Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page Redirects, etc.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
LinkBack Thread Tools
Old 05-10-2009, 11:45 AM   #1 (permalink)
Registered User
 
Join Date: May 2009
Posts: 4
OS: Windows XP SP2


Redirects, etc.
I started having problems with my comp on April 29th. I had obviously picked up some sort of malware while browsing. My performance slowed abysmally, windows closed randomly, my wallpaper was replaced by a big flashing ad for some ******** spyware remover. Even my screensaver wouldn't work. My ISP called and said they'd cut-off my internet service if the problem wasn't taken care of right away. A friend helped me get the install files for MalwareBytes and CCleaner (msn messenger was virtually the only program working), and after scanning with those programs everything pretty much went back to normal.

The next day, I started experiencing the (apparently quite common) 'google redirect' problem. The severity varies day by day, but generally speaking, if I click a link in Firefox a new tab will open and the status bar will have some massive URL that begins with http://www.googe-redirect.com... - I'm often redirected to one of several search engines, but sometimes I'm taken to pages that are completely unrelated. Sometimes I'll end up being 'redirected' to the proper place. Sometimes I'm not redirected at all.

The google redirect issue is my chief problem, but there are other things going on as well. My computer still performs quite poorly, and sometimes my taskbar disappears. If I attempt to scan with Eset, it picks up several issues, but specifies than it cannot fix several of them until I reboot my computer. As soon as I reboot, I get the exact same message. I also tried to use Windows Defender, but due to some error it would not let me update after the install.

I would be very appreciative of any help you could offer!



DDS (Ver_09-03-16.01) - NTFSx86
Run by Benito at 13:26:32.21 on Sun 05/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.413 [GMT -4:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Smart Desktop Calendar\SmartDesktopCalendar.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Benito\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q305&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {3e6f6aff-f562-43a4-a7c7-41a3a6b65a90} - c:\windows\system32\qqailucg.dll
BHO: : {7924a6e6-8c39-4405-abbd-5c823a94e1a2} - c:\windows\system32\lsfjkjs.dll
BHO: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
dRun: [Diagnostic Manager] c:\windows\temp\3876367926.exe
dRun: [<NO NAME>] c:\windows\temp\lky6lsfv.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\lky6lsfv.exe
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\documents and settings\benito\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\benito\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\benito\startm~1\programs\startup\smartd~1.lnk - c:\program files\smart desktop calendar\SmartDesktopCalendar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {cafeefac-0016-0000-0011-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: rcdqshbz - lsfjkjs.dll
AppInit_DLLs: c:\windows\system32\mavufobo.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\mavufobo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benito\applic~1\mozilla\firefox\profiles\8voxy251.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

============= SERVICES / DRIVERS ===============

R0 zxioruaz;zxioruaz;c:\windows\system32\drivers\zxioruaz.sys [2004-8-4 23424]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 aodrrhsg;PnP ISA/EISA Bus Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 windefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-9-19 200192]
S2 .esettrialreset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2004-8-4 3584]

=============== Created Last 30 ================

2009-05-09 19:08 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-09 19:08 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-05-07 17:17 24,064 a--sh--- c:\documents and settings\benito\protect.dll
2009-05-07 17:03 2,343 a------- c:\windows\system32\win32hlp.cnf
2009-05-07 13:18 <DIR> --d----- c:\program files\ESET
2009-05-07 13:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-04 12:37 268 a---h--- C:\sqmdata09.sqm
2009-05-04 12:37 244 a---h--- C:\sqmnoopt09.sqm
2009-05-03 21:03 268 a---h--- C:\sqmdata08.sqm
2009-05-03 21:03 244 a---h--- C:\sqmnoopt08.sqm
2009-05-03 14:01 268 a---h--- C:\sqmdata07.sqm
2009-05-03 14:01 244 a---h--- C:\sqmnoopt07.sqm
2009-04-29 20:25 <DIR> --d----- c:\docume~1\benito\applic~1\Malwarebytes
2009-04-29 20:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-29 20:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 20:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-29 20:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-29 20:24 <DIR> --d----- c:\program files\CCleaner
2009-04-29 18:41 1 a------- c:\windows\system32\uniq.tll
2009-04-29 18:16 101,884 a------- c:\windows\system32\drivers\aec289bc.sys
2009-04-29 18:07 <DIR> --d----- c:\program files\Lavasoft
2009-04-29 17:59 101,888 a------- C:\ohkbrkoo.exe
2009-04-29 17:59 205,824 a------- C:\xmrgycj.exe
2009-04-29 17:59 101,888 a------- C:\wwmeoblk.exe
2009-04-29 17:59 101,884 a------- c:\windows\system32\drivers\97e00a9c.sys
2009-04-29 17:58 2 a------- C:\1282840284
2009-04-26 20:20 225,280 a------- c:\windows\system32\rewire.dll
2009-04-26 20:20 <DIR> --d----- c:\program files\VstPlugins
2009-04-26 20:20 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-04-26 20:19 <DIR> --d----- c:\program files\Outsim
2009-04-26 20:17 <DIR> --d----- c:\program files\Image-Line

==================== Find3M ====================

2009-04-29 18:41 104,960 a------- c:\windows\system32\userinit.exe
2009-04-29 17:58 33,792 a------- c:\program files\ysnionkl.tmp
2009-04-29 17:58 51,200 a--sh--- c:\windows\system32\sesifune.exe
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2005-05-26 14:35 1,422 a------- c:\program files\ReadMe.txt
2009-05-10 13:26 24,064 a--sh--- c:\windows\system32\autochk.dll

============= FINISH: 13:26:59.34 ===============
Attached Files
File Type: zip ark.zip (4.2 KB, 1 views)
Sir Burley Bee is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-10-2009, 04:40 PM   #2 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Redirects, etc.
Hello, Sir Burley Bee :)
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to back up your registry
  1. Please download ERUNT and save it to your desktop.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked
  6. Press OK
  7. Press YES to create the folder.

We need to create an OTListIt2 Report
  1. Please download OTListIt2 from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 05-11-2009, 01:30 PM   #3 (permalink)
Registered User
 
Join Date: May 2009
Posts: 4
OS: Windows XP SP2


Re: Redirects, etc.
Hi Billy,

extras.txt

OTListIt Extras logfile created on: 5/11/2009 3:25:51 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Benito\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 387.60 Mb Available Physical Memory | 37.91% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 9.50 Gb Free Space | 10.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BENLAPTOP
Current User Name: Benito
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/09/19 14:08:00 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/03/09 04:11:22 | 00,231,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/03/09 01:28:06 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/03/09 03:41:32 | 00,087,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2006/02/17 00:19:34 | 00,192,512 | ---- | M] () -- C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2006/02/16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/03/09 04:04:24 | 00,181,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2006/02/15 10:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/03/09 01:38:02 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/09 16:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/09 16:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/03/09 03:40:10 | 00,063,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2006/02/19 05:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2009/02/09 17:19:03 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Benito\Desktop\utorrent.exe:*:Enabled:µTorrent
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/08/04 08:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26a24ae4-039d-4ca4-87b4-2f83216011ff}" = Java(TM) 6 Update 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{703C4409-D597-433A-9B17-E411D9236451}" = Button Manager v1.874
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = TIxx21
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{a06275f4-324b-4e85-95e6-87b2cd729401}" = Windows Defender
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cdf97135-7fd2-4289-96b8-dd4505267acd}" = ESET NOD32 Antivirus
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B3
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{f333a33d-125c-32a2-8dce-5c5d14231e27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{f333a33d-125c-32a2-8dce-5c5d14231e27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ccleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Compaq Presario r4000 User Guides" = Compaq Presario r4000 User Guides
"Conexant PCI Audio" = Conexant AC-Link Audio
"ENTERPRISE" = Microsoft Office Enterprise 2007
"erunt_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Pavillion zv6000 User Guides" = HP Pavillion zv6000 User Guides
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Full)
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mozilla firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PowerISO" = PowerISO
"Smart Desktop Calendar Pro_is1" = Smart Desktop Calendar Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2009 1:15:38 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

Error - 5/7/2009 1:56:14 PM | Computer Name = BENLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2009 2:19:28 AM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
shlwapi.dll, version 6.0.2900.3462, fault address 0x0001b9cb.

Error - 5/8/2009 2:30:17 AM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000100e8.

Error - 5/8/2009 12:54:21 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

Error - 5/8/2009 1:47:52 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

Error - 5/8/2009 2:01:23 PM | Computer Name = BENLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 5/8/2009 2:01:28 PM | Computer Name = BENLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 5/10/2009 3:21:10 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

Error - 5/10/2009 3:22:42 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

[ Application Events ]
Error - 5/7/2009 1:15:38 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

Error - 5/7/2009 1:56:14 PM | Computer Name = BENLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2009 2:19:28 AM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
shlwapi.dll, version 6.0.2900.3462, fault address 0x0001b9cb.

Error - 5/8/2009 2:30:17 AM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000100e8.

Error - 5/8/2009 12:54:21 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

Error - 5/8/2009 1:47:52 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

Error - 5/8/2009 2:01:23 PM | Computer Name = BENLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 5/8/2009 2:01:28 PM | Computer Name = BENLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 5/10/2009 3:21:10 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

Error - 5/10/2009 3:22:42 PM | Computer Name = BENLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x005ebec0.

[ System Events ]
Error - 5/10/2009 3:10:48 PM | Computer Name = BENLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/10/2009 3:10:48 PM | Computer Name = BENLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 5/10/2009 5:14:55 PM | Computer Name = BENLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service
to connect.

Error - 5/10/2009 5:14:55 PM | Computer Name = BENLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%1053

Error - 5/10/2009 5:14:55 PM | Computer Name = BENLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 5/10/2009 5:15:32 PM | Computer Name = BENLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/10/2009 5:18:35 PM | Computer Name = BENLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/10/2009 5:18:36 PM | Computer Name = BENLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 5/11/2009 10:58:16 AM | Computer Name = BENLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/11/2009 10:58:16 AM | Computer Name = BENLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2


< End of report >



and here is OTListIt.txt

OTListIt logfile created on: 5/11/2009 3:25:51 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Benito\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 387.60 Mb Available Physical Memory | 37.91% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 9.50 Gb Free Space | 10.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BENLAPTOP
Current User Name: Benito
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/04/01 06:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/04/01 06:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2004/08/04 08:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/03/22 21:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/02/02 08:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 08:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 13:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2009/05/07 13:13:43 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/09/11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2005/04/11 15:21:02 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/09/11 00:43:54 | 00,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2009/05/07 13:13:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/02/06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/12/03 13:47:34 | 01,205,760 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/06/06 11:35:02 | 00,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
PRC - [2006/09/05 20:32:28 | 02,039,808 | ---- | M] () -- C:\Program Files\Smart Desktop Calendar\SmartDesktopCalendar.exe
PRC - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2005/03/04 12:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2009/05/07 13:13:43 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - File not found -- \?\globalroot\C:\WINDOWS\system32\rundll32.exe
PRC - [2008/09/19 09:52:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/06/03 09:02:34 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
PRC - [2009/04/29 18:30:03 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/07 13:13:43 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/05/11 15:25:29 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benito\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/08/04 08:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regedt32.exe -- (.esettrialreset [Auto | Stopped])
SRV - [2007/09/11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
SRV - [2004/08/04 08:00:00 | 00,103,424 | ---- | M] (Microsoft Corporation) -- c:\windows\system32\lsfjkjs.dll -- (aodrrhsg [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/01 06:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/02/06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (ehttpsrv [On_Demand | Stopped])
SRV - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/09/24 01:11:33 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/04 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/03/04 12:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Running])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/07 13:13:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/11/22 21:58:48 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (windefend [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2004/08/11 16:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/04/01 06:02:36 | 01,034,752 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/03/10 05:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2005/03/15 12:14:52 | 00,037,760 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
DRV - [2005/03/15 12:14:52 | 00,346,496 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
DRV - [2004/04/14 07:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EABFiltr.sys -- (eabfiltr [System | Running])
DRV - [2003/06/06 11:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2009/02/06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2008/07/01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\easdrv.sys -- (easdrv [System | Running])
DRV - [2009/02/06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2009/02/06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/01/31 20:48:56 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/01/31 20:48:57 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/01/31 20:48:53 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/03/22 10:39:44 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
DRV - [2005/03/22 10:39:42 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2005/03/22 10:39:54 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/09/15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/09/24 01:04:47 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/06/28 06:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 18:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2008/07/07 03:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2004/08/04 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/02/02 07:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/04/04 12:25:36 | 00,160,768 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2008/09/15 08:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 08:56:34 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2005/03/22 10:39:40 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,023,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\zxioruaz.sys -- (zxioruaz [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default = FF 6A 6F 3E 62 F5 A4 43 A7 C7 41 A3 A6 B6 5A 90 [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default = FF 6A 6F 3E 62 F5 A4 43 A7 C7 41 A3 A6 B6 5A 90 [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default = FF 6A 6F 3E 62 F5 A4 43 A7 C7 41 A3 A6 B6 5A 90 [binary data]

IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default = FF 6A 6F 3E 62 F5 A4 43 A7 C7 41 A3 A6 B6 5A 90 [binary data]
IE - HKU\s-1-5-20\s-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default = FF 6A 6F 3E 62 F5 A4 43 A7 C7 41 A3 A6 B6 5A 90 [binary data]
IE - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\s-1-5-21-329068152-2052111302-682003330-1004\s-1-5-21-329068152-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-21-329068152-2052111302-682003330-1004\s-1-5-21-329068152-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {9CF3B9C1-6165-440F-AB73-E88E8963E164}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.685
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [2008/12/27 0257 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/07 13:13:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/10 15:20:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/08 13:58:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\thunderbird\extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD

[2008/09/19 1447 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benito\Application Data\mozilla\Extensions
[2008/09/19 1447 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benito\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/09/19 1447 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benito\Application Data\mozilla\Firefox\Profiles\8voxy251.default\extensions
[2009/05/11 13:23:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 18:30:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/29 17:53:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{9CF3B9C1-6165-440F-AB73-E88E8963E164}
[2008/09/19 20:13:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/07 13:14:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/29 18:30:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 18:30:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/06 17:10:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/06 17:10:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/06 17:10:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/06 17:10:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/06 17:10:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/06 17:10:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/06 17:10:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (no name) - {3e6f6aff-f562-43a4-a7c7-41a3a6b65a90} - Reg Error: Value error. File not found
O2 - BHO: () - {7924a6e6-8c39-4405-abbd-5c823a94e1a2} - c:\windows\system32\lsfjkjs.dll (Microsoft Corporation)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\lky6lsfv.exe ()
O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3876367926.exe ()
O4 - HKU\.DEFAULT..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\lky6lsfv.exe ()
O4 - HKU\S-1-5-18..\Run: [] C:\WINDOWS\TEMP\lky6lsfv.exe ()
O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3876367926.exe ()
O4 - HKU\S-1-5-18..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\lky6lsfv.exe ()
O4 - HKU\s-1-5-21-329068152-2052111302-682003330-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\s-1-5-21-329068152-2052111302-682003330-1004..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\s-1-5-21-329068152-2052111302-682003330-1004..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Benito\Start Menu\Programs\Startup\ChkDisk.dll ( )
O4 - Startup: C:\Documents and Settings\Benito\Start Menu\Programs\Startup\Smart Desktop Calendar.lnk = C:\Program Files\Smart Desktop Calendar\SmartDesktopCalendar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\s-1-5-21-329068152-2052111302-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {cafeefac-0016-0000-0011-abcdeffedcba} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\mavufobo.dll) - C:\WINDOWS\system32\mavufobo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\rcdqshbz: DllName - lsfjkjs.dll - C:\WINDOWS\system32\lsfjkjs.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/19 13:47:05 | 00,000,050 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[1 C:\Program Files\*.tmp files]
[2009/05/11 15:25:19 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Benito\Desktop\OTListIt2.exe
[2009/05/11 15:25:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/11 15:24:42 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Benito\Desktop\NTREGOPT.lnk
[2009/05/11 15:24:42 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Benito\Desktop\ERUNT.lnk
[2009/05/11 15:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/11 15:23:10 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Benito\Desktop\erunt-setup.exe
[2009/05/11 12:59:35 | 00,024,064 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/10 19:40:33 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/10 13:43:38 | 00,004,274 | ---- | C] () -- C:\Documents and Settings\Benito\Desktop\ark.zip
[2009/05/10 13:28:35 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Benito\Desktop\gmer.exe
[2009/05/10 13:28:14 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Benito\Desktop\gmer.zip
[2009/05/10 13:26:16 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Benito\Desktop\dds.scr
[2009/05/08 15:02:23 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/08 14:01:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/05/08 13:59:31 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\Benito\Desktop\WindowsDefender.msi
[2009/05/08 13:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/08 13:58:22 | 00,897,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Benito\Desktop\WGAPluginInstall.exe
[2009/05/07 17:17:58 | 00,024,064 | -HS- | C] ( ) -- C:\Documents and Settings\Benito\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/07 17:17:58 | 00,000,651 | -HS- | C] () -- C:\Documents and Settings\Benito\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/07 17:03:25 | 00,002,343 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/05/07 17:02:34 | 10,722,22208 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/07 16:54:24 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/05/07 13:18:16 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/05/04 12:37:17 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2009/05/04 12:37:17 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2009/05/03 21:03:45 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2009/05/03 21:03:45 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2009/05/03 14:01:22 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2009/05/03 14:01:22 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2009/04/29 20:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Benito\Application Data\Malwarebytes
[2009/04/29 20:25:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/29 20:25:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 20:25:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/29 20:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 20:25:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/29 20:24:57 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Benito\Desktop\CCleaner.lnk
[2009/04/29 20:24:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/29 18:41:51 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/29 18:16:39 | 00,101,884 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec289bc.sys
[2009/04/29 18:12:33 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/29 18:07:22 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/29 18:07:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/29 18:00:06 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/04/29 17:59:57 | 00,101,888 | ---- | C] () -- C:\ohkbrkoo.exe
[2009/04/29 17:59:09 | 00,101,888 | ---- | C] () -- C:\wwmeoblk.exe
[2009/04/29 17:59:08 | 00,101,884 | ---- | C] () -- C:\WINDOWS\System32\drivers\97e00a9c.sys
[2009/04/29 17:58:50 | 00,000,002 | ---- | C] () -- C:\1282840284
[2009/04/26 20:20:32 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2009/04/26 20:20:32 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/04/26 20:19:47 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/04/26 20:17:09 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/04/23 00:41:35 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Benito\My Documents\MARKETING MARGINALIZED CULTURES.doc
[2009/04/23 00:41:08 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Benito\My Documents\THE MODERNIST EVENT.doc
[2009/04/22 23:24:30 | 00,014,369 | ---- | C] () -- C:\Documents and Settings\Benito\My Documents\THE MODERNIST EVENT.docx
[2009/04/22 21:55:54 | 00,014,163 | ---- | C] () -- C:\Documents and Settings\Benito\My Documents\WE ARENT ON THE WRONG SIDE WE ARE THE WRONG SIDE.docx
[2009/04/22 18:53:14 | 00,014,368 | ---- | C] () -- C:\Documents and Settings\Benito\My Documents\THE WHITES OF THEIR EYES.docx
[2009/04/22 13:54:32 | 00,018,190 | ---- | C] () -- C:\Documents and Settings\Benito\My Documents\THE WEDDING BANQUET GLOBAL CHINESE CINEMA AND THE ASIAN AMERICAN EXPERIENCE.docx
[2009/04/20 21:58:07 | 00,013,797 | ---- | C] () -- C:\Documents and Settings\Benito\My Documents\MARKETING MARGINALIZED CULTURES.docx
[2008/11/13 19:17:01 | 00,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/10/31 22:37:40 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/31 22:37:39 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/31 22:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/31 22:37:32 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/31 22:37:32 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/31 22:37:25 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/31 22:37:25 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/19 23:03:57 | 00,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2008/09/19 22:53:27 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/09/19 22:53:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/09/19 21:53:07 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/09/19 13:41:22 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/03/29 23:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/02/12 04:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 00,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\zxioruaz.sys
[2004/08/04 08:00:00 | 00,000,607 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/11 15:26:54 | 00,101,884 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec289bc.sys
[2009/05/11 15:26:54 | 00,101,884 | ---- | M] () -- C:\WINDOWS\System32\drivers\97e00a9c.sys
[2009/05/11 15:25:37 | 00,024,064 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/11 15:25:29 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benito\Desktop\OTListIt2.exe
[2009/05/11 15:24:42 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Benito\Desktop\NTREGOPT.lnk
[2009/05/11 15:24:42 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Benito\Desktop\ERUNT.lnk
[2009/05/11 15:23:17 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Benito\Desktop\erunt-setup.exe
[2009/05/11 10:58:24 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\Benito\My Documents\My Sharing Folders.lnk
[2009/05/10 19:40:38 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/10 17:16:27 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/10 17:14:39 | 00,002,343 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/05/10 17:13:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/10 17:13:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Benito\Local Settings\desktop.ini
[2009/05/10 17:13:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/10 17:13:01 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/10 13:43:38 | 00,004,274 | ---- | M] () -- C:\Documents and Settings\Benito\Desktop\ark.zip
[2009/05/10 13:28:18 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Benito\Desktop\gmer.zip
[2009/05/10 13:26:20 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Benito\Desktop\dds.scr
[2009/05/09 19:07:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/08 13:59:43 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Benito\Desktop\WindowsDefender.msi
[2009/05/08 13:58:25 | 00,897,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Benito\Desktop\WGAPluginInstall.exe
[2009/05/08 13:58:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/07 23:00:36 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/05/07 17:17:58 | 00,024,064 | -HS- | M] ( ) -- C:\Documents and Settings\Benito\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/07 17:17:58 | 00,000,651 | -HS- | M] () -- C:\Documents and Settings\Benito\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/06 18:12:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/04 12:37:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/04 12:37:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/03 21:03:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/03 21:03:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/03 14:01:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/03 14:01:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/03 13:52:27 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/29 20:26:53 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\bazasomo
[2009/04/29 20:25:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 20:24:57 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Benito\Desktop\CCleaner.lnk
[2009/04/29 18:41:56 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/04/29 18:41:56 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/04/29 18:41:51 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/29 18:17:37 | 00,443,556 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/29 18:17:37 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/29 18:17:37 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/29 18:16:40 | 00,101,888 | ---- | M] () -- C:\ohkbrkoo.exe
[2009/04/29 18:16:26 | 00,000,002 | ---- | M] () -- C:\1282840284
[2009/04/29 17:59:10 | 00,101,888 | ---- | M] () -- C:\wwmeoblk.exe
[2009/04/29 17:58:45 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\sesifune.exe
[2009/04/28 19:05:04 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Benito\Desktop\gmer.exe
[2009/04/23 00:41:35 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Benito\My Documents\MARKETING MARGINALIZED CULTURES.doc
[2009/04/23 00:41:08 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Benito\My Documents\THE MODERNIST EVENT.doc
[2009/04/23 00:33:46 | 00,014,369 | ---- | M] () -- C:\Documents and Settings\Benito\My Documents\THE MODERNIST EVENT.docx
[2009/04/22 22:40:11 | 00,014,163 | ---- | M] () -- C:\Documents and Settings\Benito\My Documents\WE ARENT ON THE WRONG SIDE WE ARE THE WRONG SIDE.docx
[2009/04/22 20:55:16 | 00,014,368 | ---- | M] () -- C:\Documents and Settings\Benito\My Documents\THE WHITES OF THEIR EYES.docx
[2009/04/22 16:30:01 | 00,018,190 | ---- | M] () -- C:\Documents and Settings\Benito\My Documents\THE WEDDING BANQUET GLOBAL CHINESE CINEMA AND THE ASIAN AMERICAN EXPERIENCE.docx
[2009/04/22 13:17:30 | 00,013,797 | ---- | M] () -- C:\Documents and Settings\Benito\My Documents\MARKETING MARGINALIZED CULTURES.docx
< End of report >
Sir Burley Bee is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 05-11-2009, 01:45 PM   #4 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Redirects, etc.
Hello, Sir Burley Bee :)
Quote:
[2009/05/07 16:54:24 | 00,000,000 | ---D | C] -- C:\Avenger
What the heck did you try to point Avenger at????

We need to run an OTListIt2 Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    Code:
    :processes
rundll32.exe
:otli
FF - prefs.js..extensions.enabledItems: {9CF3B9C1-6165-440F-AB73-E88E8963E164}:1.0
O2 - BHO: (no name) - {3e6f6aff-f562-43a4-a7c7-41a3a6b65a90} - Reg Error: Value error. File not found
O2 - BHO: () - {7924a6e6-8c39-4405-abbd-5c823a94e1a2} - c:\windows\system32\lsfjkjs.dll (Microsoft Corporation)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\lky6lsfv.exe ()
O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3876367926.exe ()
O4 - HKU\.DEFAULT..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\lky6lsfv.exe ()
O4 - HKU\S-1-5-18..\Run: [] C:\WINDOWS\TEMP\lky6lsfv.exe ()
O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3876367926.exe ()
O4 - HKU\S-1-5-18..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\lky6lsfv.exe ()
O4 - HKLM..\Run: [autochk] 
O4 - Startup: C:\Documents and Settings\Benito\Start Menu\Programs\Startup\ChkDisk.dll ( )
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\mavufobo.dll) - C:\WINDOWS\system32\mavufobo.dll File not found
O20 - Winlogon\Notify\rcdqshbz: DllName - lsfjkjs.dll - C:\WINDOWS\system32\lsfjkjs.dll (Microsoft Corporation)
:files
C:\WINDOWS\system32\autochk.dll
C:\Documents and Settings\Benito\Start Menu\Programs\Startup\ChkDisk.dll
C:\Documents and Settings\Benito\Start Menu\Programs\Startup\ChkDisk.lnk
C:\ohkbrkoo.exe
C:\wwmeoblk.exe
C:\WINDOWS\System32\drivers\97e00a9c.sys
C:\1282840284
C:\WINDOWS\tasks\At??.job
C:\WINDOWS\IfoEdit.INI
c:\windows\system32\drivers\zxioruaz.sys
C:\WINDOWS\System32\bazasomo
C:\WINDOWS\System32\sesifune.exe
:services
zxioruaz
  3. Push
  4. OTLI2 may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

In your next reply, please include the following:
  • OTListIt2 Fix Log
  • A new OTListIt2 log (Scan Mode Again)

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 05-11-2009, 02:40 PM   #5 (permalink)
Registered User
 
Join Date: May 2009
Posts: 4
OS: Windows XP SP2


Re: Redirects, etc.
Billy,

I am not able to run the fix. When the program begins processing the second entry beginning with '02', my computer becomes extremely noisy and the program freezes.
Sir Burley Bee is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 05-12-2009, 04:19 PM   #6 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Redirects, etc.
Hello, Sir Burley Bee :)
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author:

How to run ComboFix:
  1. Please download ComboFix from one of the following mirrors, and save it to your desktop.
  2. Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  3. Double click on your desktop.
  4. Read and accept (Press Yes) to the disclaimer.
  5. For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  6. ComboFix will run. Simply wait for it to finish.
  7. When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)

NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 05-19-2009, 05:32 PM   #7 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Redirects, etc.
Hello, Sir Burley Bee :)
Are you still here?

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 05-20-2009, 08:08 PM   #8 (permalink)
Registered User
 
Join Date: May 2009
Posts: 4
OS: Windows XP SP2


Re: Redirects, etc.
Yes sir, apologies for the delay. Here's the log.

ComboFix 09-05-20.09 - Benito 05/20/2009 19:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.681 [GMT -4:00]
Running from: c:\documents and settings\Benito\Desktop\GlobRemover.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Benito\protect.dll
c:\documents and settings\Benito\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Benito\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\__c007C8D7.dat
c:\windows\system32\ak1.exe
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\bxqwafbf.sys
c:\windows\system32\drivers\ovfsthybffrkrwannaveobdkfrvhcbgpvnbvun.sys
c:\windows\system32\drivers\zxioruaz.sys
c:\windows\system32\lmn_setup.exe
c:\windows\system32\lsfjkjs.dll
c:\windows\system32\ovfsthaejpmcjinupkweyibjyvyldedrwokasd.dll
c:\windows\system32\ovfsthcqhqarfiyoxfgqdfdaapnibjljpyueqj.dat
c:\windows\system32\ovfsthdnmktovghllfudiidnlokrtymwrsboyy.dat
c:\windows\system32\ovfsthponppmixgqitoapofaprfbpoubvncqnl.dll
c:\windows\system32\ovfsthuldokfwykakqmtbnewaldffglpoxbwbn.dll
c:\windows\system32\qqailucg.dll
c:\windows\system32\sesifune.exe
c:\windows\system32\tqsszmf.dll
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\At1.job
c:\windows\Temp\101545590.exe
c:\windows\Temp\103576840.exe
c:\windows\Temp\123969662.exe
c:\windows\Temp\125877212.exe
c:\windows\Temp\1318290148.exe
c:\windows\Temp\1382693854.exe
c:\windows\Temp\1384587216.exe
c:\windows\Temp\1421640430.exe
c:\windows\Temp\1468787604.exe
c:\windows\Temp\153213736.exe
c:\windows\Temp\1859797980.exe
c:\windows\Temp\2313039234.exe
c:\windows\Temp\2598969662.exe
c:\windows\Temp\2663217118.exe
c:\windows\Temp\2759227648.exe
c:\windows\Temp\2785204924.exe
c:\windows\Temp\3052054666.exe
c:\windows\Temp\3140321244.exe
c:\windows\Temp\3593718748.exe
c:\windows\Temp\3879492926.exe
c:\windows\Temp\39016884.exe
c:\windows\Temp\4062032702.exe
c:\windows\Temp\528696938.exe
c:\windows\Temp\579274716.exe
c:\windows\Temp\73057486.exe
c:\windows\Temp\890248368.exe

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\init32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthtofhrtcoqeglhgjgeubmakbniucdqatf
-------\Legacy_aodrrhsg
-------\Legacy_zxioruaz
-------\Service_aodrrhsg
-------\Service_zxioruaz


((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-20 23:41 . 2009-05-20 23:42 -------- d-----w C:\ComboFix
2009-05-20 19:36 . 2009-05-20 20:06 28672 ----a-w c:\windows\system32\service-466.exe
2009-05-18 19:45 . 2009-05-18 19:45 37376 ----a-w c:\windows\system32\glsetup.exe
2009-05-11 20:24 . 2009-05-11 20:24 -------- d-----w C:\_OTListIt
2009-05-11 19:24 . 2009-05-11 19:24 -------- d-----w c:\program files\ERUNT
2009-05-08 18:01 . 2009-05-08 18:01 -------- d-----w c:\program files\Windows Defender
2009-05-07 17:18 . 2009-05-07 17:18 -------- d-----w c:\program files\ESET
2009-05-07 17:14 . 2009-05-07 17:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-03 18:03 . 2009-05-03 18:04 -------- d-----w c:\documents and settings\Administrator
2009-04-30 00:25 . 2009-04-30 00:25 -------- d-----w c:\documents and settings\Benito\Application Data\Malwarebytes
2009-04-30 00:25 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 00:25 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 00:25 . 2009-04-30 00:25 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 00:25 . 2009-04-30 00:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 00:24 . 2009-04-30 00:24 -------- d-----w c:\program files\CCleaner
2009-04-29 22:16 . 2009-05-21 00:07 101884 ----a-w c:\windows\system32\drivers\aec289bc.sys
2009-04-29 22:07 . 2009-05-03 17:47 -------- d-----w c:\program files\Lavasoft
2009-04-29 22:07 . 2009-05-03 17:47 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-29 21:59 . 2009-04-29 22:16 101888 ----a-w C:\ohkbrkoo.exe
2009-04-29 21:59 . 2009-04-29 22:16 205824 ----a-w C:\xmrgycj.exe
2009-04-29 21:59 . 2009-04-29 21:59 101888 ----a-w C:\wwmeoblk.exe
2009-04-29 21:59 . 2009-05-21 00:07 101884 ----a-w c:\windows\system32\drivers\97e00a9c.sys
2009-04-27 00:20 . 2009-04-29 23:10 -------- d-----w c:\program files\VstPlugins
2009-04-27 00:20 . 2006-06-20 08:56 225280 ----a-w c:\windows\system32\rewire.dll
2009-04-27 00:19 . 2009-04-27 00:19 -------- d-----w c:\program files\Outsim
2009-04-27 00:17 . 2009-04-29 23:12 -------- d-----w c:\program files\Image-Line

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 00:07 . 2008-10-05 17:44 -------- d-----w c:\program files\Smart Desktop Calendar
2009-05-07 17:13 . 2008-09-19 17:54 -------- d-----w c:\program files\Java
2009-04-29 21:58 . 2009-04-29 21:58 33792 ----a-w c:\program files\ysnionkl.tmp
2009-03-08 22:06 . 2008-09-29 10:57 284 ----a-w c:\windows\esettrialreset.reg
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2005-05-26 18:35 . 2008-09-20 02:58 1422 ----a-w c:\program files\ReadMe.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-07 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

c:\documents and settings\Benito\Start Menu\Programs\Startup\
Smart Desktop Calendar.lnk - c:\program files\Smart Desktop Calendar\SmartDesktopCalendar.exe [2006-9-5 2039808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-9-19 270336]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Benito\\Desktop\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 12:45 AM 124832]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [9/19/2008 1:30 PM 200192]
S2 .esettrialreset;Eset Trial Reset;c:\windows\system32\regedt32.exe [8/4/2004 8:00 AM 3584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ZXIORUAZ
*Deregistered* - zxioruaz

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UsaufvqoSem
.
Contents of the 'Scheduled Tasks' folder

2009-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3e6f6aff-f562-43a4-a7c7-41a3a6b65a90} - (no file)
HKU-Default-Run-A00F19E5FD29.exe - c:\windows\TEMP\_A00F19E5FD29.exe
Notify-__c007c8d7 - c:\windows\system32\__c007C8D7.dat


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Benito\Application Data\Mozilla\Firefox\Profiles\8voxy251.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 20:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?1?3?0??P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\97e00a9c]
"ImagePath"="\SystemRoot\System32\drivers\97e00a9c.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-05-21 20:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-21 00:10

Pre-Run: 10,166,673,408 bytes free
Post-Run: 10,164,998,144 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

253 --- E O F --- 2009-04-17 16:16
Sir Burley Bee is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 05-20-2009, 08:20 PM   #9 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Redirects, etc.
Hello, Sir Burley Bee :)
Well I have to be honest in stating that's one of the nastiest logs I've seen in quite some time lol.

There is Evedence of Cracked/ILLEGAL software on this machine!
Using cracked/illegal software compromises your system security, and increases your chance of infection.
Please read the policy here at TSF for Cracked software: Cracked (Illegal) Software
I will continue to help here, but I know several helpers who would not be so nice.

Thivery is NOT justifyable! -- Don't put yourself in this position otherwise other helpers here may have a major problem helping you.

We need to re-run ComboFix with some additonal directives.
  1. Please disable any running anti-virus programs.
    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/topic114351.html
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  4. Open notepad and copy/paste the text in the quotebox below into it:
    Code:
    collect::
c:\windows\system32\service-466.exe
c:\windows\system32\glsetup.exe
c:\windows\system32\regedt32.exe
C:\ohkbrkoo.exe
C:\xmrgycj.exe
C:\wwmeoblk.exe
c:\windows\system32\drivers\97e00a9c.sys
c:\program files\ysnionkl.tmp
c:\windows\esettrialreset.reg
driver::
.esettrialreset
UsaufvqoSem
Netsvc::
UsaufvqoSem
  5. Save this as CFScript.txt, in the same location as ComboFix.exe

  6. Refering to the picture above, drag CFScript into ComboFix.exe
  7. When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Last edited by Billy O'Neal; 05-20-2009 at 08:29 PM.
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 05-29-2009, 02:03 PM   #10 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Redirects, etc.
Hello, Sir Burley Bee :)
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:01 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85