Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With a Browser Hijacker and MAYBE Some Trojans


  • This topic is locked This topic is locked
12 replies to this topic

#1 banshee714

banshee714

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 23 April 2009 - 07:23 PM

A couple days ago, I started noticing that when I clicked links on google, it came out to a totally different page then what I wanted. Random pop-ups always come up. Those are the only symptoms so far for the browser hijacker. I have also noticed that when I try to open up Spybot S-D, absolutely notion happens. No window or anything comes up.

Here is my DDS log with a Hijack This log:
My Attach.txt is attached also


DDS (Ver_09-03-16.01) - NTFSx86
Run by Brendan at 20:10:54.23 on Thu 04/23/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.292 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\emmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\AOL\1134432424\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\1134432424\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brendan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {52706EF7-D7A2-49AD-A615-E903858CF284} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [HostManager] c:\program files\common files\aol\1134432424\ee\AOLHostManager.exe
mRun: [emMON] c:\windows\emmon.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Yahoo Messenger]
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\brendan\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire acceleration patch\LimeWire Acceleration Patch.exe
StartupFolder: c:\docume~1\brendan\startm~1\programs\startup\openof~2.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\brendan\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blackb~1.lnk - c:\program files\research in motion\blackberry\Redirector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\trendm~1.lnk - c:\program files\trend micro\tmas\Tmas.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
uPolicies-explorer: DisallowRun = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: DisallowRun = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.96,85.255.112.11
TCP: {BA01A762-E5E2-416B-8F15-292480C21EB4} = 85.255.112.11
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
Notify: VESWinlogon - VESWinlogon.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Trend Micro Anti-Spyware Shell Extension: {03a80b1d-5c6a-42c2-9dfb-81b6005d8023} - c:\program files\trend micro\tmas\sshook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brendan\applic~1\mozilla\firefox\profiles\xmqucv4x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [2008-3-7 17408]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-11-24 941784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-3-30 28672]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-5 28800]
S2 gupdate1c9394977b90ac2;Google Update Service (gupdate1c9394977b90ac2);c:\program files\google\update\GoogleUpdate.exe [2008-10-28 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-1-19 16512]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-4 29744]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

=============== Created Last 30 ================

2009-04-23 19:24 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-23 16:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-20 19:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-04-20 19:02 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-04-20 18:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-04-20 18:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-04-20 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-20 15:30 <DIR> --d----- c:\windows\system32\ime
2009-04-19 15:42 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-19 15:40 <DIR> --d----- c:\program files\Lavasoft
2009-04-19 15:07 117,248 a------- c:\windows\system32\ribbons.scr
2009-04-19 15:07 117,248 a------- c:\windows\system32\Mystify.scr
2009-04-19 15:07 773,120 a------- c:\windows\system32\bubbles.scr
2009-04-19 15:06 1,263,616 a------- c:\windows\system32\aurora.scr
2009-04-19 13:46 42,672 a------- c:\windows\system32\wbsys.dll
2009-04-19 13:12 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-04-19 00:11 <DIR> --d----- c:\program files\UNICCodec
2009-04-18 23:34 <DIR> --d----- c:\program files\Passware
2009-04-16 01:05 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 01:05 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-04-16 01:05 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-04-16 01:05 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 01:05 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 01:05 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 01:05 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 01:04 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 01:04 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 01:04 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 01:03 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-03-30 15:32 43,520 a------- c:\windows\system32\libusb0.dll
2009-03-30 15:32 28,672 a------- c:\windows\system32\drivers\libusb0.sys
2009-03-30 15:32 <DIR> --d----- c:\program files\LibUSB-Win32
2009-03-29 22:58 933,888 a------- c:\windows\system32\SENXPCTL.OCX
2009-03-29 22:58 212,240 a------- c:\windows\system32\RICHTX32.OCX
2009-03-29 22:58 65,536 a------- c:\windows\system32\device.OCX
2009-03-29 22:58 32,768 a------- c:\windows\system32\Bar.OCX
2009-03-29 22:58 <DIR> --d----- c:\program files\QuickFreedom

==================== Find3M ====================

2009-04-22 19:59 2,256 a------- c:\windows\current_settings.bin
2009-03-16 18:17 141,199 a------- c:\windows\hpoins14.dat
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-09 06:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 13:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 13:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 12:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2009-01-29 16:34 410,984 a------- c:\windows\system32\deploytk.dll
2008-09-17 09:16 549,159 a--shr-- c:\program files\Norton2009Reset.exe
2008-06-11 15:39 3,580 a------- c:\program files\INSTALL.LOG
2008-05-26 12:45 229,376 a------- c:\documents and settings\brendan\cwshredder.dll
2008-03-06 15:39 2,723,264 a------- c:\documents and settings\all users\vcredist_x86.exe
2001-09-28 17:00 164,864 a------- c:\program files\UNWISE.EXE
2008-10-31 14:58 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-10-31 14:58 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-10-31 14:58 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:11:51.92 ===============

Attached Files


Edited by banshee714, 23 April 2009 - 07:35 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:12 PM

Posted 24 April 2009 - 10:54 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Also post a new log from DDS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 banshee714

banshee714
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 April 2009 - 02:00 PM

Thanks in advance for your help! I installed Malwarebytes and had the same thing happen to me as Spybot. I clicked on the shortcut, but nothing happens. So far these are the only two programs that I have had this happen with. I get an error when I try to install AVG aswell.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:12 PM

Posted 24 April 2009 - 04:11 PM

Ok, let's work around that for now.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

==============


Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 banshee714

banshee714
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 26 April 2009 - 02:40 PM

Here is the OTList:

OTListIt logfile created on: 4/26/2009 1:43:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Brendan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 175.74 Mb Available Physical Memory | 17.33% Memory free
2.38 Gb Paging File | 1.68 Gb Available in Paging File | 70.43% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 19.99 Gb Free Space | 22.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 210.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERNIEMOBILE
Current User Name: Brendan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/07/23 02:40:54 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/07/23 02:43:46 | 00,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2005/05/10 13:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\stardock\SDMCP.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/28 18:06:41 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/01/29 16:34:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/07/23 02:40:16 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/06/26 14:48:14 | 00,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2006/07/21 16:19:46 | 00,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2005/12/01 06:20:02 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/10/12 01:36:38 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2009/01/29 16:34:14 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/09/27 10:59:10 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2005/10/20 02:07:34 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/07/03 03:20:48 | 00,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
PRC - [2005/08/09 18:17:28 | 14,743,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/03/03 13:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2004/02/20 18:12:34 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2006/12/15 03:54:30 | 00,061,440 | R--- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\emmon.exe
PRC - [2002/09/10 21:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2004/11/17 23:47:16 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/08/29 16:57:28 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/03/11 22:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2007/09/26 18:05:58 | 00,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
PRC - [2005/08/05 13:56:50 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/11/04 17:25:23 | 00,159,832 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1134432424\ee\AOLHostManager.exe
PRC - [2005/08/05 13:56:58 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2009/03/11 13:52:26 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2005/11/04 17:25:23 | 00,151,640 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1134432424\ee\AOLServiceHost.exe
PRC - [2007/06/15 11:46:57 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/08/19 12:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005/05/20 21:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/09/01 15:46:42 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/09/01 15:46:46 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/09/01 15:46:48 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/12/12 20:17:42 | 01,310,720 | ---- | M] (Trend Micro Incorporated) -- C:\Program Files\Trend Micro\Tmas\Tmas.exe
PRC - [2008/08/29 16:57:28 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/02/05 14:29:20 | 00,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2005/08/05 13:56:58 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/03/14 23:12:48 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2007/04/11 22:35:35 | 02,702,928 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2005/08/05 13:57:04 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/03/14 23:12:50 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/03/11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/03/01 18:11:28 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2007/02/16 13:20:32 | 00,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/04/23 15:01:05 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005/08/05 13:57:04 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2009/04/26 13:43:29 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brendan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/07/23 02:40:54 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 16:57:28 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2008/10/28 18:06:41 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9394977b90ac2 [Auto | Stopped])
SRV - [2009/03/24 15:53:56 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/03/11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 07:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/01/29 16:34:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2005/08/30 19:00:50 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/08/30 18:55:18 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/07/23 02:40:16 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2007/07/24 06:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/07/24 06:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/08/16 09:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/08/16 09:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/08/16 09:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2005/07/23 02:43:46 | 00,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/08/30 18:49:34 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2005/09/27 09:19:26 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2005/10/06 18:21:06 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2005/05/20 21:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2005/10/14 14:41:12 | 01,982,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
SRV - [2005/10/11 16:02:02 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
SRV - [2005/10/11 16:07:50 | 00,770,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
SRV - [2005/10/11 16:00:46 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2005/09/01 15:46:42 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2005/09/01 15:46:46 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2005/09/01 15:46:48 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005/12/05 18:36:09 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2004/11/22 16:31:10 | 00,108,767 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2002/07/17 09:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped])
DRV - [2002/07/17 09:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2008/03/11 09:14:54 | 00,941,784 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\CAMTHWDM.sys -- (CAMTHWDM [Auto | Running])
DRV - [2005/03/14 01:01:38 | 00,041,984 | ---- | M] (DeviceGuys, Inc.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2000/12/05 20:18:02 | 00,003,952 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\DMICall.sys -- (DMICall [System | Running])
DRV - [2007/01/12 04:55:24 | 00,022,912 | R--- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio [On_Demand | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 21:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/03/08 00:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/03/08 00:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/03/08 00:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/10/18 20:52:34 | 00,202,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/10/18 20:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/08/05 13:56:52 | 01,049,180 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/08/09 19:43:46 | 03,855,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/03/20 11:33:26 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0 [On_Demand | Running])
DRV - [2005/06/02 18:28:38 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
DRV - [2005/10/05 20:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\pclepci.sys -- (PCLEPCI [System | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/22 22:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/05/31 14:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2005/03/04 14:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2005/07/23 03:02:44 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2000/11/09 23:15:08 | 00,048,896 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\Drivers\SonyNC.sys -- (SNC [On_Demand | Running])
DRV - [2008/02/21 09:23:14 | 00,513,152 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Stopped])
DRV - [2005/11/30 18:12:16 | 00,028,800 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SonyImgF.sys -- (SonyImgF [On_Demand | Running])
DRV - [2008/08/06 23:22:48 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/02/20 13:47:34 | 00,027,936 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd [On_Demand | Running])
DRV - [2005/08/29 08:05:48 | 00,077,824 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony [On_Demand | Running])
DRV - [2007/12/17 17:30:11 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2007/01/12 04:55:20 | 00,380,416 | R--- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emBDA.sys -- (USB28xxBGA [On_Demand | Stopped])
DRV - [2006/12/21 00:12:10 | 00,030,208 | R--- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\emOEM.sys -- (USB28xxOEM [On_Demand | Stopped])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 02:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/11/30 15:38:50 | 00,232,448 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\System32\Drivers\usbvm321.sys -- (usbvm321 [On_Demand | Running])
DRV - [2008/01/08 15:23:48 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\vburner.sys -- (vburner [Boot | Running])
DRV - [2005/07/20 01:14:02 | 03,289,088 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Stopped])
DRV - [2005/10/18 20:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/03/08 12:58:32 | 00,198,400 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP [On_Demand | Stopped])
DRV - [2007/02/26 18:15:22 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\S-1-5-21-3904463257-1482417448-3668673376-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\S-1-5-21-3904463257-1482417448-3668673376-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009/04/26 13:19:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 15:01:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 15:01:12 | 00,000,000 | ---D | M]

[2008/09/07 12:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brendan\Application Data\mozilla\Extensions
[2008/09/07 12:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brendan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/23 17:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brendan\Application Data\mozilla\Firefox\Profiles\xmqucv4x.default\extensions
[2008/09/08 19:12:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brendan\Application Data\mozilla\Firefox\Profiles\xmqucv4x.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/03/24 05:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brendan\Application Data\mozilla\Firefox\Profiles\xmqucv4x.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/04/23 17:01:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/23 15:01:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/29 16:35:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/23 15:01:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 15:01:05 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/18 16:03:13 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/18 16:03:13 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/18 16:03:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/18 16:03:13 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/18 16:03:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/18 16:03:13 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/18 16:03:13 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - Reg Error: Key error. File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [emMON] C:\WINDOWS\emmon.exe (eMPIA Technology, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134432424\ee\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun (Samsung Electronics.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" (Sony Corporation)
O4 - HKLM..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun (Microsoft Corporation)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKLM..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe (Trend Micro Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Brendan\Start Menu\Programs\Startup\LimeWire Acceleration Patch.lnk = C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe (DownloadBoosters LLC)
O4 - Startup: C:\Documents and Settings\Brendan\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Brendan\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O4 - Startup: C:\Documents and Settings\Ed\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 File not found
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3904463257-1482417448-3668673376-1008\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.96,85.255.112.11
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\stardock\MCPStub.dll (Stardock)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\stardock\MCPCore.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - C:\Program Files\Trend Micro\Tmas\sshook.dll (Trend Micro Incorporated)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/03 15:36:50 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/11/17 22:16:26 | 00,000,056 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5b49bcb6-2b44-11dd-9044-0013a934bbae}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure20.exe -- File not found
O34 - HKLM BootExecute: ('autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*') - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[11 C:\WINDOWS\System32\*.tmp files]
[2009/04/26 13:43:28 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brendan\Desktop\OTListIt2.exe
[2009/04/23 21:41:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/23 21:41:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 21:41:01 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/23 21:40:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/23 21:40:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/23 21:39:59 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brendan\Desktop\mbam-setup.exe
[2009/04/23 20:10:17 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\dds.scr
[2009/04/23 19:24:30 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/23 18:50:12 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\Spybot - Search & Destroy.lnk
[2009/04/23 18:48:34 | 05,037,072 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Brendan\Desktop\spybotsd14.exe
[2009/04/23 16:23:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/23 15:38:58 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\Install_AIM.exe
[2009/04/22 19:59:13 | 00,015,817 | ---- | C] () -- C:\Documents and Settings\Brendan\My Documents\healthier choices newpaper article.odt
[2009/04/22 19:38:06 | 00,012,493 | ---- | C] () -- C:\Documents and Settings\Brendan\My Documents\healh riddle 3.odt
[2009/04/22 19:14:13 | 00,011,969 | ---- | C] () -- C:\Documents and Settings\Brendan\My Documents\health riddle 2.odt
[2009/04/22 19:08:03 | 00,011,953 | ---- | C] () -- C:\Documents and Settings\Brendan\My Documents\health riddle 1.odt
[2009/04/20 19:20:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brendan\Local Settings\Application Data\Symantec
[2009/04/20 19:11:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/20 19:09:48 | 01,096,462 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1001000.021\Cat.DB
[2009/04/20 19:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1001000.021
[2009/04/20 19:02:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/04/20 18:51:31 | 00,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Online.lnk
[2009/04/20 18:33:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/04/20 18:30:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/04/20 18:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/20 17:48:23 | 67,028,464 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\NIS09_v16.1.0.33_[RH].rar
[2009/04/20 17:38:52 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Brendan\Desktop\avg_free_stf_en_85_285a1462.exe
[2009/04/20 15:30:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ime
[2009/04/19 15:49:43 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/19 15:42:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/19 15:42:00 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 15:40:11 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/19 15:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/19 15:27:21 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Brendan\Desktop\Ad-AwareAE.exe
[2009/04/19 15:07:32 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ribbons.scr
[2009/04/19 15:07:22 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mystify.scr
[2009/04/19 15:07:05 | 00,773,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bubbles.scr
[2009/04/19 15:06:07 | 01,263,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aurora.scr
[2009/04/19 13:47:09 | 00,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WindowBlinds.lnk
[2009/04/19 13:46:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
[2009/04/19 13:46:09 | 00,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbsys.dll
[2009/04/19 13:12:30 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/04/19 11:44:48 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\Keygen.exe
[2009/04/19 11:23:42 | 00,101,136 | ---- | C] () -- C:\Documents and Settings\Brendan\My Documents\cc_20090419_1123 4-19-09.reg
[2009/04/19 00:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\UNICCodec
[2009/04/19 00:10:31 | 00,103,571 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\Windows.Blinds.6.0.exe
[2009/04/18 23:34:43 | 00,000,000 | ---D | C] -- C:\Program Files\Passware
[2009/04/18 23:34:24 | 00,690,136 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\fmkeyd.exe
[2009/04/16 01:05:01 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 01:05:01 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/16 01:05:01 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/16 01:05:00 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 01:05:00 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 01:05:00 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 01:05:00 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 01:04:59 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 01:04:59 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 01:04:59 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 01:03:53 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/03/31 19:14:28 | 02,348,416 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\FixDwndp.exe
[2009/03/31 16:21:51 | 00,009,515 | ---- | C] () -- C:\Documents and Settings\Brendan\My Documents\itouch revive.odt
[2009/03/30 19:33:53 | 00,481,712 | ---- | C] () -- C:\Documents and Settings\Brendan\My Documents\mt st helens.odt
[2009/03/30 15:32:06 | 00,043,520 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2009/03/30 15:32:05 | 00,028,672 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2009/03/30 15:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\LibUSB-Win32
[2009/03/29 23:29:37 | 28,990,5418 | ---- | C] () -- C:\Documents and Settings\Brendan\Desktop\custom221.ipsw
[2009/03/29 22:58:22 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickFreedom.lnk
[2009/03/29 22:58:12 | 00,933,888 | ---- | C] (Osen Kusnadi) -- C:\WINDOWS\System32\SENXPCTL.OCX
[2009/03/29 22:58:12 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2009/03/29 22:58:11 | 00,065,536 | ---- | C] (Aeriosoft) -- C:\WINDOWS\System32\device.OCX
[2009/03/29 22:58:10 | 00,032,768 | ---- | C] (L1F07BSCS0022) -- C:\WINDOWS\System32\Bar.OCX
[2009/03/29 22:58:09 | 00,000,000 | ---D | C] -- C:\Program Files\QuickFreedom
[2009/01/22 18:34:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/22 18:33:59 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/24 17:20:33 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008/10/05 17:48:23 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2008/10/03 15:41:54 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008/10/02 22:22:11 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/04 18:44:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/08/25 16:22:16 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MiloExplorer.INI
[2008/08/06 23:22:47 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/07 10:06:29 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\vburner.sys
[2007/12/16 23:44:58 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/08/05 14:01:08 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/08/05 13:10:06 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2007/08/05 13:10:06 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/08/05 13:10:06 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2007/08/05 13:10:06 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2007/08/05 13:10:06 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/08/04 17:52:33 | 00,002,068 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2007/08/04 17:47:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2007/06/16 12:50:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/04/10 20:54:46 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/03/17 16:43:05 | 00,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/17 16:42:50 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/03/17 16:42:50 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/10/21 13:59:59 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 14:53:54 | 00,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 14:53:42 | 02,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 14:52:04 | 00,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/05/26 15:45:40 | 00,000,084 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini
[2005/12/12 20:17:42 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/12/12 20:10:22 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/12/12 20:08:18 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/12 20:07:41 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/12 20:07:41 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/12 20:07:41 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/12 20:07:41 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/12 20:07:41 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/12 20:07:41 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/12 20:04:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/05 21:54:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/05 20:37:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/12/05 20:32:27 | 00,000,319 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/05 17:41:36 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/05 16:19:29 | 00,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/05 16:19:11 | 00,000,744 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/12/05 16:19:10 | 00,000,285 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2005/11/17 13:57:30 | 00,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/11/01 21:53:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/14 23:10:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/07/29 14:38:24 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/02/01 15:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 16:01:50 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 19:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 16:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[11 C:\WINDOWS\System32\*.tmp files]
[2009/04/26 13:43:29 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brendan\Desktop\OTListIt2.exe
[2009/04/26 13:39:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/24 15:06:37 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Brendan.job
[2009/04/24 06:11:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/24 06:10:34 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/24 06:10:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/24 06:10:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/24 06:10:22 | 10,634,40384 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/23 21:41:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 21:40:22 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brendan\Desktop\mbam-setup.exe
[2009/04/23 20:10:18 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\dds.scr
[2009/04/23 18:50:12 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\Spybot - Search & Destroy.lnk
[2009/04/23 18:49:02 | 05,037,072 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Brendan\Desktop\spybotsd14.exe
[2009/04/23 15:38:58 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\Install_AIM.exe
[2009/04/22 19:59:14 | 00,015,817 | ---- | M] () -- C:\Documents and Settings\Brendan\My Documents\healthier choices newpaper article.odt
[2009/04/22 19:59:14 | 00,002,256 | ---- | M] () -- C:\WINDOWS\current_settings.bin
[2009/04/22 19:38:06 | 00,012,493 | ---- | M] () -- C:\Documents and Settings\Brendan\My Documents\healh riddle 3.odt
[2009/04/22 19:14:32 | 00,011,953 | ---- | M] () -- C:\Documents and Settings\Brendan\My Documents\health riddle 1.odt
[2009/04/22 19:14:13 | 00,011,969 | ---- | M] () -- C:\Documents and Settings\Brendan\My Documents\health riddle 2.odt
[2009/04/21 20:45:34 | 01,096,462 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1001000.021\Cat.DB
[2009/04/20 18:51:31 | 00,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Online.lnk
[2009/04/20 18:12:08 | 67,028,464 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\NIS09_v16.1.0.33_[RH].rar
[2009/04/20 17:47:48 | 63,049,904 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Brendan\Desktop\avg_free_stf_en_85_285a1462.exe
[2009/04/20 17:11:26 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\coh.cache
[2009/04/20 15:48:22 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/19 15:42:00 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 15:31:52 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Brendan\Desktop\Ad-AwareAE.exe
[2009/04/19 13:47:09 | 00,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WindowBlinds.lnk
[2009/04/19 13:14:13 | 01,110,270 | -H-- | M] () -- C:\Documents and Settings\Brendan\Local Settings\Application Data\IconCache.db
[2009/04/19 13:12:30 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/04/19 12:58:37 | 00,199,680 | ---- | M] () -- C:\Documents and Settings\Brendan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 12:10:05 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/04/19 11:51:44 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\Keygen.exe
[2009/04/19 11:23:48 | 00,101,136 | ---- | M] () -- C:\Documents and Settings\Brendan\My Documents\cc_20090419_1123 4-19-09.reg
[2009/04/19 00:10:31 | 00,103,571 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\Windows.Blinds.6.0.exe
[2009/04/18 23:34:26 | 00,690,136 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\fmkeyd.exe
[2009/04/17 20:34:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/16 09:59:38 | 00,522,594 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 09:59:38 | 00,442,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 09:59:38 | 00,071,710 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 09:23:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 19:00:37 | 00,001,160 | ---- | M] () -- C:\WINDOWS\checkip.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/31 19:14:30 | 02,348,416 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\FixDwndp.exe
[2009/03/31 16:21:53 | 00,009,515 | ---- | M] () -- C:\Documents and Settings\Brendan\My Documents\itouch revive.odt
[2009/03/30 19:33:55 | 00,481,712 | ---- | M] () -- C:\Documents and Settings\Brendan\My Documents\mt st helens.odt
[2009/03/30 15:15:43 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/29 23:30:56 | 28,990,5418 | ---- | M] () -- C:\Documents and Settings\Brendan\Desktop\custom221.ipsw
[2009/03/29 22:58:22 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickFreedom.lnk
< End of report >




And here is the GooredLog:


GooredFix v1.92 by jpshortstuff
Log created at 13:47 on 26/04/2009 running Option #1 (Brendan)
Firefox version 3.0.9 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{000a9d1c-beef-4f90-9363-039d445309b8}"="C:\Program Files\Google\Google Gears\Firefox\"

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:12 PM

Posted 27 April 2009 - 04:44 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 banshee714

banshee714
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 27 April 2009 - 05:17 PM

I ran ComboFix and here is the log:


ComboFix 09-04-27.02 - Brendan 04/27/2009 18:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.647 [GMT -4:00]
Running from: c:\documents and settings\Brendan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\recycler\S-3-7-83-100021929-100011541-100016078-3385.com
c:\windows\emMON.exe
c:\windows\setup.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gxvxcowqowfilruwevyqfhsrblugdstnncnel.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcwdynvqlpuoxusqaafouuakouafncrsum.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-26 19:36 . 2009-04-26 19:36 -------- d-----w c:\documents and settings\Brendan\Application Data\acccore
2009-04-26 19:31 . 2009-04-26 19:31 -------- d-----w c:\documents and settings\Brendan\Local Settings\Application Data\AOL OCP
2009-04-26 19:31 . 2009-04-26 19:31 -------- d-----w c:\program files\Common Files\Software Update Utility
2009-04-26 19:31 . 2009-04-26 19:31 -------- d-----w c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-04-26 19:31 . 2009-04-26 19:31 -------- d-----w c:\program files\AIM Toolbar
2009-04-26 19:31 . 2009-04-26 19:31 -------- d-----w c:\documents and settings\Brendan\Local Settings\Application Data\AIM Toolbar
2009-04-26 19:31 . 2009-04-26 19:31 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-04-26 19:30 . 2009-04-26 19:31 -------- d-----w c:\program files\AIM6
2009-04-24 01:41 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 01:41 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 01:40 . 2009-04-24 01:40 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-24 01:40 . 2009-04-24 01:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 23:24 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-23 20:23 . 2009-04-23 20:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-20 23:20 . 2009-04-20 23:20 -------- d-----w c:\documents and settings\Brendan\Local Settings\Application Data\Symantec
2009-04-20 23:11 . 2009-04-20 23:11 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-20 23:02 . 2009-04-20 23:02 -------- d-----w c:\windows\system32\drivers\NIS
2009-04-20 22:33 . 2009-04-20 22:33 -------- d-----w c:\documents and settings\All Users\Application Data\PCSettings
2009-04-20 22:30 . 2009-04-23 19:49 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-20 22:29 . 2009-04-22 00:01 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-19 19:42 . 2009-04-19 19:43 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-19 19:40 . 2009-04-19 19:40 -------- d-----w c:\program files\Lavasoft
2009-04-19 19:40 . 2009-04-19 19:48 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-19 19:07 . 2006-03-01 09:21 117248 ----a-w c:\windows\system32\ribbons.scr
2009-04-19 19:07 . 2006-03-03 18:42 117248 ----a-w c:\windows\system32\Mystify.scr
2009-04-19 19:07 . 2006-03-01 08:53 773120 ----a-w c:\windows\system32\bubbles.scr
2009-04-19 19:06 . 2006-03-01 09:21 1263616 ----a-w c:\windows\system32\aurora.scr
2009-04-19 17:46 . 2007-07-11 18:06 42672 ----a-w c:\windows\system32\wbsys.dll
2009-04-19 17:12 . 2009-04-19 17:12 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-19 04:11 . 2009-04-19 04:11 -------- d-----w c:\program files\UNICCodec
2009-04-19 03:34 . 2009-04-19 03:34 -------- d-----w c:\program files\Passware
2009-04-16 05:05 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 05:05 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-16 05:05 . 2009-02-06 16:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 05:05 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 05:05 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 05:05 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 05:05 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 05:04 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 05:04 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 05:04 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 05:03 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-03-30 19:32 . 2007-03-20 15:33 43520 ----a-w c:\windows\system32\libusb0.dll
2009-03-30 19:32 . 2007-03-20 15:33 28672 ----a-w c:\windows\system32\drivers\libusb0.sys
2009-03-30 19:32 . 2009-03-30 19:32 -------- d-----w c:\program files\LibUSB-Win32
2009-03-30 02:58 . 2009-03-30 19:46 -------- d-----w c:\program files\QuickFreedom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 19:31 . 2006-05-24 22:35 -------- d-----w c:\program files\Viewpoint
2009-04-26 17:19 . 2005-12-06 00:32 -------- d-----w c:\program files\Google
2009-04-24 19:05 . 2005-12-13 00:12 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-24 19:00 . 2008-10-19 01:12 -------- d-----w c:\program files\Norton Security Scan
2009-04-24 10:11 . 2007-04-13 01:16 -------- d-s---w c:\program files\Xfire
2009-04-23 23:24 . 2007-12-16 19:08 -------- d-----w c:\program files\FREE Hi-Q Recorder
2009-04-23 22:50 . 2007-12-17 02:04 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-22 23:59 . 2007-08-05 18:04 2256 ----a-w c:\windows\current_settings.bin
2009-04-15 23:00 . 2007-04-15 23:14 1160 ----a-w c:\windows\checkip.dat
2009-03-24 09:06 . 2009-03-24 09:06 -------- d-----w c:\program files\AskBarDis
2009-03-24 09:06 . 2008-06-09 01:42 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-24 09:06 . 2008-06-09 01:42 -------- d-----w c:\program files\DVDVideoSoft
2009-03-16 22:17 . 2008-03-30 19:45 141199 ----a-w c:\windows\hpoins14.dat
2009-03-15 22:55 . 2009-03-15 22:55 -------- d-----w c:\program files\uTorrent
2009-03-12 20:26 . 2009-03-12 20:25 -------- d-----w c:\program files\iTunes
2009-03-12 20:25 . 2009-03-12 20:25 -------- d-----w c:\program files\iPod
2009-03-12 20:25 . 2009-01-11 19:18 -------- d-----w c:\program files\Common Files\Apple
2009-03-12 20:20 . 2009-03-12 20:20 -------- d-----w c:\program files\Bonjour
2009-03-12 20:18 . 2009-03-12 20:17 -------- d-----w c:\program files\QuickTime
2009-03-06 14:44 . 2005-12-05 20:19 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-12 20:07 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2009-01-11 19:19 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-09 10:20 . 2005-12-05 20:19 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2005-12-05 20:18 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2005-12-05 20:19 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2005-12-05 20:18 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2005-12-05 20:19 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2005-12-05 20:19 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2005-12-05 20:19 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2005-12-05 20:19 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-03 22:59 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2005-12-05 20:19 55808 ----a-w c:\windows\system32\secur32.dll
2009-01-29 20:34 . 2009-01-29 20:34 410984 ----a-w c:\windows\system32\deploytk.dll
2008-09-17 13:16 . 2008-09-17 13:16 549159 --sha-r c:\program files\Norton2009Reset.exe
2001-09-28 21:00 . 2008-06-11 19:39 164864 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 14:32 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-29 136600]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-29 29744]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-26 516440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-09 14743552]

c:\documents and settings\Brendan\Start Menu\Programs\Startup\
LimeWire Acceleration Patch.lnk - c:\program files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe [2008-11-28 407552]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2007-4-11 2702928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-4-10 217088]
BlackBerry Desktop Redirector.lnk - c:\program files\Research In Motion\BlackBerry\Redirector.exe [2007-11-12 1319024]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmas\Tmas.exe [2005-12-12 1310720]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)
"HideClock"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2005-12-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-04-19 17:49 210168 ----a-w c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 gupdate1c9394977b90ac2;Google Update Service (gupdate1c9394977b90ac2);c:\program files\Google\Update\GoogleUpdate.exe [2008-10-28 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-29 29744]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; [x]
S0 vburner;vburner;c:\windows\system32\DRIVERS\vburner.sys [2008-01-08 17408]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2008-03-11 941784]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2005-11-30 28800]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b49bcb6-2b44-11dd-9044-0013a934bbae}]
\Shell\AutoRun\command - f:\jdsecure\Windows\JDSecure20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:50]

2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 19:53]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-28 22:06]

2009-04-24 c:\windows\Tasks\Norton Security Scan for Brendan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-emMON - c:\windows\emmon.exe
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brendan\Application Data\Mozilla\Firefox\Profiles\xmqucv4x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 18:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,33,72,2f,f1,5e,
7b,c2,ef,e2,63,26,f1,3f,c8,ff,68,86,fe,20,40,58,4e,11,6c,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,4e,d5,b2,32,77,
c0,7d,ed,6a,9c,d6,61,af,45,84,18,46,39,cb,b9,a9,0a,2a,66,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,d3,35,db,ac,ff,
66,4d,54,ff,7c,85,e0,43,d4,0e,fe,fc,b6,06,a8,8b,d0,38,33,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,78,72,98,33,35,
15,13,17,86,8c,21,01,be,91,eb,e7,7e,53,f0,98,8c,f7,31,20,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,46,58,75,51,40,
c3,58,6f,f5,1d,4d,73,a8,13,5c,05,35,35,39,77,9b,98,18,3d,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,97,ff,79,95,15,
d5,02,37,df,20,58,62,78,6b,cf,c8,b6,40,49,d8,02,f0,23,af,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,9c,a9,8d,a2,73,
78,06,9e,fb,a7,78,e6,12,2f,9a,ea,7c,38,b0,76,a5,d3,0b,22,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,f7,f7,ba,73,e2,
c7,31,aa,01,3a,48,fc,e8,04,4a,f1,90,27,ad,28,06,7c,27,bd,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,4e,d2,32,c7,8a,
f8,aa,bb,f6,0f,4e,58,98,5b,89,c9,b4,2e,c0,99,f0,3d,39,f4,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,37,ec,13,bc,64,
d6,7a,ff,3d,ce,ea,26,2d,45,aa,78,dd,df,cf,10,fc,3a,fb,b8,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c3,1a,38,99,a1,
d6,09,c2,2a,b7,cc,b5,b9,7f,41,e7,f8,d1,c6,9e,0f,79,e6,47,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,92,e9,a4,fb,a0,
ae,4e,46,6c,43,2d,1e,aa,22,2f,9c,d1,ef,fa,97,8b,d2,68,12,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-04-27 18:14
ComboFix-quarantined-files.txt 2009-04-27 22:13

Pre-Run: 21,525,159,936 bytes free
Post-Run: 23,207,231,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE

356 --- E O F --- 2009-04-16 13:23

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:12 PM

Posted 27 April 2009 - 05:47 PM

See if you can get Malwarebytes up and running now.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 banshee714

banshee714
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 27 April 2009 - 08:42 PM

I ran the scan and here is the Malwarebytes log:


Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/27/2009 9:29:29 PM
mbam-log-2009-04-27 (21-29-29).txt

Scan type: Quick Scan
Objects scanned: 100273
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e330678d-c3b1-4ac1-ad7b-2f9cac58f889} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a54d885f-ea30-42c3-867b-4ad6c6600659} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8883bbc2-e716-4c98-b12c-bb40b4a415ed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8883bbc2-e716-4c98-b12c-bb40b4a415ed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\corpol.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.96,85.255.112.11 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:12 PM

Posted 28 April 2009 - 03:36 PM

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 banshee714

banshee714
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 29 April 2009 - 05:40 AM

I ran spybot and another virus scan and I picked up and removed five trojans. The browser hijacker is gone, so I can now click links on google. I'm pretty sure that everything is gone.


Thank you so much and I'll be sure to donate!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:12 PM

Posted 29 April 2009 - 02:19 PM

Sounds good! :)
Let's clean up.


Run OTListIt and click on the CleanUp button.
Reboot when it asks you to.


===============



Let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:12 PM

Posted 24 May 2009 - 10:44 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users