Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected, gogole searches redirected


  • This topic is locked This topic is locked
17 replies to this topic

#1 Rage Manager

Rage Manager

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 April 2009 - 06:18 PM

Hi, to give a bit of background: I share this computer, so I cant pinpoint exactly when this started to happen. But a while ago my computer got infected with something, i'm not sure what, and it was redirecting all google searches to 3rd party sites selling products. I had AVG installed at the time and ran it and found one or two suspicious entries and deleted them. This seemed to fix the problem for a while, however it appears that I'm still infected but now the infection is more subtle. I discovered this when I opened "what's running?" and under the IP tab saw it wasn't google.com i was accessing, but "yw-in-f99.google.com" or something similar. Upon further investigation i discovered when i do a google search only one out of say 10 clicks will redirect me someplace else. I can still operate anti spyware and when I access websites directly they seem unaffected by this. So i downloaded additional anti spyware to try to solve the problem, and thought I caught a few suspicious files / programs, but nothing can seem to get a fix on this issue. So I'm hoping you fine people can help me remedy this situation.


Here is the log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Brian at 17:39:47.46 on Thu 04/09/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2191 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Webroot Spy Sweeper *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CMS Products\BounceBack Professional\BBWatcherService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\WhatsRunning\WhatsRunning.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AVGTOOLBAR: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVGTOOLBAR: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\cssdll32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\holekaju.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\rkvhokhg.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-25 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-2 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-13 29808]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-14 11840]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-25 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-14 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-14 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-14 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-14 151297]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-14 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-14 298264]
R2 BBWatcherService;BBWatcherService;c:\program files\cms products\bounceback professional\BBWatcherService.exe [2008-12-27 36864]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-14 700152]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-2-16 2749224]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-13 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-3-8 1180976]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-4 93696]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-14 52032]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-2-16 15656]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-04-08 18:42 <DIR> --d----- c:\program files\Ventrilo
2009-04-08 18:42 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-04-08 06:39 <DIR> --d----- C:\WTablet
2009-03-22 16:00 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-22 16:00 14,048 -------- c:\windows\system32\spmsg2.dll
2009-03-22 15:58 <DIR> --d----- c:\windows\system32\xlive
2009-03-22 15:58 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-03-22 14:23 <DIR> --d----- c:\program files\Steam
2009-03-22 12:41 <DIR> --d----- c:\program files\Gmask 1.70 English
2009-03-20 01:15 <DIR> --d----- c:\program files\ABC Amber LIT Converter
2009-03-16 20:27 <DIR> --d----- c:\docume~1\brian\applic~1\BitTorrent
2009-03-16 20:27 <DIR> --d----- c:\program files\DNA
2009-03-16 20:27 <DIR> --d----- c:\program files\BitTorrent
2009-03-16 20:27 <DIR> --d----- c:\docume~1\brian\applic~1\DNA
2009-03-16 06:48 <DIR> --d----- c:\program files\ICE Book Reader Professional
2009-03-14 11:43 <DIR> --d----- C:\reports
2009-03-14 00:53 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-14 00:43 249,592 a------- c:\windows\system32\cssdll32.dll
2009-03-14 00:42 155,384 a------- c:\windows\system32\guard32.dll
2009-03-14 00:42 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-03-14 00:42 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-03-14 00:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\comodo
2009-03-14 00:42 <DIR> --d----- c:\program files\COMODO
2009-03-14 00:41 <DIR> --d----- c:\program files\Avira
2009-03-14 00:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-14 00:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-03-14 00:13 <DIR> --d----- c:\program files\Security Task Manager
2009-03-13 17:55 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-13 17:48 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-13 17:35 <DIR> --d----- c:\program files\Trend Micro
2009-03-13 17:27 <DIR> --d----- c:\windows\pss
2009-03-13 17:26 <DIR> --d----- c:\program files\reg backup
2009-03-12 22:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-12 22:25 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-12 22:25 <DIR> --d----- c:\docume~1\brian\applic~1\SUPERAntiSpyware.com
2009-03-12 22:25 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-12 21:55 <DIR> --d----- c:\docume~1\brian\applic~1\Malwarebytes
2009-03-12 21:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-12 21:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 21:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-12 21:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-12 21:51 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-03-25 19:26 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-14 00:37 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-14 00:37 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-13 17:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-07 21:51 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-07 21:50 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-14 21:12 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2009-02-14 20:59 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-02-14 18:19 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-14 13:08 1,553,784 a------- c:\windows\WRSetup.dll
2009-02-13 18:09 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-02-13 18:09 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-13 18:09 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\win32k.sys
0000-00-00 00:00 0 a--sh--- c:\windows\system32\hupemubo.dll
0000-00-00 00:00 0 a--sh--- c:\windows\system32\nubagahi.dll
0000-00-00 00:00 0 a--sh--- c:\windows\system32\zuguhofa.dll

============= FINISH: 17:41:46.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:22 PM

Posted 10 April 2009 - 07:02 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Rage Manager

Rage Manager
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 April 2009 - 10:47 AM

Hi Sam, thanks for getting back to me so quickly.

I ran the OTlistIT2 and it did not give me any problems. I didn't know how far back you wanted me to do the scan for, so to be safe i set it for 60 days. It created two lists after it was done, so i've pasted both below and attached them to this post to be safe.

Here are the two result lists the program created:

OTListIt logfile created on: 4/11/2009 10:21:13 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Brian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 807.58 Gb Free Space | 86.70% Space Free | Partition Type: NTFS
Drive D: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAUM-7F4C70891F
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 60 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/08 02:44:18 | 01,180,976 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2008/06/02 22:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/03/14 11:56:34 | 00,700,152 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2008/06/02 22:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2009/03/14 00:37:38 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/01/04 12:46:10 | 00,036,864 | ---- | M] (CMS Products™, Inc.) -- C:\Program Files\CMS Products\BounceBack Professional\BBWatcherService.exe
PRC - [2009/03/14 00:37:37 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/03/14 00:37:45 | 00,485,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2006/02/28 15:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/13 17:55:03 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/30 14:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/13 18:09:12 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2008/10/30 14:14:00 | 00,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2008/10/30 14:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2009/03/14 00:37:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/03/14 00:37:45 | 00,691,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/03/14 00:37:42 | 01,932,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/07/17 14:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2009/03/14 00:43:11 | 00,278,264 | ---- | M] (COMODO) -- C:\Program Files\COMODO\SafeSurf\cssurf.exe
PRC - [2007/12/07 19:42:02 | 00,376,832 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2007/07/17 14:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/03/14 11:56:38 | 01,851,128 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/03/14 00:37:40 | 00,593,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/02/14 13:08:42 | 06,308,728 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/03/26 14:11:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 10:20:09 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/20 19:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
SRV - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 10:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/06/02 22:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/06/03 00:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/03/14 00:37:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/03/14 00:37:38 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/01/04 12:46:10 | 00,036,864 | ---- | M] (CMS Products™, Inc.) -- C:\Program Files\CMS Products\BounceBack Professional\BBWatcherService.exe -- (BBWatcherService [Auto | Running])
SRV - [2006/02/28 15:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 10:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/14 11:56:34 | 00,700,152 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2009/02/14 23:47:59 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 07:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/13 17:55:03 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/13 17:31:46 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2006/10/27 03:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/10/30 14:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
SRV - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2009/02/13 18:09:12 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2009/03/08 02:44:18 | 01,180,976 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/06/03 01:20:54 | 03,100,160 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/05/20 18:53:36 | 00,093,696 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/14 00:37:45 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/02/14 20:59:38 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2009/02/14 20:59:31 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/03/25 19:26:20 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2008/02/27 15:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2009/03/14 11:56:54 | 00,110,992 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/03/14 11:58:20 | 00,024,336 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2004/10/25 23:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2008/04/14 07:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/03/14 11:58:18 | 00,080,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
DRV - [2008/10/02 06:01:46 | 04,878,336 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/04/11 18:32:30 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2007/04/11 18:32:38 | 00,063,248 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2009/03/07 21:50:57 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2007/04/11 18:32:52 | 00,034,832 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007/04/11 18:32:58 | 00,036,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2007/04/11 18:33:06 | 00,079,376 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2007/08/31 15:39:58 | 00,010,240 | ---- | M] (CMS Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\portd64.sys -- (portio [On_Demand | Running])
DRV - [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/09/25 08:51:42 | 00,115,328 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2009/02/17 11:43:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/02/17 11:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/02/17 11:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/02/13 18:09:24 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
DRV - [2009/02/13 18:09:24 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd [Boot | Running])
DRV - [2009/02/13 18:09:26 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv [Boot | Running])
DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2009/02/14 21:12:31 | 00,215,872 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt [System | Running])
DRV - [2008/10/06 14:53:24 | 00,015,656 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Running])
DRV - [2007/02/16 14:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2008/07/11 14:16:50 | 00,013,352 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV - [2007/02/15 19:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\PE_C_ADMINISTRATOR\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PE_C_AMY\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\PE_C_AMY\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\PE_C_AMY\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003\S-1-5-21-1409082233-1123561945-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {846B56E6-4DD5-4F9F-839D-DE7B083F6F23}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080710
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/02/14 21:41:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/02/14 21:41:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/13 17:55:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/08 23:01:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/08 23:01:32 | 00,000,000 | ---D | M]

[2009/04/08 23:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Extensions
[2009/04/08 23:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/08 23:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\rkvhokhg.default\extensions
[2009/04/10 06:59:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/01 23:19:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{846B56E6-4DD5-4F9F-839D-DE7B083F6F23}
[2009/04/08 23:01:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/13 17:55:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/26 14:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 14:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 13:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 13:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 13:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 13:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 13:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 13:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 13:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (312232 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10750 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe [2009/02/15 00:02:52 | 00,000,000 | ---D | M]
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVGTOOLBAR) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe [2009/02/15 00:02:52 | 00,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (AVGTOOLBAR) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O4 - HKLM..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe" (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s (COMODO)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKU\PE_C_ADMINISTRATOR..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
O4 - HKU\PE_C_ADMINISTRATOR..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_AMY\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\PE_C_ADMINISTRATOR\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\PE_C_AMY\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1409082233-1123561945-1417001333-1003\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\cssdll32.dll) - C:\WINDOWS\system32\cssdll32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\s) - File not found
O30 - LSA: Security Packages - (ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings...) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/04 12:04:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/25 17:19:18 | 00,000,031 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/09/08 16:13:25 | 00,000,058 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/11 10:20:09 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTListIt2.exe
[2009/04/09 17:38:18 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\dds(2).scr
[2009/04/09 17:36:55 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\dds.scr
[2009/04/08 23:01:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Mozilla
[2009/04/08 23:01:34 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/08 18:43:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Ventrilo
[2009/04/08 18:42:56 | 00,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2009/04/08 18:42:56 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009/04/08 18:42:55 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/08 06:39:09 | 00,000,000 | ---D | C] -- C:\WTablet
[2009/04/07 18:08:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/22 16:04:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/03/22 16:04:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\My Games
[2009/03/22 16:00:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/22 16:00:18 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/22 16:00:04 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/03/22 15:58:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2009/03/22 15:58:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/03/22 15:43:42 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/03/22 15:43:42 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/03/22 15:43:41 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/03/22 15:43:40 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/03/22 15:43:40 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/03/22 15:43:40 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/03/22 15:43:39 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/03/22 15:43:39 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/03/22 15:43:39 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/03/22 15:43:39 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/03/22 15:43:38 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/03/22 15:43:38 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/03/22 15:43:38 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/03/22 15:43:37 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/03/22 15:43:37 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/03/22 15:43:36 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/03/22 15:43:36 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/03/22 15:43:36 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/03/22 15:43:36 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/03/22 15:43:35 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/03/22 15:43:34 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/03/22 15:43:34 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/03/22 15:43:34 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/03/22 15:43:33 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/03/22 15:43:33 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/03/22 15:43:33 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/03/22 15:43:32 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/03/22 15:43:32 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/03/22 15:43:32 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/03/22 15:43:31 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/03/22 15:43:31 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/03/22 15:43:31 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/03/22 15:43:30 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/03/22 15:43:30 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/03/22 15:43:29 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/03/22 15:43:29 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/03/22 15:43:28 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/03/22 15:43:27 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/03/22 15:43:27 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/03/22 15:43:26 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/03/22 15:43:26 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/03/22 15:43:26 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/03/22 15:43:26 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/03/22 15:43:25 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/03/22 15:43:25 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/03/22 15:43:25 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/03/22 15:43:25 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/03/22 15:43:24 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/03/22 15:43:19 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/03/22 15:43:19 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/03/22 15:43:19 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/03/22 15:43:18 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/03/22 15:43:18 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/03/22 15:43:17 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/03/22 15:43:17 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/03/22 15:43:16 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/03/22 15:43:15 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/03/22 14:30:17 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Warhammer 40,000 Dawn of War II.lnk
[2009/03/22 14:23:18 | 00,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/03/22 14:23:18 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/03/22 12:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Gmask 1.70 English
[2009/03/20 01:15:30 | 00,000,737 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\ABC Amber LIT Converter.lnk
[2009/03/20 01:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\ABC Amber LIT Converter
[2009/03/16 20:27:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\BitTorrent
[2009/03/16 20:27:19 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/03/16 20:27:19 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/03/16 20:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\DNA
[2009/03/16 20:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\DNA
[2009/03/16 06:48:59 | 00,000,000 | ---D | C] -- C:\Program Files\ICE Book Reader Professional
[2009/03/14 16:50:48 | 00,000,727 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Internet Explorer.lnk
[2009/03/14 11:43:23 | 00,000,000 | ---D | C] -- C:\reports
[2009/03/14 00:53:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/03/14 00:51:25 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/03/14 00:43:11 | 00,249,592 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2009/03/14 00:42:24 | 00,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/03/14 00:42:24 | 00,110,992 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/03/14 00:42:24 | 00,080,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/03/14 00:42:24 | 00,024,336 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/03/14 00:42:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\comodo
[2009/03/14 00:42:21 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/03/14 00:41:36 | 00,001,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009/03/14 00:41:29 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/03/14 00:41:29 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/03/14 00:41:29 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/03/14 00:41:29 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/03/14 00:41:28 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/03/14 00:41:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/03/14 00:13:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/03/14 00:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/03/13 18:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Desktop\New Folder
[2009/03/13 17:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/03/13 17:48:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/03/13 17:35:53 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\HijackThis.lnk
[2009/03/13 17:35:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/13 17:27:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/13 17:26:41 | 00,000,000 | ---D | C] -- C:\Program Files\reg backup
[2009/03/12 22:25:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/12 22:25:33 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/12 22:25:31 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/12 22:25:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\SUPERAntiSpyware.com
[2009/03/12 22:25:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/12 21:55:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Malwarebytes
[2009/03/12 21:55:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/12 21:55:15 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/12 21:55:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/12 21:55:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/12 21:55:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/12 21:51:14 | 00,001,550 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\CCleaner.lnk
[2009/03/12 21:51:13 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/03/08 02:48:22 | 00,001,644 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L109629397CFA4883861F8587C3F278FF.job
[2009/03/08 02:44:17 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/03/08 02:44:17 | 00,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/03/08 02:44:00 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/03/08 02:43:43 | 01,553,784 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/03/08 02:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/03/08 02:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Webroot
[2009/03/08 02:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2009/03/08 02:43:28 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/07 18:56:03 | 00,000,217 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/04 20:49:09 | 21,244,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/04 20:48:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/02 20:16:38 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/03/02 20:16:38 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/03/02 20:15:56 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/03/02 20:15:55 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/03/02 20:15:55 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/03/02 20:15:55 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/03/02 20:15:52 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/03/02 20:14:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/03/02 20:13:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/03/02 20:10:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/03/02 19:48:53 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/02 19:46:10 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/02 19:46:03 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/02 19:45:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/03/01 23:25:02 | 00,000,213 | -HS- | C] () -- C:\WINDOWS\System32\nagalaka.dll
[2009/03/01 23:25:02 | 00,000,213 | -HS- | C] () -- C:\WINDOWS\System32\jetanibo.dll
[2009/03/01 23:25:02 | 00,000,213 | -HS- | C] () -- C:\WINDOWS\System32\januzesi.dll
[2009/03/01 23:24:46 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\senekahvapbimf.dat.rmv
[2009/03/01 23:19:45 | 00,060,374 | ---- | C] () -- C:\WINDOWS\System32\senekahtvjnsdb.dat.rmv
[2009/03/01 12:03:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Help
[2009/03/01 12:03:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Help
[2009/03/01 11:07:15 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/03/01 11:07:15 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/03/01 11:06:11 | 00,075,324 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EBPMON2.DLL
[2009/03/01 11:06:11 | 00,064,000 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ECBTEG.DLL
[2009/03/01 11:06:11 | 00,034,304 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EBPCHP.DLL
[2009/03/01 11:06:11 | 00,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009/03/01 11:06:11 | 00,000,000 | ---D | C] -- C:\Program Files\EPSON
[2009/03/01 11:06:04 | 00,000,000 | ---D | C] -- C:\epson
[2009/02/28 23:27:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\My Library
[2009/02/28 23:27:02 | 00,057,436 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\DASShp.dll
[2009/02/28 23:27:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Reader
[2009/02/27 23:09:02 | 00,000,000 | ---D | C] -- C:\books
[2009/02/27 23:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\WinRAR
[2009/02/27 23:08:23 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/02/25 21:23:48 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\Amy K resume1.doc
[2009/02/23 02:42:11 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\Amy K resume.doc
[2009/02/23 02:40:23 | 00,013,504 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\Amy K resume.docx
[2009/02/20 02:38:04 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/19 03:57:22 | 00,013,476 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\Amy K resume for Delta Companies.docx
[2009/02/16 22:59:58 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Adobe Photoshop CS3.lnk
[2009/02/16 22:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\WTablet
[2009/02/16 22:56:06 | 06,525,736 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomTablet.cpl
[2009/02/16 22:56:06 | 01,651,788 | ---- | C] () -- C:\WINDOWS\System32\WacomTablet.znc
[2009/02/16 22:56:03 | 00,011,440 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\WacomVKHid.sys
[2009/02/16 22:55:52 | 00,013,352 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
[2009/02/16 22:55:52 | 00,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
[2009/02/16 22:55:48 | 00,015,656 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys
[2009/02/16 22:55:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2009/02/16 22:55:45 | 02,749,224 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
[2009/02/16 22:55:45 | 00,182,056 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll
[2009/02/16 22:55:45 | 00,172,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2009/02/16 22:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\Tablet
[2009/02/16 09:43:32 | 00,013,403 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Amy K.docx
[2009/02/15 23:53:19 | 00,001,624 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Trillian.lnk
[2009/02/15 23:52:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/02/15 13:13:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\Updater5
[2009/02/15 01:32:57 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/15 00:18:25 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/02/15 00:17:52 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/02/15 00:17:47 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/02/15 00:17:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/02/15 00:17:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/02/15 00:17:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/02/15 00:16:10 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/02/15 00:15:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/02/15 00:15:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft Help
[2009/02/15 00:15:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/02/15 00:15:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/02/15 00:14:56 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/02/15 00:07:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\TrueCrypt
[2009/02/15 00:06:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/02/15 00:01:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/02/14 23:57:15 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/14 23:56:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Adobe
[2009/02/14 23:54:28 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/02/14 23:54:28 | 00,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2009/02/14 23:52:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/02/14 23:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/02/14 23:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/02/14 23:47:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/02/14 23:47:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\Downloads
[2009/02/14 23:46:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/02/14 21:32:33 | 00,000,000 | ---D | C] -- C:\Music
[2009/02/14 21:12:32 | 00,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk
[2009/02/14 21:12:31 | 00,215,872 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2009/02/14 21:12:31 | 00,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2009/02/14 21:11:18 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/02/14 21:10:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/02/14 21:10:31 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2009/02/14 21:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Winamp
[2009/02/14 21:06:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\My Playlists
[2009/02/14 21:05:13 | 00,000,354 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to D&D.lnk
[2009/02/14 21:02:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\old doc
[2009/02/14 21:01:57 | 00,178,176 | ---- | C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/14 21:01:03 | 00,000,341 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to My Documents.lnk
[2009/02/14 20:59:06 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to SDMain.lnk
[2009/02/14 20:56:01 | 00,000,295 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to BB ©.lnk
[2009/02/14 20:33:02 | 00,000,000 | ---D | C] -- C:\winamp
[2009/02/14 20:32:54 | 00,000,000 | ---D | C] -- C:\riff trax
[2009/02/14 19:54:16 | 00,000,000 | ---D | C] -- C:\P
[2009/02/14 19:54:10 | 00,000,000 | ---D | C] -- C:\Old-Funnybio-WorkWork
[2009/02/14 19:54:03 | 00,000,000 | ---D | C] -- C:\olderdata
[2009/02/14 19:53:48 | 00,000,000 | ---D | C] -- C:\Brian-resume
[2009/02/14 19:53:43 | 00,000,000 | ---D | C] -- C:\a-webpage
[2009/02/14 19:53:10 | 00,000,000 | ---D | C] -- C:\D&D
[2009/02/14 19:52:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\My Documents\docs
[2009/02/14 19:52:02 | 00,000,000 | ---D | C] -- C:\3dsmax
[2009/02/14 19:51:47 | 00,000,000 | ---D | C] -- C:\old doc
[2009/02/14 19:43:26 | 00,000,000 | ---D | C] -- C:\nic suit
[2009/02/14 19:42:57 | 00,000,000 | ---D | C] -- C:\utilties&records
[2009/02/14 19:41:26 | 00,000,000 | ---D | C] -- C:\ART
[2009/02/14 18:22:44 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\What's Running.lnk
[2009/02/14 18:19:29 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/02/14 18:19:09 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009/02/14 18:19:09 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2009/02/13 18:09:26 | 00,176,752 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2009/02/13 18:09:24 | 00,029,808 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[2009/02/13 18:09:24 | 00,023,152 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2009/02/13 18:09:18 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/13 18:09:10 | 00,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2008/12/25 17:44:35 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/12/04 12:24:17 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/10/28 17:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/04/14 07:00:00 | 00,000,947 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1900/01/01 12:00:00 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\zuguhofa.dll
[1900/01/01 12:00:00 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\nubagahi.dll
[1900/01/01 12:00:00 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\hupemubo.dll

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/11 10:20:09 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTListIt2.exe
[2009/04/11 08:31:18 | 35,043,589 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/11 08:31:18 | 00,093,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/10 17:22:06 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 12:29:48 | 00,001,624 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Trillian.lnk
[2009/04/10 01:00:04 | 00,001,644 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L109629397CFA4883861F8587C3F278FF.job
[2009/04/09 17:38:23 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\dds(2).scr
[2009/04/09 17:37:00 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\dds.scr
[2009/04/09 17:20:02 | 00,178,176 | ---- | M] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 23:21:22 | 00,312,232 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/08 23:01:34 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/08 22:47:57 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/08 22:46:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/08 22:46:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/08 19:21:21 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/04/08 19:21:20 | 00,000,947 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/08 19:21:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/08 18:42:57 | 00,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/08 18:42:56 | 00,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2009/04/08 17:48:27 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Internet Explorer.lnk
[2009/04/07 18:16:00 | 00,304,232 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090408-232122.backup
[2009/04/07 18:08:55 | 01,565,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 18:46:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 19:26:20 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/23 21:22:33 | 00,070,848 | ---- | M] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/22 16:03:31 | 00,504,926 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/22 16:03:31 | 00,430,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/22 16:03:31 | 00,067,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/22 14:30:17 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Warhammer 40,000 Dawn of War II.lnk
[2009/03/22 14:23:18 | 00,001,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/03/20 01:15:30 | 00,000,737 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\ABC Amber LIT Converter.lnk
[2009/03/14 11:58:20 | 00,024,336 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/03/14 11:58:18 | 00,080,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/03/14 11:56:57 | 00,155,384 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2009/03/14 11:56:54 | 00,110,992 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/03/14 10:46:57 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\HijackThis.lnk
[2009/03/14 00:51:25 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/03/14 00:43:11 | 00,249,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2009/03/14 00:41:36 | 00,001,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009/03/14 00:37:45 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/14 00:37:45 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/12 22:25:33 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/12 21:55:15 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/12 21:51:14 | 00,001,550 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\CCleaner.lnk
[2009/03/12 21:39:15 | 00,302,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090407-181600.backup
[2009/03/08 02:48:28 | 00,302,562 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090312-213907.backup
[2009/03/08 02:44:17 | 00,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/03/08 02:43:28 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/03/07 21:51:06 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/07 21:50:57 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/07 21:48:26 | 00,000,217 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/02 19:45:17 | 00,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/02 19:32:49 | 00,302,468 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090307-122143.backup
[2009/03/02 19:31:51 | 00,302,468 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090302-183249.backup
[2009/03/02 19:24:39 | 04,835,392 | -H-- | M] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\IconCache.db
[2009/03/02 19:10:19 | 00,060,374 | ---- | M] () -- C:\WINDOWS\System32\senekahtvjnsdb.dat.rmv
[2009/03/02 19:10:19 | 00,000,059 | ---- | M] () -- C:\WINDOWS\System32\senekahvapbimf.dat.rmv
[2009/03/01 23:31:11 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\bisodeve
[2009/03/01 23:25:02 | 00,000,213 | -HS- | M] () -- C:\WINDOWS\System32\nagalaka.dll
[2009/03/01 23:25:02 | 00,000,213 | -HS- | M] () -- C:\WINDOWS\System32\jetanibo.dll
[2009/03/01 23:25:02 | 00,000,213 | -HS- | M] () -- C:\WINDOWS\System32\januzesi.dll
[2009/02/25 21:23:48 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\Amy K resume1.doc
[2009/02/23 02:42:11 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\Amy K resume.doc
[2009/02/23 02:40:23 | 00,013,504 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\Amy K resume.docx
[2009/02/19 03:57:22 | 00,013,476 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\Amy K resume for Delta Companies.docx
[2009/02/18 23:18:14 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/16 22:59:58 | 00,000,864 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Adobe Photoshop CS3.lnk
[2009/02/16 09:43:32 | 00,013,403 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Amy K.docx
[2009/02/14 21:12:32 | 00,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk
[2009/02/14 21:12:31 | 00,215,872 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2009/02/14 21:11:18 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/02/14 21:11:11 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/02/14 21:05:13 | 00,000,354 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to D&D.lnk
[2009/02/14 21:01:21 | 00,292,053 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090302-183151.backup
[2009/02/14 21:01:03 | 00,000,341 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to My Documents.lnk
[2009/02/14 20:59:38 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/14 20:59:31 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/02/14 20:59:06 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to SDMain.lnk
[2009/02/14 20:56:01 | 00,000,295 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to BB ©.lnk
[2009/02/14 18:22:44 | 00,000,672 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\What's Running.lnk
[2009/02/14 18:19:29 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/02/14 13:08:42 | 01,553,784 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/02/14 13:01:04 | 00,511,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/02/13 18:09:26 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2009/02/13 18:09:24 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[2009/02/13 18:09:24 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2009/02/13 18:09:18 | 00,031,088 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/13 18:09:10 | 00,016,240 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/02/11 21:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >




OTListIt Extras logfile created on: 4/11/2009 10:21:13 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Brian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 807.58 Gb Free Space | 86.70% Space Free | Partition Type: NTFS
Drive D: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAUM-7F4C70891F
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 60 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1409082233-1123561945-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
[2009/03/25 19:26:09 | 01,057,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/03/14 00:37:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2009/03/14 00:37:40 | 00,593,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
[2006/02/28 15:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/03/20 19:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
[2006/10/27 18:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/10/27 18:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2006/10/27 18:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008/10/30 14:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe:*:Enabled:Wacom_Tablet
[2009/03/16 20:27:19 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/12/08 20:08:04 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/11/26 03:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
[2009/03/22 14:37:47 | 16,028,992 | ---- | M] (THQ Canada Inc.) -- C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2
[2008/11/10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03E494A7-F504-DA41-3079-9E2FB36736BC}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A94422-A264-81D4-D65E-87276F5B402D}" = Catalyst Control Center Localization Italian
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E73A14F-23FD-E1B8-ED38-108ECFA08440}" = Catalyst Control Center Localization Portuguese
"{14BC810B-5907-B9C3-B2F4-12D5EEA253F4}" = Catalyst Control Center Graphics Previews Common
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{23655B51-F898-DC12-A2A1-3348D875F659}" = CCC Help Czech
"{25611B0A-54C2-69B9-723D-668201C22CD4}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{27F38AC0-298C-F7E2-F3AE-F7D12BBBE9D5}" = CCC Help Chinese Traditional
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30B695C3-C7B0-69E1-197B-409587BC1FD7}" = CCC Help Norwegian
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{399B10AC-4E84-20F8-5913-82526B16F561}" = Catalyst Control Center Graphics Light
"{3EC34F85-AF61-5B18-42D6-306B6B80E92E}" = Catalyst Control Center Localization Swedish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4B494547-1410-C77E-B6F0-86F394ABAF94}" = CCC Help Hungarian
"{4D7E8B72-AEA2-8493-F5F3-DA10E2EE2D22}" = Catalyst Control Center Localization Chinese Traditional
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55663DF0-3559-AE1E-0B9E-ED5353914B5D}" = CCC Help Japanese
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{59F83B00-970D-511C-D9DE-52B233780020}" = CCC Help Portuguese
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{64ACFE24-FB82-84A6-9FB8-B90539752E5B}" = Catalyst Control Center Localization German
"{68DD4EAE-C5E4-1E34-F991-B99ABA6DC8E3}" = Catalyst Control Center Graphics Full New
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD
"{7F4C1C17-C647-3CE0-4426-F368132A66A6}" = CCC Help Turkish
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81946C2A-5269-A6F5-4566-A9F253007A7E}" = Catalyst Control Center Localization Turkish
"{8615E5FC-8906-AACF-5A1A-FB65046F647B}" = CCC Help Swedish
"{8959A774-3FB3-B315-ACDF-4B7B70F5A169}" = Catalyst Control Center Core Implementation
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{906B417C-6F6C-2A5A-DB5E-5C7499941C58}" = CCC Help Spanish
"{93CB830F-517E-1695-C61B-2A1AA105CD78}" = Catalyst Control Center Localization French
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95DCA618-9717-BBD3-B438-A5A9B1EB30C8}" = CCC Help German
"{984880C1-7AC7-5267-A7D9-AEC19C932950}" = Catalyst Control Center Graphics Full Existing
"{9A3F8688-4F15-B77D-73A1-B0363517D1B1}" = Catalyst Control Center Localization Danish
"{9B1BFDE6-3B65-FB41-BC54-353227EE742A}" = CCC Help Italian
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0793FD9-9505-BF02-FF47-83C984DC814B}" = Catalyst Control Center Localization Chinese Standard
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A32A0DF0-6650-6503-293D-64AAF212CBF8}" = Catalyst Control Center Localization Japanese
"{A44D0AC2-0891-5AB9-EE23-3EF3339BC2FE}" = Catalyst Control Center Localization Russian
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A54BEBF5-D7F9-2B34-6475-FB07780C80CA}" = Catalyst Control Center Localization Polish
"{A8280D9A-D6A4-1E52-E85F-99E3BB19CEEA}" = Catalyst Control Center Localization Czech
"{A960DA53-C5C4-37A4-3671-C0236BF41E99}" = CCC Help Chinese Standard
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B0D2BC40-119B-AD18-E697-E6073DD6D149}" = ccc-utility
"{B2C78A98-20EA-D90A-69E3-B15587D51588}" = CCC Help Thai
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B59DA9F5-3630-FFF1-C47C-B2CA172CF876}" = CCC Help Polish
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.86
"{B84AE471-81DD-D81F-CD20-B3464877E525}" = Skins
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBFEA1AF-ECCE-1114-2EC8-AC304AB6B753}" = Catalyst Control Center Localization Hungarian
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{C397AE7E-CFA4-9D60-880D-D0BA7CF3F596}" = CCC Help Finnish
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D20100AC-608D-1A4C-372E-75009E7C168E}" = CCC Help Danish
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D801FEB6-53DF-CE1C-67E2-A977E43A7E8F}" = CCC Help Russian
"{DAA29BAD-1C06-E8E0-CFE6-557F818C7AF7}" = CCC Help Dutch
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB7EBA4A-44AF-DF22-EBA7-6BF4E011E319}" = CCC Help French
"{DBB18C43-FE45-36DF-D171-E209B79A76F3}" = Catalyst Control Center Localization Dutch
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1BCF465-85F4-C303-944E-9E416977C560}" = CCC Help Korean
"{E3AEC354-AD4C-51D3-E345-CEE6CA8A9C3A}" = Catalyst Control Center Localization Greek
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA024A36-5934-05B8-550B-60DA131B90C4}" = CCC Help Greek
"{EE5AC826-8731-6406-9947-D0420143A7BD}" = ccc-core-preinstall
"{EEB193CE-2B04-B568-29FF-FAFA34BB3F19}" = Catalyst Control Center Localization Spanish
"{EF0A8C24-E239-45D5-492D-D5895518ACB3}" = Catalyst Control Center Localization Thai
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F88183B1-BD65-F87C-855F-BB7D1AA3AEA2}" = Catalyst Control Center Localization Norwegian
"{FC70949F-1417-A3F5-8E84-EBF5ACB93B58}" = Catalyst Control Center Localization Korean
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE22679C-7CE4-8633-CE7F-8122B52C52CF}" = Catalyst Control Center Localization Finnish
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"All ATI Software" = ATI - Software Uninstall Utility
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG 8.5
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"COMODO Internet Security" = COMODO Internet Security
"COMODO SafeSurf" = COMODO SafeSurf
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"Gmask 1.70 English" = Gmask 1.70 English
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"Wacom Tablet Driver" = Wacom Tablet
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"What's Running_is1" = What's Running 2.2
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Professional
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1409082233-1123561945-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Professional
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2009 11:17:18 AM | Computer Name = BAUM-7F4C70891F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 11:17:18 AM | Computer Name = BAUM-7F4C70891F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 11:17:18 AM | Computer Name = BAUM-7F4C70891F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 11:17:31 AM | Computer Name = BAUM-7F4C70891F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 11:17:31 AM | Computer Name = BAUM-7F4C70891F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 11:17:46 AM | Computer Name = BAUM-7F4C70891F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 11:17:46 AM | Computer Name = BAUM-7F4C70891F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/14/2009 7:55:29 PM | Computer Name = BAUM-7F4C70891F | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.4503, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2009 7:08:57 PM | Computer Name = BAUM-7F4C70891F | Source = ESENT | ID = 490
Description = svchost (1696) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edbtmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/17/2009 7:12:58 PM | Computer Name = BAUM-7F4C70891F | Source = ESENT | ID = 490
Description = svchost (1696) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edbtmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ OSession Events ]
Error - 4/2/2009 6:49:17 PM | Computer Name = BAUM-7F4C70891F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 151
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/31/2009 9:18:50 PM | Computer Name = BAUM-7F4C70891F | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness (NLA) service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/1/2009 7:44:52 AM | Computer Name = BAUM-7F4C70891F | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/3/2009 7:44:53 AM | Computer Name = BAUM-7F4C70891F | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/5/2009 7:44:54 AM | Computer Name = BAUM-7F4C70891F | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/7/2009 7:44:55 AM | Computer Name = BAUM-7F4C70891F | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/7/2009 7:10:36 PM | Computer Name = BAUM-7F4C70891F | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 f7869507, parameter3
ab0d0af8, parameter4 ab0d07f4.

Error - 4/8/2009 7:40:05 AM | Computer Name = BAUM-7F4C70891F | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 f78575c5, parameter3
aadb2ad0, parameter4 aadb27cc.

Error - 4/8/2009 7:51:18 PM | Computer Name = BAUM-7F4C70891F | Source = Service Control Manager | ID = 7034
Description = The BBWatcherService service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/9/2009 7:44:56 AM | Computer Name = BAUM-7F4C70891F | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/11/2009 7:44:57 AM | Computer Name = BAUM-7F4C70891F | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:22 PM

Posted 11 April 2009 - 11:37 AM

We need to run Combofix.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Rage Manager

Rage Manager
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 April 2009 - 01:41 PM

Hi Sam,

I ran combofix, and It found a few entries. No glitches or hangups while the program was running. I'm hopeful that this has solved my problem, although I'll deffer to your opinion once you've looked at the log. I will note that I quickly clicked on some google search results, and nothing was redirected, so again I'm hopeful that this might have done it.

Here is the log from the combofix, I also attached the combofix.txt as you requested:

ComboFix 09-04-04.01 - Brian 2009-04-11 13:15:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2282 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: Webroot Spy Sweeper *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\hupemubo.dll
c:\windows\system32\januzesi.dll
c:\windows\system32\jetanibo.dll
c:\windows\system32\nagalaka.dll
c:\windows\system32\nubagahi.dll
c:\windows\system32\zuguhofa.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-08 18:43 . 2009-04-08 19:40 <DIR> d-------- c:\documents and settings\Brian\Application Data\Ventrilo
2009-04-08 18:42 . 2009-04-08 18:42 <DIR> d-------- c:\program files\Ventrilo
2009-04-08 18:42 . 2009-04-08 18:42 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-04-08 06:39 . 2009-04-11 13:19 <DIR> d-------- C:\WTablet
2009-03-22 16:00 . 2009-03-22 16:00 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-22 16:00 . 2009-03-22 16:00 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-22 16:00 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-22 15:58 . 2009-03-22 15:58 <DIR> d-------- c:\windows\system32\xlive
2009-03-22 15:58 . 2009-03-22 15:58 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-22 14:23 . 2009-04-10 23:37 <DIR> d-------- c:\program files\Steam
2009-03-22 12:41 . 2009-03-22 13:41 <DIR> d-------- c:\program files\Gmask 1.70 English
2009-03-20 01:15 . 2009-04-03 07:09 <DIR> d-------- c:\program files\ABC Amber LIT Converter
2009-03-16 20:27 . 2009-03-16 20:27 <DIR> d-------- c:\program files\DNA
2009-03-16 20:27 . 2009-03-16 20:27 <DIR> d-------- c:\program files\BitTorrent
2009-03-16 20:27 . 2009-03-18 20:12 <DIR> d-------- c:\documents and settings\Brian\Application Data\DNA
2009-03-16 20:27 . 2009-03-16 20:47 <DIR> d-------- c:\documents and settings\Brian\Application Data\BitTorrent
2009-03-16 06:48 . 2009-03-16 06:51 <DIR> d-------- c:\program files\ICE Book Reader Professional
2009-03-14 11:43 . 2009-03-14 16:06 <DIR> d-------- C:\reports
2009-03-14 00:53 . 2009-03-14 00:53 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-14 00:43 . 2009-03-14 00:43 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-03-14 00:42 . 2009-03-14 00:43 <DIR> d-------- c:\program files\COMODO
2009-03-14 00:42 . 2009-03-14 10:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-03-14 00:42 . 2009-03-14 11:56 155,384 --a------ c:\windows\system32\guard32.dll
2009-03-14 00:42 . 2009-03-14 11:56 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-03-14 00:42 . 2009-03-14 11:58 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-14 00:41 . 2009-03-14 00:41 <DIR> d-------- c:\program files\Avira
2009-03-14 00:41 . 2009-03-14 00:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-14 00:13 . 2009-03-14 00:13 <DIR> d-------- c:\program files\Security Task Manager
2009-03-14 00:13 . 2009-03-14 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-03-13 17:55 . 2009-03-13 17:55 <DIR> d-------- c:\program files\Java
2009-03-13 17:55 . 2009-03-13 17:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-13 17:35 . 2009-03-13 17:35 <DIR> d-------- c:\program files\Trend Micro
2009-03-13 17:26 . 2009-04-08 22:59 <DIR> d-------- c:\program files\reg backup
2009-03-12 22:25 . 2009-03-12 22:25 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-12 22:25 . 2009-04-08 18:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-12 22:25 . 2009-03-12 22:25 <DIR> d-------- c:\documents and settings\Brian\Application Data\SUPERAntiSpyware.com
2009-03-12 22:25 . 2009-03-12 22:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-12 21:55 . 2009-04-07 18:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-12 21:55 . 2009-03-12 21:55 <DIR> d-------- c:\documents and settings\Brian\Application Data\Malwarebytes
2009-03-12 21:55 . 2009-03-12 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 21:55 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 21:55 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-12 21:51 . 2009-03-12 21:51 <DIR> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 18:19 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2009-04-11 18:17 --------- d-----w c:\documents and settings\Brian\Application Data\WTablet
2009-04-11 18:08 --------- d-----w c:\program files\Trillian
2009-04-09 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-09 00:08 --------- d-----w c:\documents and settings\Brian\Application Data\Winamp
2009-03-26 00:26 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-22 21:03 --------- d-----w c:\program files\MSBuild
2009-03-20 23:59 --------- d-----w c:\documents and settings\Brian\Application Data\TrueCrypt
2009-03-15 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-15 04:30 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-14 05:37 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-13 02:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 07:47 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-03-08 07:44 --------- d-----w c:\program files\MSSOAP
2009-03-08 07:43 --------- d-----w c:\program files\Webroot
2009-03-08 07:43 --------- d-----w c:\documents and settings\Brian\Application Data\Webroot
2009-03-08 02:50 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-03 00:45 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-03 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-03 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-02 16:08 --------- d-----w c:\documents and settings\Amy\Application Data\Logitech
2009-03-02 16:08 --------- d-----w c:\documents and settings\Amy\Application Data\ATI
2009-03-02 16:07 --------- d-----w c:\documents and settings\Amy\Application Data\WTablet
2009-03-02 04:25 --------- d-----w c:\documents and settings\Brian\Application Data\AVGTOOLBAR
2009-03-01 16:07 --------- d-----w c:\program files\EPSON
2009-03-01 04:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 04:27 --------- d-----w c:\program files\Microsoft Reader
2009-02-17 03:56 --------- d-----w c:\program files\Tablet
2009-02-15 05:17 --------- d-----w c:\program files\Microsoft.NET
2009-02-15 05:17 --------- d-----w c:\program files\Microsoft Works
2009-02-15 05:16 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-15 05:03 --------- d-----w c:\program files\Common Files\Adobe
2009-02-15 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
2009-02-15 04:57 --------- d-----w c:\program files\QuickTime
2009-02-15 04:50 --------- d-----w c:\program files\Bonjour
2009-02-15 04:47 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-15 02:13 --------- d-----w c:\program files\Winamp
2009-02-15 02:12 215,872 ----a-w c:\windows\system32\drivers\truecrypt.sys
2009-02-15 02:12 --------- d-----w c:\program files\TrueCrypt
2009-02-15 01:59 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-02-14 23:22 --------- d-----w c:\program files\WhatsRunning
2009-02-14 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-02-14 23:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-14 18:08 1,553,784 ----a-w c:\windows\WRSetup.dll
2009-02-13 23:09 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-13 23:09 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-02-13 23:09 176,752 ----a-w c:\windows\system32\drivers\ssidrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-07 376832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-14 1932568]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-03-14 278264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-14 00:37 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-23 02:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 19:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-25 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-02-13 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-14 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-14 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-14 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-14 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-02-16 2749224]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-03-08 1180976]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-04 93696]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-02-16 15656]
S2 BBWatcherService;BBWatcherService;c:\program files\CMS Products\BounceBack Professional\BBWatcherService.exe [2008-12-27 36864]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-07 21:50]

2009-04-11 c:\windows\Tasks\wrSpySweeper_L109629397CFA4883861F8587C3F278FF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-14 13:08]

2009-04-11 c:\windows\Tasks\wrSpySweeper_L109629397CFA4883861F8587C3F278FF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-14 13:08]

2009-04-11 c:\windows\Tasks\wrSpySweeper_L109629397CFA4883861F8587C3F278FF.job
- C:\ [2009-04-11 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\rkvhokhg.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 13:21:46
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="c:\\windows\\system32\\holekaju.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-11 13:24:00 - machine was rebooted [Brian]
ComboFix-quarantined-files.txt 2009-04-11 18:23:57

Pre-Run: 866,976,710,656 bytes free
Post-Run: 867,166,248,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

286 --- E O F --- 2009-03-20 08:00:10

Attached Files



#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:22 PM

Posted 11 April 2009 - 06:57 PM

Looks better, but there's more to be done.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\System32\senekahtvjnsdb.dat.rmv
C:\WINDOWS\System32\senekahvapbimf.dat.rmv
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



================



It looks like you are running both AVG and Avira as an antivirus. You should never run more than one antivirus program. Please uninstall one of them.



Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Rage Manager

Rage Manager
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 April 2009 - 09:34 PM

Hi Sam, I followed the steps you posted. I uninstalled Avira, which i only installed in the hopes of fixing this problem. I'm unsure which one is better but for now i'll stick with AVG.

Here are the combofix log, followed by the Kaspersky scan log:

ComboFix 09-04-04.01 - Brian 2009-04-11 19:41:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2471 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Webroot Spy Sweeper *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\System32\senekahtvjnsdb.dat.rmv
c:\windows\System32\senekahvapbimf.dat.rmv
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\senekahtvjnsdb.dat.rmv
c:\windows\System32\senekahvapbimf.dat.rmv

.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.

2009-04-08 18:43 . 2009-04-08 19:40 <DIR> d-------- c:\documents and settings\Brian\Application Data\Ventrilo
2009-04-08 18:42 . 2009-04-08 18:42 <DIR> d-------- c:\program files\Ventrilo
2009-04-08 18:42 . 2009-04-08 18:42 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-04-08 06:39 . 2009-04-11 13:19 <DIR> d-------- C:\WTablet
2009-03-22 16:00 . 2009-03-22 16:00 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-22 16:00 . 2009-03-22 16:00 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-22 16:00 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-22 15:58 . 2009-03-22 15:58 <DIR> d-------- c:\windows\system32\xlive
2009-03-22 15:58 . 2009-03-22 15:58 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-22 14:23 . 2009-04-11 18:06 <DIR> d-------- c:\program files\Steam
2009-03-22 12:41 . 2009-03-22 13:41 <DIR> d-------- c:\program files\Gmask 1.70 English
2009-03-20 01:15 . 2009-04-03 07:09 <DIR> d-------- c:\program files\ABC Amber LIT Converter
2009-03-16 20:27 . 2009-03-16 20:27 <DIR> d-------- c:\program files\DNA
2009-03-16 20:27 . 2009-03-16 20:27 <DIR> d-------- c:\program files\BitTorrent
2009-03-16 20:27 . 2009-03-18 20:12 <DIR> d-------- c:\documents and settings\Brian\Application Data\DNA
2009-03-16 20:27 . 2009-03-16 20:47 <DIR> d-------- c:\documents and settings\Brian\Application Data\BitTorrent
2009-03-16 06:48 . 2009-03-16 06:51 <DIR> d-------- c:\program files\ICE Book Reader Professional
2009-03-14 11:43 . 2009-03-14 16:06 <DIR> d-------- C:\reports
2009-03-14 00:53 . 2009-03-14 00:53 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-14 00:43 . 2009-03-14 00:43 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-03-14 00:42 . 2009-03-14 00:43 <DIR> d-------- c:\program files\COMODO
2009-03-14 00:42 . 2009-03-14 10:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-03-14 00:42 . 2009-03-14 11:56 155,384 --a------ c:\windows\system32\guard32.dll
2009-03-14 00:42 . 2009-03-14 11:56 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-03-14 00:42 . 2009-03-14 11:58 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-14 00:13 . 2009-03-14 00:13 <DIR> d-------- c:\program files\Security Task Manager
2009-03-14 00:13 . 2009-03-14 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-03-13 17:55 . 2009-03-13 17:55 <DIR> d-------- c:\program files\Java
2009-03-13 17:55 . 2009-03-13 17:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-13 17:35 . 2009-03-13 17:35 <DIR> d-------- c:\program files\Trend Micro
2009-03-13 17:26 . 2009-04-08 22:59 <DIR> d-------- c:\program files\reg backup
2009-03-12 22:25 . 2009-03-12 22:25 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-12 22:25 . 2009-04-08 18:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-12 22:25 . 2009-03-12 22:25 <DIR> d-------- c:\documents and settings\Brian\Application Data\SUPERAntiSpyware.com
2009-03-12 22:25 . 2009-03-12 22:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-12 21:55 . 2009-04-07 18:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-12 21:55 . 2009-03-12 21:55 <DIR> d-------- c:\documents and settings\Brian\Application Data\Malwarebytes
2009-03-12 21:55 . 2009-03-12 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 21:55 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 21:55 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-12 21:51 . 2009-03-12 21:51 <DIR> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 00:35 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2009-04-12 00:35 --------- d-----w c:\documents and settings\Brian\Application Data\WTablet
2009-04-12 00:33 --------- d-----w c:\program files\Trillian
2009-04-09 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-09 00:08 --------- d-----w c:\documents and settings\Brian\Application Data\Winamp
2009-03-26 00:26 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-22 21:03 --------- d-----w c:\program files\MSBuild
2009-03-20 23:59 --------- d-----w c:\documents and settings\Brian\Application Data\TrueCrypt
2009-03-15 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-15 04:30 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-14 05:37 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-14 05:37 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-13 22:55 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-13 02:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 07:47 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-03-08 07:44 --------- d-----w c:\program files\MSSOAP
2009-03-08 07:43 --------- d-----w c:\program files\Webroot
2009-03-08 07:43 --------- d-----w c:\documents and settings\Brian\Application Data\Webroot
2009-03-08 02:51 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-08 02:50 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-03 00:45 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-03 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-03 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-02 16:08 --------- d-----w c:\documents and settings\Amy\Application Data\Logitech
2009-03-02 16:08 --------- d-----w c:\documents and settings\Amy\Application Data\ATI
2009-03-02 16:07 --------- d-----w c:\documents and settings\Amy\Application Data\WTablet
2009-03-02 04:25 --------- d-----w c:\documents and settings\Brian\Application Data\AVGTOOLBAR
2009-03-01 16:07 --------- d-----w c:\program files\EPSON
2009-03-01 04:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 04:27 --------- d-----w c:\program files\Microsoft Reader
2009-02-17 03:56 --------- d-----w c:\program files\Tablet
2009-02-15 05:17 --------- d-----w c:\program files\Microsoft.NET
2009-02-15 05:17 --------- d-----w c:\program files\Microsoft Works
2009-02-15 05:16 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-15 05:03 --------- d-----w c:\program files\Common Files\Adobe
2009-02-15 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
2009-02-15 04:57 --------- d-----w c:\program files\QuickTime
2009-02-15 04:50 --------- d-----w c:\program files\Bonjour
2009-02-15 04:47 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-15 02:13 --------- d-----w c:\program files\Winamp
2009-02-15 02:12 215,872 ----a-w c:\windows\system32\drivers\truecrypt.sys
2009-02-15 02:12 --------- d-----w c:\program files\TrueCrypt
2009-02-15 01:59 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-02-14 23:22 --------- d-----w c:\program files\WhatsRunning
2009-02-14 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-02-14 23:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-14 18:08 1,553,784 ----a-w c:\windows\WRSetup.dll
2009-02-13 23:09 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-13 23:09 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-02-13 23:09 176,752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-11_13.23.23.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-12 00:34:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_278.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-07 376832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-14 1932568]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-03-14 278264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-14 00:37 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-23 02:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 19:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-25 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-02-13 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-14 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-14 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-14 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-14 298264]
R2 BBWatcherService;BBWatcherService;c:\program files\CMS Products\BounceBack Professional\BBWatcherService.exe [2008-12-27 36864]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-02-16 2749224]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-03-08 1180976]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-04 93696]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-02-16 15656]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-07 21:50]

2009-04-11 c:\windows\Tasks\wrSpySweeper_L109629397CFA4883861F8587C3F278FF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-14 13:08]

2009-04-11 c:\windows\Tasks\wrSpySweeper_L109629397CFA4883861F8587C3F278FF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-14 13:08]

2009-04-11 c:\windows\Tasks\wrSpySweeper_L109629397CFA4883861F8587C3F278FF.job
- C:\ [2009-04-11 19:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\rkvhokhg.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 19:44:27
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="c:\\windows\\system32\\holekaju.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\cssdll32.dll
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1120)
c:\windows\system32\cssdll32.dll
c:\windows\system32\guard32.dll
.
Completion time: 2009-04-11 19:45:28
ComboFix-quarantined-files.txt 2009-04-12 00:45:26
ComboFix2.txt 2009-04-11 18:24:01

Pre-Run: 867,171,201,024 bytes free
Post-Run: 867,156,127,744 bytes free

263 --- E O F --- 2009-03-20 08:00:10



KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, April 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, April 12, 2009 02:25:21
Records in database: 2035850
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 124226
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:29:49

No malware has been detected. The scan area is clean.
The selected area was scanned.

Attached Files



#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:22 PM

Posted 13 April 2009 - 10:59 AM

First I want to apologize for the delayed response. I had a family Easter thing yesterday and it kept me pretty busy.

I like AVG myself, but some have said that Avira is a little lighter on the resources.

Your log looks pretty good to me.
How are things on your end? Any issues?

Edited by Buckeye_Sam, 13 April 2009 - 11:00 AM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Rage Manager

Rage Manager
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 13 April 2009 - 06:32 PM

Hey Sam,

No problem on the delayed response, family comes first I always say.

I think everything has helped, but unfortunately, there seems to still be some redirecting of my google searches going on.

I took a recent event in the news and typed it into google "Somali Pirates" and got, as i would expect, a long list of news articles. I clicked on one at random and it took me to a bbc article. I then clicked back to the google results and then clicked on the link again, and it took me to the same article as before. However, I repeated this for what must have been 10-20 times and all of a sudden i get redirected to yahoo hotjobs. Then i repeat this one additional time and google gives me a 404 and says "The page - www.google.com/undefined - does not exist."

After that the process starts over with it going to the original article again. I repeated this with several other random terms, and came up with the same results.

So what would you suggest as the next course of action? I'm hoping that this isn't a liftoff and nuke from orbit situation.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:22 PM

Posted 14 April 2009 - 07:47 AM

Hopefully nothing that drastic. :thumbup2:

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Rage Manager

Rage Manager
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 14 April 2009 - 06:18 PM

Hey Sam,

I downloaded GoredFix and here is the following log:

GooredFix v1.92 by jpshortstuff
Log created at 18:13 on 14/04/2009 running Option #1 (Brian)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{846B56E6-4DD5-4F9F-839D-DE7B083F6F23}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:22 PM

Posted 15 April 2009 - 12:22 PM

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt)


Let me know if you are still having the redirected searches.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Rage Manager

Rage Manager
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 15 April 2009 - 08:56 PM

Hi Sam,

I'm crossing my fingers but I think that did it. I spent a good solid 10 minutes of continual clicking on random google searches and nothing was redirected. Almost half of that time was spent clicking on a single link repeatedly, which was a lot longer than it would have taken before.

I'm going to keep my eye out, and report back with a status update after I've had more time to take a better sampling of my google searches.

In case you need it, following is the GooredFix log:

GooredFix v1.92 by jpshortstuff
Log created at 20:41 on 15/04/2009 running Option #2 (Brian)
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{846B56E6-4DD5-4F9F-839D-DE7B083F6F23}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:22 PM

Posted 16 April 2009 - 09:05 AM

Sounds good! :)


Let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Rage Manager

Rage Manager
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 20 April 2009 - 06:37 AM

Hi Sam,

I've been super busy the last few days. So I haven't had much time to even be on my computer. I'm going to follow the steps you posted when I get home from work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users