Here's the logs. Thanks for the help.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 08 August 2009 - 12:37 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKU\S-1-5-21-1417001333-362288127-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O33 - MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\Shell - "" = AutoRun
    O33 - MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\Shell\Auto\command - "" = Cn911.exe
    O33 - MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\Shell\AutoRun - "" = Auto&Play
    
    :Files
    C:\WINDOWS\System32\kelibomo.dll
    C:\WINDOWS\System32\keneluga.dll
    C:\WINDOWS\System32\desaruzi.dll
    C:\WINDOWS\System32\vopevade.dll
    C:\WINDOWS\System32\zanowapu.dll
    C:\WINDOWS\System32\rezizafo.dll
    C:\WINDOWS\System32\tezojuyu.dll
    C:\WINDOWS\System32\gijeluhe.dll
    C:\WINDOWS\System32\kawoyake.dll
    C:\WINDOWS\System32\hikemavi.dll
    C:\WINDOWS\System32\wobaheve.dll
    C:\WINDOWS\System32\mawumure.dll
    C:\WINDOWS\System32\pelabuse.dll
    C:\WINDOWS\System32\fimesoba.dll
    C:\WINDOWS\System32\vufayigu.dll
    C:\WINDOWS\System32\kudatusa.dll
    C:\WINDOWS\System32\verigigo.dll
    C:\WINDOWS\System32\jezopuki.dll
    C:\WINDOWS\System32\rikajiro.dll
    C:\WINDOWS\System32\hugezese.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 08 August 2009 - 04:14 PM

O.K. Here's the OTL Fix from the code you posted:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_USERS\S-1-5-21-1417001333-362288127-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c82a57b-98f9-11dc-958c-0018f809c15a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c82a57b-98f9-11dc-958c-0018f809c15a}\ not found.
File Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c82a57b-98f9-11dc-958c-0018f809c15a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c82a57b-98f9-11dc-958c-0018f809c15a}\ not found.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kelibomo.dll
C:\WINDOWS\System32\kelibomo.dll NOT unregistered.
C:\WINDOWS\System32\kelibomo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\keneluga.dll
C:\WINDOWS\System32\keneluga.dll NOT unregistered.
C:\WINDOWS\System32\keneluga.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\desaruzi.dll
C:\WINDOWS\System32\desaruzi.dll NOT unregistered.
C:\WINDOWS\System32\desaruzi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vopevade.dll
C:\WINDOWS\System32\vopevade.dll NOT unregistered.
C:\WINDOWS\System32\vopevade.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\zanowapu.dll
C:\WINDOWS\System32\zanowapu.dll NOT unregistered.
C:\WINDOWS\System32\zanowapu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rezizafo.dll
C:\WINDOWS\System32\rezizafo.dll NOT unregistered.
C:\WINDOWS\System32\rezizafo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tezojuyu.dll
C:\WINDOWS\System32\tezojuyu.dll NOT unregistered.
C:\WINDOWS\System32\tezojuyu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\gijeluhe.dll
C:\WINDOWS\System32\gijeluhe.dll NOT unregistered.
C:\WINDOWS\System32\gijeluhe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kawoyake.dll
C:\WINDOWS\System32\kawoyake.dll NOT unregistered.
C:\WINDOWS\System32\kawoyake.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hikemavi.dll
C:\WINDOWS\System32\hikemavi.dll NOT unregistered.
C:\WINDOWS\System32\hikemavi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wobaheve.dll
C:\WINDOWS\System32\wobaheve.dll NOT unregistered.
C:\WINDOWS\System32\wobaheve.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mawumure.dll
C:\WINDOWS\System32\mawumure.dll NOT unregistered.
C:\WINDOWS\System32\mawumure.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pelabuse.dll
C:\WINDOWS\System32\pelabuse.dll NOT unregistered.
C:\WINDOWS\System32\pelabuse.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fimesoba.dll
C:\WINDOWS\System32\fimesoba.dll NOT unregistered.
C:\WINDOWS\System32\fimesoba.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vufayigu.dll
C:\WINDOWS\System32\vufayigu.dll NOT unregistered.
C:\WINDOWS\System32\vufayigu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kudatusa.dll
C:\WINDOWS\System32\kudatusa.dll NOT unregistered.
C:\WINDOWS\System32\kudatusa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\verigigo.dll
C:\WINDOWS\System32\verigigo.dll NOT unregistered.
C:\WINDOWS\System32\verigigo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jezopuki.dll
C:\WINDOWS\System32\jezopuki.dll NOT unregistered.
C:\WINDOWS\System32\jezopuki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rikajiro.dll
C:\WINDOWS\System32\rikajiro.dll NOT unregistered.
C:\WINDOWS\System32\rikajiro.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hugezese.dll
C:\WINDOWS\System32\hugezese.dll NOT unregistered.
C:\WINDOWS\System32\hugezese.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 790076 bytes
->Temporary Internet Files folder emptied: 341708 bytes
->FireFox cache emptied: 3090391 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 7622355 bytes

User: Guest
->Temp folder emptied: 234042 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 35078 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Rick
->Temp folder emptied: 1718625433 bytes
->Temporary Internet Files folder emptied: 55648112 bytes
->Java cache emptied: 53336748 bytes
->FireFox cache emptied: 99954993 bytes
->Google Chrome cache emptied: 6042513 bytes
->Opera cache emptied: 114444177 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\NV11641944.TMP folder deleted successfully.
C:\WINDOWS\NV39323940.TMP folder deleted successfully.
%systemroot% .tmp files removed: 5254589 bytes
%systemroot%\System32 .tmp files removed: 1162836 bytes
Windows Temp folder emptied: 2422154 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1973.28 mb


OTL by OldTimer - Version 3.0.10.5 log created on 08082009_170518

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#8 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 08 August 2009 - 04:29 PM

.....and here's a fresh OTL Scan Log; and thanks again.

OTL logfile created on: 8/8/2009 5:15:34 PM - Run 2
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Rick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.59% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 460 460 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 51.45 Gb Free Space | 46.03% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 178.71 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 88.68 Gb Free Space | 79.33% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 54.36 Gb Free Space | 18.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1.89 Gb Total Space | 0.61 Gb Free Space | 32.48% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: RICK
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/25 08:19:20 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2002/01/29 16:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2002/07/17 05:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP2.EXE
PRC - [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/06/25 08:19:42 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/03 09:20:48 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2005/04/07 18:54:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe
PRC - [2009/07/28 11:50:45 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/06/25 08:19:42 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2002/06/30 15:05:00 | 00,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
PRC - [2009/06/25 08:19:26 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/08/19 14:26:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/06/19 17:42:44 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2007/10/05 12:22:38 | 00,283,466 | ---- | M] (C-Media) -- C:\WINDOWS\System\CmFlywav.exe
PRC - [2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2009/08/03 15:23:28 | 02,185,216 | ---- | M] () -- C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
PRC - [2006/12/05 13:00:28 | 00,061,516 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\System\CMAS2DS.EXE
PRC - [2009/02/26 14:28:57 | 01,085,513 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WMB54G\WMB54G.EXE
PRC - [2009/08/08 11:13:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/07/06 18:28:44 | 00,031,768 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService [Disabled | Stopped])
SRV - [2009/07/28 11:50:45 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/25 08:19:20 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/01/29 16:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2002/07/17 05:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02 [Auto | Running])
SRV - [2008/04/04 10:29:24 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/17 16:23:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/04/07 18:54:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/07/28 11:50:53 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/25 08:19:42 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/03 09:20:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2007/03/29 11:25:18 | 01,410,240 | ---- | M] (C-Media Electronics Inc) -- C:\WINDOWS\System32\drivers\cmudaxv.sys -- (cmvad [On_Demand | Running])
DRV - [2001/08/09 14:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\System32\Drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
DRV - [2005/03/27 06:06:00 | 00,044,344 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\eyeonedp.sys -- (eyeonedp [On_Demand | Stopped])
DRV - [2004/10/12 15:56:06 | 00,033,148 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Drivers\FlexBios.sys -- (FlexBios [On_Demand | Stopped])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/01/06 20:00:08 | 04,968,448 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2004/10/12 15:56:06 | 00,034,004 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Drivers\Invoker.sys -- (Invoker [On_Demand | Stopped])
DRV - [2001/08/17 14:57:36 | 00,248,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\cl546xm.sys -- (laguna [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2005/04/07 18:53:00 | 00,229,720 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2005/04/07 18:53:00 | 01,396,048 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/10/25 15:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Running])
DRV - [2005/03/27 06:01:24 | 00,014,416 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pdihwctl.sys -- (PDIHWCTL [Auto | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/24 04:06:28 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/04/07 18:53:00 | 00,014,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2005/02/01 13:20:50 | 00,071,040 | ---- | M] (Linksys, A Division of Cisco Systems, Inc ) -- C:\WINDOWS\System32\DRIVERS\EG1032xp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007/11/13 04:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/04/07 18:54:00 | 00,653,960 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Running])
DRV - [2005/04/07 18:54:00 | 00,100,176 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2005/04/07 18:54:00 | 00,013,216 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [2004/06/07 14:43:51 | 00,036,484 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\SMBios.sys -- (SMBios [On_Demand | Running])
DRV - [2004/12/17 11:27:26 | 00,021,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\intelsmb.sys -- (smbusp [On_Demand | Running])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2008/02/01 16:07:23 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.fuse.net/windwood
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.fuse.net/Windwood/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.026.001
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.4.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.9
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/25 08:22:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 16:23:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/04 08:11:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 20:36:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 20:36:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/27 10:22:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/18 10:34:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.11\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/06/18 10:33:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.11\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009/06/18 10:34:31 | 00,000,000 | ---D | M]

[2009/06/02 07:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions
[2008/07/15 17:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 07:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/08 07:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions
[2008/09/10 12:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/08/04 07:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/05 17:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/22 12:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/23 11:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/16 20:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/18 22:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\smartbookmarksbar@remy.juteau
[2008/11/12 09:56:33 | 00,002,749 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\FireFox\Profiles\n09yplyv.default\searchplugins\cuil.xml
[2009/08/08 07:04:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/25 06:37:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 16:24:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/04 20:35:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 20:35:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/17 16:23:12 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/04 20:35:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/29 08:23:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/29 08:23:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/25 10:06:35 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/04/29 08:23:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 08:23:02 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/29 08:23:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 08:23:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 08:23:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (290793 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10016 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe (C-Media)
O4 - HKLM..\Run: [CPMcfa91305] C:\WINDOWS\System32\rikajiro.DLL File not found
O4 - HKLM..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [RemoveIT Pro v7Ent] C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeCaption =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 02 E0 FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1221057294429 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1202391765640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.68.4.10 216.68.5.10
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\keneluga.dll) - C:\WINDOWS\System32\keneluga.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\tezojuyu.dll) - C:\WINDOWS\System32\tezojuyu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\kawoyake.dll) - C:\WINDOWS\System32\kawoyake.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\wobaheve.dll) - C:\WINDOWS\System32\wobaheve.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\mawumure.dll) - C:\WINDOWS\System32\mawumure.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\fimesoba.dll) - C:\WINDOWS\System32\fimesoba.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\kudatusa.dll) - C:\WINDOWS\System32\kudatusa.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\rikajiro.dll) - C:\WINDOWS\System32\rikajiro.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\rikajiro.dll File not found
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - CLSID or File not found.
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\rikajiro.dll File not found
O24 - Desktop Components:0 () -
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/12 21:00:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a804a158-1e84-11dd-95e4-0018f809c15a}\Shell\AutoRun\command - "" = M:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/08 17:05:18 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/08 11:12:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2009/08/08 10:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\Malwarebytes
[2009/08/08 10:45:10 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/08 10:45:06 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/08 10:45:05 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/08 10:45:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/08 10:45:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/08 10:39:26 | 03,942,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick\Desktop\mbam-setup.exe
[2009/08/08 09:17:36 | 00,001,773 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\RemoveIT Pro v7 Enterprise (Trial).lnk
[2009/08/08 09:17:32 | 00,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2009/08/08 09:14:55 | 03,513,369 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\removeitpro_trial.exe
[2009/08/06 08:52:25 | 25,478,26688 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/05 18:07:14 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/05 18:06:48 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\RSIT.exe
[2009/08/04 10:53:16 | 00,847,768 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Rick\Desktop\avg_free_stb_all_8_30_cnet.exe
[2009/07/27 13:28:22 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
[2009/07/26 18:49:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/07/26 18:49:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/07/26 18:49:37 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/07/26 18:49:37 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/07/26 18:49:17 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/07/26 18:49:17 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/07/22 13:35:15 | 17,056,829 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\KitchenAid_Service_Manual.pdf
[2009/07/16 07:23:36 | 00,026,036 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\prefs.js
[2009/07/13 09:34:24 | 00,001,696 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\Buy jv16 PowerTools.lnk
[2009/07/13 09:28:48 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/13 09:28:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml
[2009/07/13 09:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2009
[2009/07/13 09:25:46 | 06,195,541 | ---- | C] (Macecraft Software ) -- C:\Documents and Settings\Rick\Desktop\jv16pt_setup_hb.exe
[2009/02/26 14:31:30 | 00,274,490 | ---- | C] () -- C:\WINDOWS\System32\flac.dll
[2009/02/26 14:31:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\WMB54G.dll
[2009/02/26 14:31:29 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\cmaudiow.dll
[2009/02/26 14:31:29 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\cmrmdrvw.dll
[2009/01/04 14:11:22 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\CISMBIOS.SYS
[2008/12/08 11:01:02 | 00,000,077 | ---- | C] () -- C:\WINDOWS\mydebug.ini
[2008/11/30 09:25:22 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/09/01 10:54:40 | 00,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/17 17:19:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/06/09 11:51:23 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2008/06/09 11:51:23 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2008/06/09 11:51:23 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2008/06/09 11:51:23 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2008/06/09 11:30:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2008/06/09 11:30:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2008/06/09 11:26:52 | 01,396,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2008/06/09 11:26:52 | 00,653,960 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2008/06/09 11:26:52 | 00,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2008/06/09 11:26:52 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2008/06/09 11:26:52 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2008/06/09 11:26:52 | 00,100,176 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2008/06/09 11:26:52 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2008/06/09 11:26:52 | 00,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2008/06/09 11:26:52 | 00,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2008/04/29 23:28:35 | 00,000,803 | ---- | C] () -- C:\WINDOWS\ldp.INI
[2008/04/29 22:18:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/03/24 17:37:25 | 00,022,016 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2008/02/24 14:38:03 | 00,000,080 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2008/02/24 13:39:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2008/01/02 20:11:42 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/07 01:51:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/07 01:51:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/07 01:51:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/07 01:51:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/07 01:51:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/29 17:50:20 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/10/14 15:23:15 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/14 13:53:54 | 00,000,030 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2007/10/13 14:28:41 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2007/10/13 14:28:41 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2007/10/13 14:28:41 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2007/10/13 13:59:22 | 00,000,138 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/10/13 11:41:37 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007/10/13 11:41:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007/10/13 11:41:37 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007/10/13 11:40:36 | 00,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2005/03/27 06:06:00 | 00,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2004/08/04 08:00:00 | 00,000,385 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/16 20:35:47 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\anti_deb.dll

========== Files - Modified Within 30 Days ==========

[2009/08/08 17:11:19 | 00,000,439 | ---- | M] () -- C:\WINDOWS\System\Flywave.dll
[2009/08/08 17:10:34 | 00,177,382 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/08 17:10:16 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/08 17:08:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/08 17:08:41 | 25,478,26688 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/08 11:13:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2009/08/08 11:00:26 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dujivava
[2009/08/08 10:45:10 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/08 10:44:18 | 03,942,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick\Desktop\mbam-setup.exe
[2009/08/08 09:17:36 | 00,001,773 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\RemoveIT Pro v7 Enterprise (Trial).lnk
[2009/08/08 09:17:02 | 03,513,369 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\removeitpro_trial.exe
[2009/08/06 09:21:40 | 00,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009/08/05 18:06:53 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\RSIT.exe
[2009/08/04 20:59:11 | 00,000,385 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/04 20:59:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/04 20:59:11 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/04 10:53:16 | 00,847,768 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Rick\Desktop\avg_free_stb_all_8_30_cnet.exe
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 10:03:32 | 00,000,000 | ---- | M] () -- C:\testwma.raw
[2009/08/01 09:23:08 | 39,444,481 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/01 09:23:08 | 00,056,075 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/28 19:20:48 | 00,000,138 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2009/07/28 11:50:53 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/27 13:28:24 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
[2009/07/25 05:49:25 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/22 13:35:17 | 17,056,829 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\KitchenAid_Service_Manual.pdf
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/15 07:06:23 | 00,026,036 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\prefs.js
[2009/07/15 07:05:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/13 09:34:24 | 00,001,696 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\Buy jv16 PowerTools.lnk
[2009/07/13 09:28:48 | 00,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/13 09:28:48 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml
[2009/07/13 09:27:01 | 06,195,541 | ---- | M] (Macecraft Software ) -- C:\Documents and Settings\Rick\Desktop\jv16pt_setup_hb.exe
[2009/07/10 23:09:44 | 00,038,680 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/07/10 07:00:29 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 09 August 2009 - 08:50 AM

We're making progress! :thumbup2:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - AppInit_DLLs: (c:\windows\system32\keneluga.dll) - C:\WINDOWS\System32\keneluga.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\tezojuyu.dll) - C:\WINDOWS\System32\tezojuyu.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\kawoyake.dll) - C:\WINDOWS\System32\kawoyake.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\wobaheve.dll) - C:\WINDOWS\System32\wobaheve.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\mawumure.dll) - C:\WINDOWS\System32\mawumure.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\fimesoba.dll) - C:\WINDOWS\System32\fimesoba.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\kudatusa.dll) - C:\WINDOWS\System32\kudatusa.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\rikajiro.dll) - C:\WINDOWS\System32\rikajiro.dll File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\rikajiro.dll File not found
    O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - CLSID or File not found.
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\rikajiro.dll File not found
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

=================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Let me know how your computer is behaving now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 09 August 2009 - 03:24 PM

Sam,
System is still a little slow, especially on start up and I find the following in MSCONFIG Start up Tab ".....sytem32/tezojuyu.dll and ....system32/mofawulo.dll. I ran OTL with your code and it did not generate a log for me to copy. Looked in a couple places for copies, did not find, so ran a new OTL scan and here it is:

OTL logfile created on: 8/9/2009 4:08:03 PM - Run 3
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Rick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 95.45% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 460 460 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 56.17 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 178.71 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 86.89 Gb Free Space | 77.73% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 53.47 Gb Free Space | 17.94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICK
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2002/01/29 16:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2002/07/17 05:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP2.EXE
PRC - [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/04/07 18:54:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/06/30 15:05:00 | 00,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
PRC - [2008/08/19 14:26:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/06/19 17:42:44 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2007/10/05 12:22:38 | 00,283,466 | ---- | M] (C-Media) -- C:\WINDOWS\System\CmFlywav.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/12/05 13:00:28 | 00,061,516 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\System\CMAS2DS.EXE
PRC - [2009/02/26 14:28:57 | 01,085,513 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WMB54G\WMB54G.EXE
PRC - [2009/08/09 15:52:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
PRC - [2009/08/04 20:35:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/07/06 18:28:44 | 00,031,768 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService [Disabled | Stopped])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/01/29 16:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2002/07/17 05:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02 [Auto | Running])
SRV - [2008/04/04 10:29:24 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/17 16:23:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/04/07 18:54:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/03/29 11:25:18 | 01,410,240 | ---- | M] (C-Media Electronics Inc) -- C:\WINDOWS\System32\drivers\cmudaxv.sys -- (cmvad [On_Demand | Running])
DRV - [2001/08/09 14:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\System32\Drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
DRV - [2005/03/27 06:06:00 | 00,044,344 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\eyeonedp.sys -- (eyeonedp [On_Demand | Stopped])
DRV - [2004/10/12 15:56:06 | 00,033,148 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Drivers\FlexBios.sys -- (FlexBios [On_Demand | Stopped])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/01/06 20:00:08 | 04,968,448 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2004/10/12 15:56:06 | 00,034,004 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Drivers\Invoker.sys -- (Invoker [On_Demand | Stopped])
DRV - [2001/08/17 14:57:36 | 00,248,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\cl546xm.sys -- (laguna [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2005/04/07 18:53:00 | 00,229,720 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2005/04/07 18:53:00 | 01,396,048 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/10/25 15:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Running])
DRV - [2005/03/27 06:01:24 | 00,014,416 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pdihwctl.sys -- (PDIHWCTL [Auto | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/24 04:06:28 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/04/07 18:53:00 | 00,014,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2005/02/01 13:20:50 | 00,071,040 | ---- | M] (Linksys, A Division of Cisco Systems, Inc ) -- C:\WINDOWS\System32\DRIVERS\EG1032xp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007/11/13 04:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/04/07 18:54:00 | 00,653,960 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Running])
DRV - [2005/04/07 18:54:00 | 00,100,176 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2005/04/07 18:54:00 | 00,013,216 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [2004/06/07 14:43:51 | 00,036,484 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\SMBios.sys -- (SMBios [On_Demand | Running])
DRV - [2004/12/17 11:27:26 | 00,021,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\intelsmb.sys -- (smbusp [On_Demand | Running])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2008/02/01 16:07:23 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.fuse.net/windwood
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.fuse.net/Windwood/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.4.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.9
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 16:23:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 20:36:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 20:36:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/27 10:22:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/18 10:34:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.11\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/06/18 10:33:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.11\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009/06/18 10:34:31 | 00,000,000 | ---D | M]

[2009/06/02 07:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions
[2008/07/15 17:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 07:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/09 07:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions
[2008/09/10 12:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/08/04 07:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/05 17:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/22 12:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/23 11:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/16 20:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/18 22:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\smartbookmarksbar@remy.juteau
[2008/11/12 09:56:33 | 00,002,749 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\FireFox\Profiles\n09yplyv.default\searchplugins\cuil.xml
[2009/08/09 07:16:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/25 06:37:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 16:24:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/04 20:35:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 20:35:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/17 16:23:12 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/04 20:35:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/29 08:23:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/29 08:23:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/25 10:06:35 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/04/29 08:23:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 08:23:02 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/29 08:23:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 08:23:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (290793 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10016 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe (C-Media)
O4 - HKLM..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeCaption =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 02 E0 FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1221057294429 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1202391765640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.68.4.10 216.68.5.10
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/12 21:00:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a804a158-1e84-11dd-95e4-0018f809c15a}\Shell\AutoRun\command - "" = M:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/09 15:52:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2009/08/09 11:46:16 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/09 11:46:15 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/09 11:46:14 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/09 11:46:11 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/09 11:46:11 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/09 11:46:10 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/09 11:46:10 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/09 11:46:10 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/09 11:45:39 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/09 11:45:39 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/09 11:45:27 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/09 11:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/08/09 10:48:38 | 00,030,940 | ---- | C] () -- C:\Documents and Settings\Rick\My Documents\cc_20090809_104837.reg
[2009/08/09 10:47:16 | 00,242,580 | ---- | C] () -- C:\Documents and Settings\Rick\My Documents\cc_20090809_104713.reg
[2009/08/09 09:06:47 | 00,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
[2009/08/09 09:00:10 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/08/08 17:05:18 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/08 10:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\Malwarebytes
[2009/08/08 10:45:06 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/08 10:45:05 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/08 10:45:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/08 10:45:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/06 08:52:25 | 25,478,26688 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/05 18:07:14 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/27 13:28:22 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
[2009/07/26 18:49:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/07/26 18:49:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/07/26 18:49:37 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/07/26 18:49:37 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/07/26 18:49:17 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/07/26 18:49:17 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/07/16 07:23:36 | 00,026,036 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\prefs.js
[2009/07/13 09:28:48 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/13 09:28:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml
[2009/07/13 09:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2009
[2009/02/26 14:31:30 | 00,274,490 | ---- | C] () -- C:\WINDOWS\System32\flac.dll
[2009/02/26 14:31:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\WMB54G.dll
[2009/02/26 14:31:29 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\cmaudiow.dll
[2009/02/26 14:31:29 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\cmrmdrvw.dll
[2009/01/04 14:11:22 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\CISMBIOS.SYS
[2008/12/08 11:01:02 | 00,000,077 | ---- | C] () -- C:\WINDOWS\mydebug.ini
[2008/11/30 09:25:22 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/09/01 10:54:40 | 00,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/17 17:19:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/06/09 11:51:23 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2008/06/09 11:51:23 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2008/06/09 11:51:23 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2008/06/09 11:51:23 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2008/06/09 11:30:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2008/06/09 11:30:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2008/06/09 11:26:52 | 01,396,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2008/06/09 11:26:52 | 00,653,960 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2008/06/09 11:26:52 | 00,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2008/06/09 11:26:52 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2008/06/09 11:26:52 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2008/06/09 11:26:52 | 00,100,176 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2008/06/09 11:26:52 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2008/06/09 11:26:52 | 00,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2008/06/09 11:26:52 | 00,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2008/04/29 23:28:35 | 00,000,803 | ---- | C] () -- C:\WINDOWS\ldp.INI
[2008/04/29 22:18:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/03/24 17:37:25 | 00,022,016 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2008/02/24 14:38:03 | 00,000,080 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2008/02/24 13:39:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2008/01/02 20:11:42 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/07 01:51:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/07 01:51:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/07 01:51:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/07 01:51:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/07 01:51:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/29 17:50:20 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/10/14 15:23:15 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/14 13:53:54 | 00,000,030 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2007/10/13 14:28:41 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2007/10/13 14:28:41 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2007/10/13 14:28:41 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2007/10/13 13:59:22 | 00,000,138 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/10/13 11:41:37 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007/10/13 11:41:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007/10/13 11:41:37 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007/10/13 11:40:36 | 00,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2005/03/27 06:06:00 | 00,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2004/08/04 08:00:00 | 00,000,385 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/16 20:35:47 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\anti_deb.dll

========== Files - Modified Within 30 Days ==========

[2009/08/09 16:01:35 | 00,000,439 | ---- | M] () -- C:\WINDOWS\System\Flywave.dll
[2009/08/09 16:01:02 | 00,177,382 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/09 16:00:53 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/09 15:56:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/09 15:56:10 | 25,478,26688 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/09 15:52:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2009/08/09 11:46:10 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/09 10:48:49 | 00,030,940 | ---- | M] () -- C:\Documents and Settings\Rick\My Documents\cc_20090809_104837.reg
[2009/08/09 10:47:40 | 00,242,580 | ---- | M] () -- C:\Documents and Settings\Rick\My Documents\cc_20090809_104713.reg
[2009/08/09 09:27:18 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/08 11:00:26 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dujivava
[2009/08/06 09:21:40 | 00,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009/08/04 20:59:11 | 00,000,385 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/04 20:59:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/04 20:59:11 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 10:03:32 | 00,000,000 | ---- | M] () -- C:\testwma.raw
[2009/07/28 19:20:48 | 00,000,138 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2009/07/27 13:28:24 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/15 07:06:23 | 00,026,036 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\prefs.js
[2009/07/15 07:05:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/13 09:28:48 | 00,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/13 09:28:48 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml
[2009/07/10 23:09:44 | 00,038,680 | ---- | M] () -- C:\WINDOWS\nsreg.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

#11 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 09 August 2009 - 04:03 PM

Sam,
Ran the code again. This time got a log. Here she is:

========== OTL ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\keneluga.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\tezojuyu.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kawoyake.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\wobaheve.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\mawumure.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fimesoba.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kudatusa.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\rikajiro.dll scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\UPnPMonitor not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e57ce738-33e8-4c51-8354-bb4de9d215d1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.0.10.5 log created on 08092009_165328

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\keneluga.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\tezojuyu.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kawoyake.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\wobaheve.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\mawumure.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fimesoba.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kudatusa.dll scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\rikajiro.dll scheduled to be deleted on reboot.

#12 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 09 August 2009 - 04:33 PM

Here's a new OTL Log:

OTL logfile created on: 8/9/2009 5:04:04 PM - Run 4
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Rick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.69% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 460 460 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 56.16 Gb Free Space | 50.24% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 178.71 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 86.89 Gb Free Space | 77.73% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 53.47 Gb Free Space | 17.94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICK
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/01/29 16:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2002/07/17 05:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP2.EXE
PRC - [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/04/07 18:54:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2002/06/30 15:05:00 | 00,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
PRC - [2008/08/19 14:26:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/06/19 17:42:44 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2007/10/05 12:22:38 | 00,283,466 | ---- | M] (C-Media) -- C:\WINDOWS\System\CmFlywav.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/12/05 13:00:28 | 00,061,516 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\System\CMAS2DS.EXE
PRC - [2009/02/26 14:28:57 | 01,085,513 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WMB54G\WMB54G.EXE
PRC - [2009/08/04 20:35:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/09 15:52:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/07/06 18:28:44 | 00,031,768 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService [Disabled | Stopped])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/01/29 16:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2002/07/17 05:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2004/02/19 03:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02 [Auto | Running])
SRV - [2008/04/04 10:29:24 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/17 16:23:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/04/07 18:54:00 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/03/29 11:25:18 | 01,410,240 | ---- | M] (C-Media Electronics Inc) -- C:\WINDOWS\System32\drivers\cmudaxv.sys -- (cmvad [On_Demand | Running])
DRV - [2001/08/09 14:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\System32\Drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
DRV - [2005/03/27 06:06:00 | 00,044,344 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\eyeonedp.sys -- (eyeonedp [On_Demand | Stopped])
DRV - [2004/10/12 15:56:06 | 00,033,148 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Drivers\FlexBios.sys -- (FlexBios [On_Demand | Stopped])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/01/06 20:00:08 | 04,968,448 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2004/10/12 15:56:06 | 00,034,004 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Drivers\Invoker.sys -- (Invoker [On_Demand | Stopped])
DRV - [2001/08/17 14:57:36 | 00,248,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\cl546xm.sys -- (laguna [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2005/04/07 18:53:00 | 00,229,720 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2005/04/07 18:53:00 | 01,396,048 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/10/25 15:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Running])
DRV - [2005/03/27 06:01:24 | 00,014,416 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pdihwctl.sys -- (PDIHWCTL [Auto | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/24 04:06:28 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/04/07 18:53:00 | 00,014,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2005/02/01 13:20:50 | 00,071,040 | ---- | M] (Linksys, A Division of Cisco Systems, Inc ) -- C:\WINDOWS\System32\DRIVERS\EG1032xp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007/11/13 04:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/04/07 18:54:00 | 00,653,960 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Running])
DRV - [2005/04/07 18:54:00 | 00,100,176 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2005/04/07 18:54:00 | 00,013,216 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [2004/06/07 14:43:51 | 00,036,484 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\SMBios.sys -- (SMBios [On_Demand | Running])
DRV - [2004/12/17 11:27:26 | 00,021,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\intelsmb.sys -- (smbusp [On_Demand | Running])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2008/02/01 16:07:23 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.fuse.net/windwood
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.fuse.net/Windwood/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.4.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.9
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 16:23:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 20:36:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 20:36:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/27 10:22:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/18 10:34:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.11\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/06/18 10:33:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.11\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009/06/18 10:34:31 | 00,000,000 | ---D | M]

[2009/06/02 07:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions
[2008/07/15 17:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 07:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/09 07:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions
[2008/09/10 12:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/08/04 07:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/05 17:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/22 12:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/23 11:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/16 20:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/18 22:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\mozilla\Firefox\Profiles\n09yplyv.default\extensions\smartbookmarksbar@remy.juteau
[2008/11/12 09:56:33 | 00,002,749 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Mozilla\FireFox\Profiles\n09yplyv.default\searchplugins\cuil.xml
[2009/08/09 07:16:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/25 06:37:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 16:24:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/04 20:35:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 20:35:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/17 16:23:12 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/04 20:35:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/18 10:34:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/29 08:23:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/29 08:23:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/25 10:06:35 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/04/29 08:23:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 08:23:02 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/29 08:23:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 08:23:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (290793 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10016 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe (C-Media)
O4 - HKLM..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Rick\Desktop\OTL.exe (OldTimer Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeCaption =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 02 E0 FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1221057294429 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1202391765640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.68.4.10 216.68.5.10
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/12 21:00:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a804a158-1e84-11dd-95e4-0018f809c15a}\Shell\AutoRun\command - "" = M:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/09 15:52:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2009/08/09 11:46:16 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/09 11:46:15 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/09 11:46:14 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/09 11:46:11 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/09 11:46:11 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/09 11:46:10 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/09 11:46:10 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/09 11:46:10 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/09 11:45:39 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/09 11:45:39 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/09 11:45:27 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/09 11:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/08/09 10:48:38 | 00,030,940 | ---- | C] () -- C:\Documents and Settings\Rick\My Documents\cc_20090809_104837.reg
[2009/08/09 10:47:16 | 00,242,580 | ---- | C] () -- C:\Documents and Settings\Rick\My Documents\cc_20090809_104713.reg
[2009/08/09 09:06:47 | 00,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
[2009/08/09 09:00:10 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/08/08 17:05:18 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/08 10:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\Malwarebytes
[2009/08/08 10:45:06 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/08 10:45:05 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/08 10:45:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/08 10:45:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/06 08:52:25 | 25,478,26688 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/05 18:07:14 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/27 13:28:22 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
[2009/07/26 18:49:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/07/26 18:49:41 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/07/26 18:49:37 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/07/26 18:49:37 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/07/26 18:49:17 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/07/26 18:49:17 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/07/16 07:23:36 | 00,026,036 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\prefs.js
[2009/07/13 09:28:48 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/13 09:28:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml
[2009/07/13 09:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2009
[2009/02/26 14:31:30 | 00,274,490 | ---- | C] () -- C:\WINDOWS\System32\flac.dll
[2009/02/26 14:31:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\WMB54G.dll
[2009/02/26 14:31:29 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\cmaudiow.dll
[2009/02/26 14:31:29 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\cmrmdrvw.dll
[2009/01/04 14:11:22 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\CISMBIOS.SYS
[2008/12/08 11:01:02 | 00,000,077 | ---- | C] () -- C:\WINDOWS\mydebug.ini
[2008/11/30 09:25:22 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/09/01 10:54:40 | 00,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/17 17:19:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/06/09 11:51:23 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2008/06/09 11:51:23 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2008/06/09 11:51:23 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2008/06/09 11:51:23 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2008/06/09 11:30:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2008/06/09 11:30:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2008/06/09 11:26:52 | 01,396,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2008/06/09 11:26:52 | 00,653,960 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2008/06/09 11:26:52 | 00,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2008/06/09 11:26:52 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2008/06/09 11:26:52 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2008/06/09 11:26:52 | 00,100,176 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2008/06/09 11:26:52 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2008/06/09 11:26:52 | 00,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2008/06/09 11:26:52 | 00,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2008/04/29 23:28:35 | 00,000,803 | ---- | C] () -- C:\WINDOWS\ldp.INI
[2008/04/29 22:18:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/03/24 17:37:25 | 00,022,016 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2008/02/24 14:38:03 | 00,000,080 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2008/02/24 13:39:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2008/01/02 20:11:42 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/07 01:51:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/07 01:51:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/07 01:51:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/07 01:51:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/07 01:51:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/29 17:50:20 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/10/14 15:23:15 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/14 13:53:54 | 00,000,030 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2007/10/13 14:28:41 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2007/10/13 14:28:41 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2007/10/13 14:28:41 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2007/10/13 13:59:22 | 00,000,138 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/10/13 11:41:37 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007/10/13 11:41:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007/10/13 11:41:37 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007/10/13 11:40:36 | 00,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2005/03/27 06:06:00 | 00,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2004/08/04 08:00:00 | 00,000,385 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/16 20:35:47 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\anti_deb.dll

========== Files - Modified Within 30 Days ==========

[2009/08/09 16:58:17 | 00,000,439 | ---- | M] () -- C:\WINDOWS\System\Flywave.dll
[2009/08/09 16:57:57 | 00,177,382 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/09 16:56:59 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/09 16:55:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/09 16:55:46 | 25,478,26688 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/09 15:52:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick\Desktop\OTL.exe
[2009/08/09 11:46:10 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/09 10:48:49 | 00,030,940 | ---- | M] () -- C:\Documents and Settings\Rick\My Documents\cc_20090809_104837.reg
[2009/08/09 10:47:40 | 00,242,580 | ---- | M] () -- C:\Documents and Settings\Rick\My Documents\cc_20090809_104713.reg
[2009/08/09 09:27:18 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/08 11:00:26 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dujivava
[2009/08/06 09:21:40 | 00,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009/08/04 20:59:11 | 00,000,385 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/04 20:59:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/04 20:59:11 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 10:03:32 | 00,000,000 | ---- | M] () -- C:\testwma.raw
[2009/07/28 19:20:48 | 00,000,138 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2009/07/27 13:28:24 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/15 07:06:23 | 00,026,036 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\prefs.js
[2009/07/15 07:05:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/13 09:28:48 | 00,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/13 09:28:48 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml
[2009/07/10 23:09:44 | 00,038,680 | ---- | M] () -- C:\WINDOWS\nsreg.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 09 August 2009 - 04:45 PM

Looking much better now. Go ahead and proceed with the malwarebytes scan and post that log for me next.

Also I see you have Rsit on this computer. Can you run that and post the log it creates for me to review?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 10 August 2009 - 07:39 AM

Sam,
While scanning, AVAST reported the following during the scan. Here is log of warnings:


8/10/2009 7:07:47 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\System Volume Information\_restore{23B4C07B-EF14-4585-BEC7-C28F5C9C93D7}\RP2\A0000070.dll" file.
8/10/2009 7:09:00 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\System Volume Information\_restore{23B4C07B-EF14-4585-BEC7-C28F5C9C93D7}\RP2\A0000071.dll" file.
8/10/2009 7:09:16 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\System Volume Information\_restore{23B4C07B-EF14-4585-BEC7-C28F5C9C93D7}\RP2\A0000072.dll" file.
8/10/2009 7:09:32 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\System Volume Information\_restore{23B4C07B-EF14-4585-BEC7-C28F5C9C93D7}\RP2\A0000119.dll" file.
8/10/2009 7:56:12 AM SYSTEM 1652 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\_OTL\MovedFiles\08082009_170518\WINDOWS\System32\fimesoba.dll" file.
8/10/2009 7:56:40 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\_OTL\MovedFiles\08082009_170518\WINDOWS\System32\gijeluhe.dll" file.
8/10/2009 7:56:47 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\_OTL\MovedFiles\08082009_170518\WINDOWS\System32\hikemavi.dll" file.
8/10/2009 7:56:52 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\_OTL\MovedFiles\08082009_170518\WINDOWS\System32\kawoyake.dll" file.
8/10/2009 7:56:56 AM SYSTEM 1652 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\_OTL\MovedFiles\08082009_170518\WINDOWS\System32\kudatusa.dll" file.
8/10/2009 7:57:02 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\_OTL\MovedFiles\08082009_170518\WINDOWS\System32\rezizafo.dll" file.
8/10/2009 7:57:06 AM SYSTEM 1652 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\_OTL\MovedFiles\08082009_170518\WINDOWS\System32\rikajiro.dll" file.
8/10/2009 7:57:09 AM SYSTEM 1652 Sign of "Win32:MoPack [Cryp]" has been found in "C:\_OTL\MovedFiles\08082009_170518\WINDOWS\System32\tezojuyu.dll" file.

________________________________________________________________________________________



Malwarebytes' Anti-Malware 1.40
Database version: 2578
Windows 5.1.2600 Service Pack 3

8/10/2009 8:28:02 AM
mbam-log-2009-08-10 (08-28-02).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 272999
Time elapsed: 1 hour(s), 55 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 ricrac

ricrac
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, Ohio
  • Local time:10:05 AM

Posted 10 August 2009 - 08:21 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rick at 2009-08-10 09:18:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (50%) free of 114 GB
Total RAM: 2430 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:08 AM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System\CmFlywav.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\WINDOWS\System\CMAS2DS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rick\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fuse.net/windwood
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [OTL] "C:\Documents and Settings\Rick\Desktop\OTL.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S110.tmp"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221057294429
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202391765640
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6180 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC646EA-368A-44F8-AB57-A4F5A5D72321}.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"EPSON Stylus Photo 2200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-08-19 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"CmFlywaveName"=C:\WINDOWS\System\CmFlywav.exe [2007-10-05 283466]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"=C:\Documents and Settings\Rick\Desktop\OTL.exe [2009-08-09 513536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo 2200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-06-30 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMcfa91305]
c:\windows\system32\tezojuyu.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
C:\Program Files\Intel Audio Studio\\INTELAUDIOSTUDIO.EXE TRAY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Registration Reminder]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe /H []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sifewuhura]
C:\WINDOWS\system32\mofawulo.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-17 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMem]
C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe [2007-04-03 507392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logo Calibration Loader.lnk]
C:\PROGRA~1\GRETAG~1\i1\EYE-ON~1\CALIBR~1\CALIBR~1.EXE [2005-04-29 540672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ProfileReminder.lnk]
C:\PROGRA~1\GRETAG~1\i1\EYE-ON~1\PROFIL~1.EXE [2005-04-29 786432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
C:\Documents and Settings\Rick\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-01-13 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
C:\PROGRA~1\Memeo\AutoSync\MEMEOL~1.EXE [2007-07-06 125976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoStrCmpLogical"=00000000
"NoDrives"=02E0FF03
"NoRecentDocsNetHood"=01000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"G:\Setup.exe"="G:\Setup.exe:*:Enabled:Setup"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Documents and Settings\Rick\Application Data\Thunderbird\Profiles\wrpssa75.default\extensions\{83d1f945-8280-11db-96a7-00e08161165f}\spambayes\win\sbpython.exe"="C:\Documents and Settings\Rick\Application Data\Thunderbird\Profiles\wrpssa75.default\extensions\{83d1f945-8280-11db-96a7-00e08161165f}\spambayes\win\sbpython.exe:*:Enabled:sbpython"
"C:\Program Files\Lantern Manager\xshld894.tmp"="C:\Program Files\Lantern Manager\xshld894.tmp:*:Enabled:Lantern"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Documents and Settings\Rick\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Rick\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Spiceworks\bin\spiceworks.exe"="C:\Program Files\Spiceworks\bin\spiceworks.exe:*:Enabled:spiceworks"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Netscape\Communicator\Program\nsabppin.exe"="C:\Program Files\Netscape\Communicator\Program\nsabppin.exe:*:Disabled:Address Book Palm Sync Install"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\LANDesk\System Manager\BIN\ssm.exe"="C:\Program Files\LANDesk\System Manager\BIN\ssm.exe:*:Enabled:LANDesk® System Manager"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Spiceworks\bin\spiceworks-finder.exe"="C:\Program Files\Spiceworks\bin\spiceworks-finder.exe:*:Enabled:spiceworks-finder"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Rick\Local Settings\Temp\Temporary Directory 6 for WMB54G_V1.3_XP-and-Vista_SetupWizard,0.zip\WMB54G_20071113\Setup.exe"="C:\Documents and Settings\Rick\Local Settings\Temp\Temporary Directory 6 for WMB54G_V1.3_XP-and-Vista_SetupWizard,0.zip\WMB54G_20071113\Setup.exe:*:Enabled:Setup"
"C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe"="C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe:*:Enabled:SeaMonkey"
"C:\Documents and Settings\Rick\Desktop\Linksys\2.18 Firmware\WMB54G Firmware v2.18 Upgrade Utility\Setup.exe"="C:\Documents and Settings\Rick\Desktop\Linksys\2.18 Firmware\WMB54G Firmware v2.18 Upgrade Utility\Setup.exe:*:Enabled:Setup"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a804a158-1e84-11dd-95e4-0018f809c15a}]
shell\AutoRun\command - M:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-08-09 11:45:39 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-09 11:45:27 ----D---- C:\Program Files\Alwil Software
2009-08-09 11:18:40 ----D---- C:\Program Files\CCleaner
2009-08-09 09:06:47 ----D---- C:\Program Files\Photodex Presenter
2009-08-09 09:00:10 ----D---- C:\Program Files\MediaCoder
2009-08-08 17:05:18 ----D---- C:\_OTL
2009-08-08 10:45:17 ----D---- C:\Documents and Settings\Rick\Application Data\Malwarebytes
2009-08-08 10:45:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-08 10:45:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-05 18:07:14 ----D---- C:\rsit
2009-08-05 17:17:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-26 18:49:41 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-07-15 07:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 07:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 07:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-13 09:28:20 ----D---- C:\Program Files\jv16 PowerTools 2009

======List of files/folders modified in the last 1 months======

2009-08-10 08:52:02 ----D---- C:\Program Files\Mozilla Firefox
2009-08-10 06:29:02 ----D---- C:\WINDOWS\Temp
2009-08-09 16:57:12 ----D---- C:\WINDOWS\system32\ias
2009-08-09 16:56:48 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-09 15:56:15 ----D---- C:\WINDOWS\system32\config
2009-08-09 15:40:54 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-09 11:46:16 ----D---- C:\WINDOWS\system32\drivers
2009-08-09 11:46:11 ----D---- C:\WINDOWS\system32
2009-08-09 11:45:27 ----RD---- C:\Program Files
2009-08-09 11:25:10 ----D---- C:\WINDOWS
2009-08-09 11:20:17 ----SD---- C:\Documents and Settings\Rick\Application Data\Microsoft
2009-08-09 11:08:48 ----D---- C:\Program Files\LimeWire
2009-08-09 10:30:12 ----D---- C:\Program Files\QO Labs
2009-08-09 09:27:18 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-09 09:18:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-06 18:23:48 ----D---- C:\Program Files\FTP Commander
2009-08-06 06:37:51 ----D---- C:\Program Files\Internet Explorer
2009-08-05 17:19:03 ----SHD---- C:\RECYCLER
2009-08-05 13:47:48 ----D---- C:\DATA FILES
2009-08-04 21:13:05 ----SHD---- C:\System Volume Information
2009-08-04 21:13:05 ----D---- C:\WINDOWS\system32\Restore
2009-08-04 20:59:11 ----SH---- C:\boot.ini
2009-08-04 20:59:11 ----A---- C:\WINDOWS\win.ini
2009-08-04 20:59:11 ----A---- C:\WINDOWS\system.ini
2009-08-04 20:24:20 ----D---- C:\Program Files\BearShare Applications
2009-08-04 08:57:40 ----D---- C:\Documents and Settings\Rick\Application Data\BearShare
2009-08-01 08:10:50 ----D---- C:\Documents and Settings\Rick\Application Data\LimeWire
2009-07-29 07:02:32 ----HD---- C:\WINDOWS\inf
2009-07-29 07:02:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 07:00:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 07:00:28 ----SHD---- C:\WINDOWS\Installer
2009-07-29 07:00:28 ----D---- C:\WINDOWS\WinSxS
2009-07-28 19:20:48 ----A---- C:\WINDOWS\msicpl.ini
2009-07-28 07:22:11 ----D---- C:\Documents and Settings\Rick\Application Data\Winamp
2009-07-27 13:34:36 ----D---- C:\Program Files\Winamp
2009-07-27 13:28:22 ----SD---- C:\WINDOWS\Tasks
2009-07-25 15:41:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-22 13:35:57 ----D---- C:\Program Files\RocketDock
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 07:05:42 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 PDIHWCTL;PDIHWCTL; \??\C:\WINDOWS\system32\drivers\pdihwctl.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 cmvad;Linksys Wireless-G Music Bridge Interface; C:\WINDOWS\system32\drivers\cmudaxv.sys [2007-03-29 1410240]
R3 Eplpdx02;Eplpdx02; \??\C:\WINDOWS\system32\Drivers\EPLPDX02.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-06 4968448]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2005-04-07 229720]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-10-25 17664]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RTL8023xp;Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\EG1032xp.sys [2005-02-01 71040]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2005-04-07 653960]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2005-04-07 13216]
R3 SMBios;Intel ® System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2004-06-07 36484]
R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2004-12-17 21248]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 DumaNT;NVIDIA Stereo Helper Service; C:\WINDOWS\system32\DRIVERS\dumant.sys []
S3 eyeonedp;eye-one display; C:\WINDOWS\system32\DRIVERS\eyeonedp.sys [2005-03-27 44344]
S3 FlexBios;FlexBIOS Service; \??\C:\WINDOWS\System32\Drivers\FlexBios.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 Invoker;Flash5 Invoker Service; \??\C:\WINDOWS\System32\Drivers\Invoker.sys []
S3 laguna;laguna; C:\WINDOWS\system32\DRIVERS\cl546xm.sys [2001-08-17 248064]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2005-04-07 1396048]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2005-04-07 100176]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 EPSON_PM_RPCV2_02;EPSON V3 Service2(02); C:\WINDOWS\system32\E_S00RP2.EXE [2004-02-19 65536]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2005-04-07 57344]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-04 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AutoSyncService;Memeo AutoSync ; C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-17 152984]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users