Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of Pop Ups & Quickbooks won't open

Started by tehmonkii , Mar 22 2009 12:59 AM

  • Please log in to reply

#1
tehmonkii
Posted 22 March 2009 - 12:59 AM

tehmonkii

    Member

  • Member
  • PipPip
  • 40 posts
Hi,

I don't know if these two problems are related, but my Quickbooks 2007 will not open and I keep getting random pop ups. When I click the icon, it says 'loading.....' for a while then disappears. It's shows its running in the task manager but the window is not open. And second, I'm getting a lot of pop ups. At first I thought it was Google Chrome so I uninstalled it, but Firefox has them also. Thank you.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:18 PM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Nexon2\npkcmsvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2a5fb22f-9279-4424-8d7b-a29e9a0f4c94} - C:\WINDOWS\system32\tadebava.dll
O2 - BHO: {54850e7d-6cb7-401b-c9e4-c8c72bbb99d2} - {2d99bbb2-7c8c-4e9c-b104-7bc6d7e05845} - C:\WINDOWS\system32\bhmiev.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fifulotaru] Rundll32.exe "C:\WINDOWS\system32\yagerumu.dll",s
O4 - HKLM\..\Run: [a8971d99] rundll32.exe "C:\WINDOWS\system32\bafoline.dll",b
O4 - HKLM\..\Run: [CPMaba42e05] Rundll32.exe "c:\windows\system32\nupanogo.dll",a
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [fifulotaru] Rundll32.exe "C:\WINDOWS\system32\yagerumu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &?????? - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &?????????? - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: &ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0B386B45-B2CF-4525-82FE-D3489C2D26C9} (ActozWebLauncher Control) - http://www.latale.co...WebLauncher.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06071909.cab
O16 - DPF: {E8E20D57-3D5B-4A2D-B710-252900B66685} (Installer Class) - http://www.haduri.co...riInstaller.cab
O16 - DPF: {FF0CD5DC-60A6-4668-AB80-1ACF40ED9CB8} (HitPlus Control) - http://www.haduri.co...cut/HitPlus.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\bafekefe.dll bhmiev.dll c:\windows\system32\nupanogo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nupanogo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nupanogo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon2\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 11427 bytes
  • 0

Advertisements

#2
kahdah
Posted 22 March 2009 - 06:34 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello tehmonkii

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
tehmonkii
Posted 22 March 2009 - 08:11 PM

tehmonkii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTListIt logfile created on: 3/22/2009 6:45:36 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.36 Mb Total Physical Memory | 308.34 Mb Available Physical Memory | 61.26% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 70.49% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.03 Gb Total Space | 98.58 Gb Free Space | 68.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILLIAM
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Nexon2\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe ( )
PRC - C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\user\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (CCALib8 [Auto | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npkcmsvc [Auto | Running]) -- C:\Nexon2\npkcmsvc.exe (INCA Internet Co., Ltd.)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe ( )
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (Avg7Core [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys ()
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NCHSSVAD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (npkcrypt [Auto | Running]) -- C:\Program Files\Wizet\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (pepifilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (npkcusb [On_Demand | Running]) -- C:\Nexon2\npkcusb.sys (INCA Internet Co., Ltd.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.91
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.7
FF - prefs.js..extensions.enabledItems: {096fce39-df8c-49ad-a4ce-9ef4a875bb76}:2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {F05F0500-5E61-47FC-8972-8BC899357A14}:1.0
FF - prefs.js..extensions.enabledItems: {7428120B-91FD-4E27-90A8-37BCF9F3DBBE}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2008/12/09 21:00:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/14 01:36:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F05F0500-5E61-47FC-8972-8BC899357A14}: C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\{F05F0500-5E61-47FC-8972-8BC899357A14} [2008/12/20 00:08:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7428120B-91FD-4E27-90A8-37BCF9F3DBBE}: C:\DOCUMENTS AND SETTINGS\LALA\LOCAL SETTINGS\APPLICATION DATA\{7428120B-91FD-4E27-90A8-37BCF9F3DBBE} [2008/12/20 00:48:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/21 22:53:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/21 22:53:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2009/01/19 14:13:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/01/19 14:13:42 | 00,000,000 | ---D | M]

[2008/12/09 20:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions
[2008/12/09 20:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/21 20:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions
[2008/12/09 20:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\{096fce39-df8c-49ad-a4ce-9ef4a875bb76}
[2006/11/03 07:46:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/21 20:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/03/21 20:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\[email protected]
[2008/12/09 20:28:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\TEMP
[2008/12/09 20:30:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/21 22:53:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 22:53:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/21 22:53:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 01:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 01:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 01:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 01:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 01:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 01:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 01:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {06ff524d-4bc7-40cc-a3ad-ec57ab7d2b92} - C:\WINDOWS\system32\nddclw.dll ()
O2 - BHO: (no name) - {2a5fb22f-9279-4424-8d7b-a29e9a0f4c94} - C:\WINDOWS\system32\tadebava.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [a8971d99] rundll32.exe "C:\WINDOWS\system32\bafoline.dll",b (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [CPMaba42e05] Rundll32.exe "c:\windows\system32\fufoyevo.dll",a ()
O4 - HKLM..\Run: [fifulotaru] Rundll32.exe "C:\WINDOWS\system32\yagerumu.dll",s ()
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKCU..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu File not found
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &?????? - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &?????????? - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: &ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .htm - C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll (Netscape Communications Corp.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (Reg Error: Key error.)
O16 - DPF: {0B386B45-B2CF-4525-82FE-D3489C2D26C9} http://www.latale.co...WebLauncher.cab (ActozWebLauncher Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Monopoly\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.c.../acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} http://gamedownload....GPlugin7USA.cab (HGPlugin7USA Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Monopoly\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....l/installer.exe (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06071909.cab (Reg Error: Key error.)
O16 - DPF: {E8E20D57-3D5B-4A2D-B710-252900B66685} http://www.haduri.co...riInstaller.cab (Installer Class)
O16 - DPF: {FF0CD5DC-60A6-4668-AB80-1ACF40ED9CB8} http://www.haduri.co...cut/HitPlus.cab (HitPlus Control)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\bafekefe.dll) - C:\WINDOWS\system32\bafekefe.dll ()
O20 - AppInit_DLLs: (nddclw.dll) - C:\WINDOWS\system32\nddclw.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\fufoyevo.dll) - c:\windows\system32\fufoyevo.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fufoyevo.dll ()
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\fufoyevo.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/22 18:42:26 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTListIt2.exe
[2009/03/22 15:05:14 | 00,108,851 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0036.jpg
[2009/03/22 15:05:13 | 00,108,653 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0035.jpg
[2009/03/22 15:00:52 | 00,127,291 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0034.jpg
[2009/03/22 15:00:00 | 00,103,459 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0033.jpg
[2009/03/22 14:44:26 | 00,110,894 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0032.jpg
[2009/03/22 14:44:25 | 00,112,327 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0031.jpg
[2009/03/22 14:44:25 | 00,110,355 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0030.jpg
[2009/03/22 14:44:05 | 00,114,697 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0029.jpg
[2009/03/22 13:21:53 | 00,105,271 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0028.jpg
[2009/03/22 12:58:42 | 00,110,283 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0027.jpg
[2009/03/22 12:58:41 | 00,105,916 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0026.jpg
[2009/03/22 12:55:52 | 00,108,068 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0025.jpg
[2009/03/22 12:55:51 | 00,106,798 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0024.jpg
[2009/03/22 12:55:49 | 00,109,152 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0023.jpg
[2009/03/22 12:54:31 | 00,100,856 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0022.jpg
[2009/03/22 12:54:30 | 00,102,709 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0021.jpg
[2009/03/22 12:54:29 | 00,102,600 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0020.jpg
[2009/03/22 12:54:21 | 00,106,831 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0019.jpg
[2009/03/22 12:52:39 | 00,100,176 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0018.jpg
[2009/03/22 12:51:23 | 00,096,892 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0017.jpg
[2009/03/22 12:51:23 | 00,096,432 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0016.jpg
[2009/03/22 12:51:20 | 00,096,810 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0015.jpg
[2009/03/22 12:51:12 | 00,102,281 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0014.jpg
[2009/03/22 12:51:10 | 00,106,387 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0013.jpg
[2009/03/22 12:22:59 | 00,108,692 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0012.jpg
[2009/03/22 11:47:53 | 00,000,121 | -HS- | C] () -- C:\WINDOWS\System32\oyiwuwen.ini
[2009/03/22 11:47:37 | 00,128,000 | -HS- | C] () -- C:\WINDOWS\System32\nddclw.dll
[2009/03/21 21:04:53 | 00,002,115 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/03/21 20:40:15 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\clwireg.exe
[2009/03/21 20:07:47 | 00,241,887 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks5.jpg
[2009/03/21 20:07:19 | 00,182,805 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks4.jpg
[2009/03/21 20:07:04 | 00,219,845 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks3.jpg
[2009/03/21 20:06:45 | 00,198,788 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks2.jpg
[2009/03/21 20:06:34 | 00,298,464 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks1.jpg
[2009/03/21 19:27:36 | 01,791,147 | -HS- | C] () -- C:\WINDOWS\System32\enilofab.ini
[2009/03/21 19:27:26 | 00,129,024 | -HS- | C] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\bhmiev.dll
[2009/03/21 17:39:08 | 00,133,009 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0011.jpg
[2009/03/21 17:25:38 | 00,129,845 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0010.jpg
[2009/03/21 16:21:03 | 00,117,982 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0009.jpg
[2009/03/21 13:55:12 | 00,134,012 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0008.jpg
[2009/03/21 02:21:17 | 00,124,978 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0007.jpg
[2009/03/21 02:21:16 | 00,124,064 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0006.jpg
[2009/03/20 23:15:44 | 00,124,681 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0005.jpg
[2009/03/20 19:07:15 | 00,129,629 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0004.jpg
[2009/03/20 19:00:27 | 00,141,445 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0003.jpg
[2009/03/20 18:58:17 | 00,100,194 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0002.jpg
[2009/03/20 18:40:20 | 00,140,334 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0001.jpg
[2009/03/20 18:39:41 | 00,134,985 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0000.jpg
[2009/03/19 18:51:49 | 00,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OmniLite.lnk
[2009/03/19 18:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\Ab3r
[2009/03/16 21:46:58 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\user\Desktop\YouTube Downloader.lnk
[2009/03/16 21:46:53 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2009/03/16 21:26:37 | 00,000,000 | ---D | C] -- C:\tmpDownload
[2009/02/25 21:35:08 | 00,000,000 | ---D | C] -- C:\YouTubeGet
[2009/02/25 01:15:52 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/22 18:53:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/03/22 18:49:59 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vigonevi
[2009/03/22 18:43:07 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTListIt2.exe
[2009/03/22 18:14:13 | 00,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2009/03/22 15:05:14 | 00,108,851 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0036.jpg
[2009/03/22 15:05:13 | 00,108,653 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0035.jpg
[2009/03/22 15:00:52 | 00,127,291 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0034.jpg
[2009/03/22 15:00:00 | 00,103,459 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0033.jpg
[2009/03/22 14:44:26 | 00,112,327 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0031.jpg
[2009/03/22 14:44:26 | 00,110,894 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0032.jpg
[2009/03/22 14:44:25 | 00,110,355 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0030.jpg
[2009/03/22 14:44:05 | 00,114,697 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0029.jpg
[2009/03/22 13:21:53 | 00,105,271 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0028.jpg
[2009/03/22 12:58:42 | 00,110,283 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0027.jpg
[2009/03/22 12:58:41 | 00,105,916 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0026.jpg
[2009/03/22 12:55:52 | 00,108,068 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0025.jpg
[2009/03/22 12:55:51 | 00,106,798 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0024.jpg
[2009/03/22 12:55:49 | 00,109,152 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0023.jpg
[2009/03/22 12:54:31 | 00,100,856 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0022.jpg
[2009/03/22 12:54:30 | 00,102,709 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0021.jpg
[2009/03/22 12:54:29 | 00,102,600 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0020.jpg
[2009/03/22 12:54:21 | 00,106,831 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0019.jpg
[2009/03/22 12:52:39 | 00,100,176 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0018.jpg
[2009/03/22 12:51:23 | 00,096,892 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0017.jpg
[2009/03/22 12:51:23 | 00,096,432 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0016.jpg
[2009/03/22 12:51:20 | 00,096,810 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0015.jpg
[2009/03/22 12:51:12 | 00,102,281 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0014.jpg
[2009/03/22 12:51:10 | 00,106,387 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0013.jpg
[2009/03/22 12:22:59 | 00,108,692 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0012.jpg
[2009/03/22 12:10:33 | 01,791,147 | -HS- | M] () -- C:\WINDOWS\System32\enilofab.ini
[2009/03/22 11:47:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/22 11:47:53 | 00,000,121 | -HS- | M] () -- C:\WINDOWS\System32\oyiwuwen.ini
[2009/03/22 11:47:35 | 00,128,000 | -HS- | M] () -- C:\WINDOWS\System32\nddclw.dll
[2009/03/22 11:47:34 | 00,095,744 | -HS- | M] () -- C:\WINDOWS\System32\fufoyevo.dll
[2009/03/22 11:47:33 | 00,090,112 | -HS- | M] () -- C:\WINDOWS\System32\newuwiyo.dll
[2009/03/22 11:46:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/22 11:46:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/22 02:11:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/21 21:09:15 | 00,081,568 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/21 21:08:33 | 00,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/21 21:04:53 | 00,002,115 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/03/21 20:48:53 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\clwireg.exe
[2009/03/21 20:46:28 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/21 20:46:28 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/21 20:46:27 | 00,501,612 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/21 20:07:47 | 00,241,887 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks5.jpg
[2009/03/21 20:07:19 | 00,182,805 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks4.jpg
[2009/03/21 20:07:04 | 00,219,845 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks3.jpg
[2009/03/21 20:06:45 | 00,198,788 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks2.jpg
[2009/03/21 20:06:34 | 00,298,464 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks1.jpg
[2009/03/21 19:27:24 | 00,129,024 | -HS- | M] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\fegenope.dll
[2009/03/21 19:27:24 | 00,129,024 | -HS- | M] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\bhmiev.dll
[2009/03/21 17:39:08 | 00,133,009 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0011.jpg
[2009/03/21 17:25:38 | 00,129,845 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0010.jpg
[2009/03/21 16:21:03 | 00,117,982 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0009.jpg
[2009/03/21 13:55:12 | 00,134,012 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0008.jpg
[2009/03/21 02:41:08 | 01,575,120 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/03/21 02:21:17 | 00,124,978 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0007.jpg
[2009/03/21 02:21:16 | 00,124,064 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0006.jpg
[2009/03/20 23:15:44 | 00,124,681 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0005.jpg
[2009/03/20 22:40:12 | 00,000,135 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/20 19:07:15 | 00,129,629 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0004.jpg
[2009/03/20 19:00:27 | 00,141,445 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0003.jpg
[2009/03/20 18:58:17 | 00,100,194 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0002.jpg
[2009/03/20 18:40:20 | 00,140,334 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0001.jpg
[2009/03/20 18:39:41 | 00,134,985 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0000.jpg
[2009/03/19 18:51:49 | 00,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OmniLite.lnk
[2009/03/18 17:44:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/16 21:46:58 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\user\Desktop\YouTube Downloader.lnk
[2009/03/16 21:17:30 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 23:57:15 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/03/10 22:03:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2009/01/19 14:18:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/19 14:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/03/23 21:48:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/07/16 16:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2006/12/26 15:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2006/12/17 23:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2006/12/18 00:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/07/08 19:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/10/28 00:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/21 21:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007/07/14 00:22:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/12/14 07:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/09/14 21:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2006/07/31 17:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/11/24 13:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gtek
[2006/09/03 17:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/09/14 22:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/06/12 18:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/05/25 21:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2007/01/12 21:32:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2008/12/22 14:03:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/06/17 19:56:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/05/09 15:24:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2005/08/09 12:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/12/09 21:00:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2006/11/23 15:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/05/24 18:20:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/01/11 20:00:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/03/08 20:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2005/07/17 09:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/08/22 11:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/24 16:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/01/10 21:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/12/16 15:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/17 01:24:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/01/08 16:14:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/01/07 20:26:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\user\Application Data
[2005/08/07 13:04:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\.BitTornado
[2008/06/11 21:32:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\3M
[2006/01/18 19:14:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\acccore
[2005/12/26 14:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ACD Systems
[2008/03/23 21:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Adobe
[2005/12/23 19:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AdobeUM
[2006/06/13 17:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Aim
[2007/07/14 00:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Apple Computer
[2007/06/29 15:26:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Avant Browser
[2007/06/29 15:27:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Avant Profiles
[2006/07/31 17:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG7
[2006/09/03 17:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Corel
[2006/04/09 00:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CyberLink
[2007/11/18 00:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EPSON
[2008/06/11 21:31:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2006/03/05 20:54:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Google
[2006/11/24 13:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GTek
[2008/08/10 19:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hamachi
[2005/07/21 15:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Help
[2005/07/16 16:00:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Identities
[2008/12/24 00:16:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\user\Application Data\ijjigame
[2006/08/04 14:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iMesh
[2007/07/14 00:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InstallShield
[2007/09/14 21:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Intuit
[2008/06/09 20:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iWin
[2008/06/09 20:12:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iWinArcade
[2006/06/18 01:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Lavasoft
[2005/12/24 15:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2005/12/18 16:14:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Logitech
[2005/07/16 21:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Macromedia
[2008/12/22 14:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2007/09/14 21:45:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\user\Application Data\Microsoft
[2007/04/19 20:06:01 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\user\Application Data\Move Networks
[2008/12/09 20:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla
[2005/11/19 15:57:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MSNInstaller
[2007/07/17 13:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\NCH Swift Sound
[2005/09/03 11:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Netscape
[2007/07/28 10:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nexon
[2007/03/30 22:36:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\NJStar
[2006/08/08 11:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Tools
[2008/07/09 19:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Publish Providers
[2005/08/07 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Real
[2008/06/15 21:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\skypePM
[2005/10/23 10:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SlimBrowser
[2008/07/09 19:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sony
[2008/08/22 11:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpinTop
[2005/12/17 19:10:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sun
[2005/07/16 16:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Symantec
[2007/01/17 21:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Viewpoint
[2008/12/21 01:20:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinRAR
[2008/12/24 16:18:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Yahoo!
[2009/03/18 17:44:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/22 18:14:13 | 00,001,192 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
[2009/03/22 02:11:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/03/22 11:46:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/03/22 18:53:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A
< End of report >







OTListIt Extras logfile created on: 3/22/2009 6:45:36 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.36 Mb Total Physical Memory | 308.34 Mb Available Physical Memory | 61.26% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 70.49% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.03 Gb Total Space | 98.58 Gb Free Space | 68.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILLIAM
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)
.url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1121574893\ee\aolservicehost.exe:*:Enabled:AOL Services File not found
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw ()
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\iMesh\iMesh5\iMesh.exe:*:Enabled:iMesh 5 File not found
C:\Program Files\AIM\AIM95_c0\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound File not found
C:\Program Files\AIM\AIM95_c1\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui File not found
C:\Program Files\AIM\AIM95_c2\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:Yahoo! Browser File not found
C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\softnyx\Rakion\Bin\Rakion.bin:*:Enabled:Rakion File not found
C:\Program Files\iMesh Applications\iMesh6\iMesh6.exe:*:Enabled:iMesh 6 File not found
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Common Files\AOL\1121574893\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1121574893\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Wizet\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ???? File not found
C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client File not found
C:\Program Files\Wizet\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ???? File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1121574893\ee\aolservicehost.exe:*:Enabled:AOL Services File not found
C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe (GRISOFT, s.r.o.)
C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft (Blizzard Entertainment)
C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound (Softnyx)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe (GRISOFT, s.r.o.)
C:\Program Files\NEXON\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ???? File not found
C:\Program Files\QQ\Africa2003\QQ.exe:*:Enabled:QQ ()
C:\Program Files\Tencent\QQ\QQ.exe:*:Enabled:QQ File not found
C:\Program Files\Tencent\QQDownload\QQDownload.exe:*:Enabled:???? File not found
C:\Program Files\Tencent\QQ\Qzone\Qzone.exe:*:Enabled:QzoneClient1.2Beta04 V01.2.104.040 File not found
C:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe:*:Enabled:AutoUpdate Module File not found
C:\Program Files\NEXON\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ???? File not found
C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ???? ()
C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager File not found
C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser (Avant Force)
C:\Nexon\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ???? File not found
C:\Nexon2\MapleStory\MapleStory.exe:*:Enabled:MapleStory File not found
C:\Nexon2\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ???? File not found
C:\Nexon2\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ???? File not found
C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager (iAnywhere Solutions, Inc.)
C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader> (NHN USA inc.)
C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology (Ensemble Studios)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui (Microsoft Corporation)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService (Apple Inc.)
C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB03}" = La Tale
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{13E1D05B-E707-4DD5-A064-2417CC189402}" = MapleStoryT
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{40280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{5C87D745-5DA2-4F47-B78B-B0D7EA539229}" = OmniLite
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F99C5427-4D78-43E2-B97E-F4C4E622D612}" = MapleStory
"{FF493A32-7886-4C6B-8EDD-9387670E4F93}" = MapleStory
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Age of Mythology 1.0" = Age of Mythology
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AI RoboForm" = AI RoboForm (All Users)
"AIM+" = AIM+ (remove only)
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity_is1" = Audacity 1.2.6
"AvantBrowser" = Avant Browser (remove only)
"AVG7Uninstall" = AVG Free Edition
"CCleaner" = CCleaner (remove only)
"Corel Applications" = Corel Applications
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps
"Gunbound Revolution_is1" = Gunbound Revolution
"HijackThis" = HijackThis 2.0.2
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 4.18.8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netscape Browser" = Netscape Browser (remove only)
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"Security Task Manager" = Security Task Manager 1.7
"Starcraft" = Starcraft
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YouTubeGet_is1" = YouTubeGet 4.9.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com" = ijji

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2009 3:07:43 AM | Computer Name = WILLIAM | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/11/2009 12:52:57 AM | Computer Name = WILLIAM | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/12/2009 3:43:27 AM | Computer Name = WILLIAM | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/15/2009 3:41:06 PM | Computer Name = WILLIAM | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/19/2009 12:28:41 AM | Computer Name = WILLIAM | Source = MsiInstaller | ID = 11904
Description = Product: OmniLite -- Error 1904.Module C:\WINDOWS\system32\UnZip.dll
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 3/19/2009 9:29:37 PM | Computer Name = WILLIAM | Source = MsiInstaller | ID = 11905
Description = Product: OmniLite -- Error 1905.Module C:\WINDOWS\system32\UnZip.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 3/19/2009 9:51:57 PM | Computer Name = WILLIAM | Source = MsiInstaller | ID = 11904
Description = Product: OmniLite -- Error 1904.Module C:\WINDOWS\system32\UnZip.dll
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 3/21/2009 11:14:00 PM | Computer Name = WILLIAM | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/22/2009 4:50:54 AM | Computer Name = WILLIAM | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/22/2009 2:49:44 PM | Computer Name = WILLIAM | Source = AVG7 | ID = 100
Description = 2009-03-22 18:49:44,265 WILLIAM [003216:003220] ERROR 000 AVG7.Upgrader.GUI.Download
Setup file check failed: @UPG_Err_Download_EmptyName

[ System Events ]
Error - 1/27/2009 1:31:09 AM | Computer Name = WILLIAM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00112F2B505D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/27/2009 7:38:57 PM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2

Error - 1/28/2009 7:51:50 PM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2

Error - 1/29/2009 9:05:51 PM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2

Error - 1/31/2009 1:06:27 AM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2

Error - 1/31/2009 12:41:44 PM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2

Error - 2/1/2009 9:48:51 PM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2

Error - 2/2/2009 10:05:17 PM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2

Error - 2/4/2009 12:15:27 AM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2

Error - 2/4/2009 10:13:46 PM | Computer Name = WILLIAM | Source = Service Control Manager | ID = 7000
Description = The Canon Camera Access Library 8 service failed to start due to the
following error: %%2


< End of report >
  • 0

#4
kahdah
Posted 22 March 2009 - 08:50 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
O2 - BHO: (no name) - {06ff524d-4bc7-40cc-a3ad-ec57ab7d2b92} - C:\WINDOWS\system32\nddclw.dll ()
O2 - BHO: (no name) - {2a5fb22f-9279-4424-8d7b-a29e9a0f4c94} - C:\WINDOWS\system32\tadebava.dll ()
O4 - HKLM..\Run: [a8971d99] rundll32.exe "C:\WINDOWS\system32\bafoline.dll",b (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CPMaba42e05] Rundll32.exe "c:\windows\system32\fufoyevo.dll",a ()
O4 - HKLM..\Run: [fifulotaru] Rundll32.exe "C:\WINDOWS\system32\yagerumu.dll",s ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - AppInit_DLLs: (C:\WINDOWS\system32\bafekefe.dll) - C:\WINDOWS\system32\bafekefe.dll ()
O20 - AppInit_DLLs: (nddclw.dll) - C:\WINDOWS\system32\nddclw.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\fufoyevo.dll) - c:\windows\system32\fufoyevo.dll ()
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fufoyevo.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\fufoyevo.dll ()

:files
C:\WINDOWS\System32\oyiwuwen.ini
C:\WINDOWS\System32\nddclw.dll
C:\WINDOWS\System32\enilofab.ini
C:\WINDOWS\System32\bhmiev.dll
C:\WINDOWS\System32\oyiwuwen.ini
C:\WINDOWS\System32\nddclw.dll
C:\WINDOWS\System32\fufoyevo.dll
C:\WINDOWS\System32\newuwiyo.dll

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
==================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#5
tehmonkii
Posted 22 March 2009 - 11:15 PM

tehmonkii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
========== OTLISTIT ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06ff524d-4bc7-40cc-a3ad-ec57ab7d2b92}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ff524d-4bc7-40cc-a3ad-ec57ab7d2b92}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nddclw.dll
C:\WINDOWS\system32\nddclw.dll NOT unregistered.
C:\WINDOWS\system32\nddclw.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a5fb22f-9279-4424-8d7b-a29e9a0f4c94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a5fb22f-9279-4424-8d7b-a29e9a0f4c94}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tadebava.dll
C:\WINDOWS\system32\tadebava.dll NOT unregistered.
C:\WINDOWS\system32\tadebava.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\a8971d99 deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bafoline.DLL
C:\WINDOWS\system32\bafoline.DLL NOT unregistered.
C:\WINDOWS\system32\bafoline.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPMaba42e05 deleted successfully.
DllUnregisterServer procedure not found in c:\windows\system32\fufoyevo.DLL
c:\windows\system32\fufoyevo.DLL NOT unregistered.
c:\windows\system32\fufoyevo.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fifulotaru deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yagerumu.DLL
C:\WINDOWS\system32\yagerumu.DLL NOT unregistered.
C:\WINDOWS\system32\yagerumu.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\bafekefe.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bafekefe.dll
C:\WINDOWS\system32\bafekefe.dll NOT unregistered.
C:\WINDOWS\system32\bafekefe.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:nddclw.dll deleted successfully.
File C:\WINDOWS\system32\nddclw.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fufoyevo.dll deleted successfully.
File c:\windows\system32\fufoyevo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File c:\windows\system32\fufoyevo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File c:\windows\system32\fufoyevo.dll not found.
========== FILES ==========
C:\WINDOWS\System32\oyiwuwen.ini moved successfully.
File/Folder C:\WINDOWS\System32\nddclw.dll not found.
C:\WINDOWS\System32\enilofab.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bhmiev.dll
C:\WINDOWS\System32\bhmiev.dll NOT unregistered.
C:\WINDOWS\System32\bhmiev.dll moved successfully.
File/Folder C:\WINDOWS\System32\oyiwuwen.ini not found.
File/Folder C:\WINDOWS\System32\nddclw.dll not found.
File/Folder C:\WINDOWS\System32\fufoyevo.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\newuwiyo.dll
C:\WINDOWS\System32\newuwiyo.dll NOT unregistered.
C:\WINDOWS\System32\newuwiyo.dll moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_73c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.7.1 log created on 03222009_200444

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_73c.dat not found!

Registry entries deleted on Reboot...







-----


Malwarebytes' Anti-Malware 1.34
Database version: 1887
Windows 5.1.2600 Service Pack 2

3/22/2009 10:04:19 PM
mbam-log-2009-03-22 (22-04-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 183554
Time elapsed: 1 hour(s), 43 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a5fb22f-9279-4424-8d7b-a29e9a0f4c94} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a5fb22f-9279-4424-8d7b-a29e9a0f4c94} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GrandPack (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a8971d99 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fifulotaru (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmaba42e05 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yubiyufo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTListIt\MovedFiles\03222009_200444\WINDOWS\system32\fufoyevo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTListIt\MovedFiles\03222009_200444\WINDOWS\system32\nddclw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTListIt\MovedFiles\03222009_200444\WINDOWS\system32\newuwiyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

#6
kahdah
Posted 23 March 2009 - 05:29 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Double click on OTlistit to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt.
    This issaved in the same location as OTListIt2 (desktop).
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

  • 0

#7
tehmonkii
Posted 23 March 2009 - 07:08 PM

tehmonkii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTListIt logfile created on: 3/23/2009 5:59:50 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.36 Mb Total Physical Memory | 226.49 Mb Available Physical Memory | 45.00% Memory free
1.20 Gb Paging File | 0.98 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.03 Gb Total Space | 99.03 Gb Free Space | 69.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILLIAM
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Nexon2\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe ( )
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
PRC - C:\Documents and Settings\user\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (CCALib8 [Auto | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npkcmsvc [Auto | Running]) -- C:\Nexon2\npkcmsvc.exe (INCA Internet Co., Ltd.)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe ( )
SRV - (QBFCService [On_Demand | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (Avg7Core [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys ()
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NCHSSVAD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (npkcrypt [Auto | Running]) -- C:\Program Files\Wizet\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (npkcusb [On_Demand | Stopped]) -- C:\Nexon2\npkcusb.sys (INCA Internet Co., Ltd.)
DRV - (pepifilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.91
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.7
FF - prefs.js..extensions.enabledItems: {096fce39-df8c-49ad-a4ce-9ef4a875bb76}:2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {F05F0500-5E61-47FC-8972-8BC899357A14}:1.0
FF - prefs.js..extensions.enabledItems: {7428120B-91FD-4E27-90A8-37BCF9F3DBBE}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2008/12/09 21:00:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/14 01:36:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F05F0500-5E61-47FC-8972-8BC899357A14}: C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\{F05F0500-5E61-47FC-8972-8BC899357A14} [2008/12/20 00:08:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7428120B-91FD-4E27-90A8-37BCF9F3DBBE}: C:\DOCUMENTS AND SETTINGS\LALA\LOCAL SETTINGS\APPLICATION DATA\{7428120B-91FD-4E27-90A8-37BCF9F3DBBE} [2008/12/20 00:48:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/21 22:53:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/21 22:53:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2009/01/19 14:13:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/01/19 14:13:42 | 00,000,000 | ---D | M]

[2008/12/09 20:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions
[2008/12/09 20:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/21 20:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions
[2008/12/09 20:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\{096fce39-df8c-49ad-a4ce-9ef4a875bb76}
[2006/11/03 07:46:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/21 20:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/03/21 20:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\[email protected]
[2008/12/09 20:28:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\w2if7nt0.default\extensions\TEMP
[2008/12/09 20:30:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/21 22:53:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 22:53:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/21 22:53:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 01:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 01:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 01:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 01:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 01:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 01:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 01:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKCU..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu File not found
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &?????? - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &?????????? - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: &ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .htm - C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll (Netscape Communications Corp.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (Reg Error: Key error.)
O16 - DPF: {0B386B45-B2CF-4525-82FE-D3489C2D26C9} http://www.latale.co...WebLauncher.cab (ActozWebLauncher Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Monopoly\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.c.../acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} http://gamedownload....GPlugin7USA.cab (HGPlugin7USA Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Monopoly\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....l/installer.exe (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06071909.cab (Reg Error: Key error.)
O16 - DPF: {E8E20D57-3D5B-4A2D-B710-252900B66685} http://www.haduri.co...riInstaller.cab (Installer Class)
O16 - DPF: {FF0CD5DC-60A6-4668-AB80-1ACF40ED9CB8} http://www.haduri.co...cut/HitPlus.cab (HitPlus Control)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (Har??U?nddclw.dllst?CbafolinezZC:\Documents and S) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\bafekefe.dll c:\windows\system32\fufoyevo.dll) - C:\WINDOWS\system32\bafekefe.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/22 23:19:52 | 00,086,480 | ---- | C] () -- C:\Documents and Settings\user\Desktop\IMG01685.jpg
[2009/03/22 20:04:44 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/22 18:42:26 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTListIt2.exe
[2009/03/22 15:05:14 | 00,108,851 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0036.jpg
[2009/03/22 15:05:13 | 00,108,653 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0035.jpg
[2009/03/22 15:00:52 | 00,127,291 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0034.jpg
[2009/03/22 15:00:00 | 00,103,459 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0033.jpg
[2009/03/22 14:44:26 | 00,110,894 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0032.jpg
[2009/03/22 14:44:25 | 00,112,327 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0031.jpg
[2009/03/22 14:44:25 | 00,110,355 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0030.jpg
[2009/03/22 14:44:05 | 00,114,697 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0029.jpg
[2009/03/22 13:21:53 | 00,105,271 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0028.jpg
[2009/03/22 12:58:42 | 00,110,283 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0027.jpg
[2009/03/22 12:58:41 | 00,105,916 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0026.jpg
[2009/03/22 12:55:52 | 00,108,068 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0025.jpg
[2009/03/22 12:55:51 | 00,106,798 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0024.jpg
[2009/03/22 12:55:49 | 00,109,152 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0023.jpg
[2009/03/22 12:54:31 | 00,100,856 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0022.jpg
[2009/03/22 12:54:30 | 00,102,709 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0021.jpg
[2009/03/22 12:54:29 | 00,102,600 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0020.jpg
[2009/03/22 12:54:21 | 00,106,831 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0019.jpg
[2009/03/22 12:52:39 | 00,100,176 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0018.jpg
[2009/03/22 12:51:23 | 00,096,892 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0017.jpg
[2009/03/22 12:51:23 | 00,096,432 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0016.jpg
[2009/03/22 12:51:20 | 00,096,810 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0015.jpg
[2009/03/22 12:51:12 | 00,102,281 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0014.jpg
[2009/03/22 12:51:10 | 00,106,387 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0013.jpg
[2009/03/22 12:22:59 | 00,108,692 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0012.jpg
[2009/03/21 21:04:53 | 00,002,115 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/03/21 20:40:15 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\clwireg.exe
[2009/03/21 20:07:47 | 00,241,887 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks5.jpg
[2009/03/21 20:07:19 | 00,182,805 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks4.jpg
[2009/03/21 20:07:04 | 00,219,845 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks3.jpg
[2009/03/21 20:06:45 | 00,198,788 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks2.jpg
[2009/03/21 20:06:34 | 00,298,464 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks1.jpg
[2009/03/21 17:39:08 | 00,133,009 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0011.jpg
[2009/03/21 17:25:38 | 00,129,845 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0010.jpg
[2009/03/21 16:21:03 | 00,117,982 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0009.jpg
[2009/03/21 13:55:12 | 00,134,012 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0008.jpg
[2009/03/21 02:21:17 | 00,124,978 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0007.jpg
[2009/03/21 02:21:16 | 00,124,064 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0006.jpg
[2009/03/20 23:15:44 | 00,124,681 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0005.jpg
[2009/03/20 19:07:15 | 00,129,629 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0004.jpg
[2009/03/20 19:00:27 | 00,141,445 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0003.jpg
[2009/03/20 18:58:17 | 00,100,194 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0002.jpg
[2009/03/20 18:40:20 | 00,140,334 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0001.jpg
[2009/03/20 18:39:41 | 00,134,985 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Maple0000.jpg
[2009/03/19 18:51:49 | 00,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OmniLite.lnk
[2009/03/19 18:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\Ab3r
[2009/03/16 21:46:58 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\user\Desktop\YouTube Downloader.lnk
[2009/03/16 21:46:53 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2009/03/16 21:26:37 | 00,000,000 | ---D | C] -- C:\tmpDownload
[2009/02/25 21:35:08 | 00,000,000 | ---D | C] -- C:\YouTubeGet
[2009/02/25 01:15:52 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/23 18:03:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/03/23 17:55:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/23 17:54:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/23 17:54:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/22 23:20:04 | 00,086,480 | ---- | M] () -- C:\Documents and Settings\user\Desktop\IMG01685.jpg
[2009/03/22 21:34:20 | 00,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2009/03/22 20:09:28 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vigonevi
[2009/03/22 20:08:58 | 01,575,676 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/03/22 18:43:07 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTListIt2.exe
[2009/03/22 15:05:14 | 00,108,851 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0036.jpg
[2009/03/22 15:05:13 | 00,108,653 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0035.jpg
[2009/03/22 15:00:52 | 00,127,291 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0034.jpg
[2009/03/22 15:00:00 | 00,103,459 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0033.jpg
[2009/03/22 14:44:26 | 00,112,327 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0031.jpg
[2009/03/22 14:44:26 | 00,110,894 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0032.jpg
[2009/03/22 14:44:25 | 00,110,355 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0030.jpg
[2009/03/22 14:44:05 | 00,114,697 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0029.jpg
[2009/03/22 13:21:53 | 00,105,271 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0028.jpg
[2009/03/22 12:58:42 | 00,110,283 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0027.jpg
[2009/03/22 12:58:41 | 00,105,916 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0026.jpg
[2009/03/22 12:55:52 | 00,108,068 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0025.jpg
[2009/03/22 12:55:51 | 00,106,798 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0024.jpg
[2009/03/22 12:55:49 | 00,109,152 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0023.jpg
[2009/03/22 12:54:31 | 00,100,856 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0022.jpg
[2009/03/22 12:54:30 | 00,102,709 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0021.jpg
[2009/03/22 12:54:29 | 00,102,600 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0020.jpg
[2009/03/22 12:54:21 | 00,106,831 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0019.jpg
[2009/03/22 12:52:39 | 00,100,176 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0018.jpg
[2009/03/22 12:51:23 | 00,096,892 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0017.jpg
[2009/03/22 12:51:23 | 00,096,432 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0016.jpg
[2009/03/22 12:51:20 | 00,096,810 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0015.jpg
[2009/03/22 12:51:12 | 00,102,281 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0014.jpg
[2009/03/22 12:51:10 | 00,106,387 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0013.jpg
[2009/03/22 12:22:59 | 00,108,692 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0012.jpg
[2009/03/22 02:11:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/21 21:09:15 | 00,081,568 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/21 21:08:33 | 00,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/21 21:04:53 | 00,002,115 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/03/21 20:48:53 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\clwireg.exe
[2009/03/21 20:46:28 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/21 20:46:28 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/21 20:46:27 | 00,501,612 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/21 20:07:47 | 00,241,887 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks5.jpg
[2009/03/21 20:07:19 | 00,182,805 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks4.jpg
[2009/03/21 20:07:04 | 00,219,845 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks3.jpg
[2009/03/21 20:06:45 | 00,198,788 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks2.jpg
[2009/03/21 20:06:34 | 00,298,464 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks1.jpg
[2009/03/21 19:27:24 | 00,129,024 | -HS- | M] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\fegenope.dll
[2009/03/21 17:39:08 | 00,133,009 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0011.jpg
[2009/03/21 17:25:38 | 00,129,845 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0010.jpg
[2009/03/21 16:21:03 | 00,117,982 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0009.jpg
[2009/03/21 13:55:12 | 00,134,012 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0008.jpg
[2009/03/21 02:21:17 | 00,124,978 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0007.jpg
[2009/03/21 02:21:16 | 00,124,064 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0006.jpg
[2009/03/20 23:15:44 | 00,124,681 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0005.jpg
[2009/03/20 22:40:12 | 00,000,135 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/20 19:07:15 | 00,129,629 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0004.jpg
[2009/03/20 19:00:27 | 00,141,445 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0003.jpg
[2009/03/20 18:58:17 | 00,100,194 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0002.jpg
[2009/03/20 18:40:20 | 00,140,334 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0001.jpg
[2009/03/20 18:39:41 | 00,134,985 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Maple0000.jpg
[2009/03/19 18:51:49 | 00,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OmniLite.lnk
[2009/03/18 17:44:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/16 21:46:58 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\user\Desktop\YouTube Downloader.lnk
[2009/03/16 21:17:30 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 23:57:15 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/03/10 22:03:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >
  • 0

#8
kahdah
Posted 23 March 2009 - 07:50 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
O20 - AppInit_DLLs: (Har??U?nddclw.dllst?CbafolinezZC:\Documents and S) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\bafekefe.dll c:\windows\system32\fufoyevo.dll) - C:\WINDOWS\system32\bafekefe.dll File not found

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
============
After that let me know how things are running?
  • 0

#9
tehmonkii
Posted 23 March 2009 - 09:02 PM

tehmonkii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
========== OTLISTIT ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:Har??U?nddclw.dllst?CbafolinezZC:\Documents and S deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\bafekefe.dll c:\windows\system32\fufoyevo.dll deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\user\Local Settings\Temp\1d64_appcompat.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_698.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.7.1 log created on 03232009_195407

Files moved on Reboot...
C:\Documents and Settings\user\Local Settings\Temp\1d64_appcompat.txt moved successfully.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_698.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...



---

Everything seems to be running fine again. Quickbook opens normally and the pop ups have disappeared. Thank you so much for your help. Also, I'm currently using AVG and it's about to expire, what program do you recommend I use to keep my computer safe to keep this from happening again?
  • 0

#10
kahdah
Posted 24 March 2009 - 04:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi These are free.
AVG free 8.5
Note this is free antispyware protection and Antivirus protection.

or

Antivir
this is just antivirus protection.
=====================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Delete\uninstall anything else that we have used.


System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP