Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet search redirecting and pop-ups


  • This topic is locked This topic is locked
19 replies to this topic

#1 Adalanne

Adalanne

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 15 November 2009 - 09:26 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/271263/internet-search-redirecting/ ~ OB

The problem started this past April. When I would do an internet search, sometimes the links I would click on would then redirect me to other sites; sometimes unheard of businesses or search sites and quite often to the yellow pages. I ran a variety of malware and spyware programs, but couldn't find anything. I took the computer to a local computer guy who deleted some add-ons from Firefox; it seemed to work, but the next day it turned out the redirect was still there. After a couple months of frustration, I ended up doing a full system restore to factory settings. My computer is an HP, and even after a system restore I am able to access programs from before, which may be why the problem returned.

After a month, it was back. And then the next day, my computer refused to start up. I would try to start, get a black screen with white text saying there was a problem when the computer was last turned off and recommending I try Safe Mode. I would do that, or try normal mode, or try starting with the same settings that last worked, but each time I would only get a quick screen of the Windows opening screen before it would go to a blue screen that restarted my computer too fast for me to read the information on it. This would repeat until I manually shut the computer off. After searching online, I realized the only course I could do was do another full system restore. So I did.

Things worked fine for a while. The other day, though, the internet search redirecting was back. Then, to my horror, pop-ups started happening. Most often they would happen when I click on a link (completely safe sites) and they open in a new tab in Firefox. They don't always happen, and seem to most frequently occur when I open my gmail account, but that could be because it's the website I visit most.

I don't go to dangerous sites or do any sort of downloading; nothing like surfthechannel or Limewire. I have no idea where I could have gotten in the first place, and I certainly don't know how I keep getting it/how it survived 2 system restores.

Version of Windows: XP

Steps taken to try to fix:

Daily AVG scan: since the pop-ups, it's been finding nearly 100 infections each scan

Ran Malwarebytes multiple times: Since April, only 1 issue was ever found, and that was deleted

Ran SuperAntiVirusSpyware multiple times: Adware tracking things found occasionally, and taken care of.

Ran Spybot Search & Destroy multiple times: nothing found

I'm at a complete loss. Any help you have will be greatly appreciated. Thanks.


DDS:


DDS (Ver_09-10-26.01) - NTFSx86
Run by AJB at 21:12:07.26 on Sun 11/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.400 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAS\SomeAuralSystem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\AJB.RISSA\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\sas\SomeAuralSystem.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-21 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-21 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\sas\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\sas\SASKUTIL.SYS [2009-3-23 72944]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-21 285392]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
R3 SASENUM;SASENUM;c:\program files\sas\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-11-07 20:46:38 0 d-----w- c:\docume~1\ajb~1.ris\applic~1\SUPERAntiSpyware.com
2009-11-07 19:30:02 0 d-----w- c:\docume~1\ajb~1.ris\applic~1\Malwarebytes
2009-11-07 19:29:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 19:29:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 19:29:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 18:47:58 0 d-----w- c:\docume~1\ajb~1.ris\applic~1\Canneverbe_Limited
2009-11-01 04:15:08 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-29 23:52:43 0 d-sh--w- c:\documents and settings\ajb.rissa\PrivacIE
2009-10-29 23:50:46 0 d-----w- c:\docume~1\ajb~1.ris\applic~1\HpUpdate
2009-10-23 21:11:59 0 d-----w- c:\windows\system32\scripting
2009-10-23 21:11:59 0 d-----w- c:\windows\system32\en
2009-10-23 21:11:58 0 d-----w- c:\windows\system32\bits
2009-10-23 20:23:38 0 d-----w- c:\windows\system32\LogFiles
2009-10-23 20:22:41 0 d-sh--w- c:\documents and settings\ajb.rissa\IETldCache
2009-10-23 03:03:29 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-23 03:03:28 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-23 03:03:28 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-23 03:03:28 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-23 03:03:28 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-23 03:03:28 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-23 03:03:22 0 d-----w- c:\windows\ie8updates
2009-10-23 03:03:16 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-23 03:02:32 0 dc-h--w- c:\windows\ie8
2009-10-23 02:37:05 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-23 02:37:03 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-23 02:37:03 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-23 02:37:03 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-23 02:35:50 974 ------w- c:\windows\system32\pid.inf
2009-10-23 02:26:23 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-23 02:26:23 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-23 02:25:34 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-10-23 02:25:18 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-10-23 02:25:18 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-10-23 02:25:18 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-10-23 02:25:18 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-10-23 02:25:18 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-23 02:25:18 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-10-23 02:25:17 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-10-23 02:25:17 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-23 02:25:16 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-10-23 02:24:33 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-23 02:23:11 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-23 02:21:25 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-10-23 02:21:25 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-23 02:21:19 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-23 02:21:12 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-23 02:21:07 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-23 02:20:58 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-23 02:19:14 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-23 02:06:48 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-23 02:06:24 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-23 02:06:18 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-23 02:05:02 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-23 02:05:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-23 02:05:02 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-10-23 02:04:44 228864 ------w- c:\windows\system32\dllcache\wmasf.dll
2009-10-23 02:04:25 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-23 02:04:24 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-23 02:04:23 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-23 02:04:23 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-23 02:03:00 0 d-----w- c:\windows\system32\PreInstall
2009-10-23 00:15:25 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-22 03:38:20 0 d-sh--w- c:\documents and settings\ajb.rissa\Temporary Internet Files
2009-10-22 03:38:20 0 d-sh--w- c:\documents and settings\ajb.rissa\History
2009-10-22 03:37:40 1783 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG371UA#ABA)_YN_0Pavi_QCNF6472TRN_E419857002_46_I30BB_SQuanta_V66.21_BF.08_T061106_WXP2_L409_M1015_J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG371UA#ABA)_XMOBILE_CN10_Z.MRK
2009-10-22 03:36:55 0 d-----w- c:\docume~1\ajb~1.ris\applic~1\Intuit
2009-10-22 03:33:12 66594 ----a-w- c:\windows\system32\c_864.nls
2009-10-22 03:33:12 66594 ----a-w- c:\windows\system32\c_862.nls
2009-10-22 03:33:12 66594 ----a-w- c:\windows\system32\c_720.nls
2009-10-22 03:33:12 66082 ----a-w- c:\windows\system32\c_708.nls
2009-10-22 03:33:12 66082 ----a-w- c:\windows\system32\C_28596.NLS
2009-10-22 03:33:12 66082 ----a-w- c:\windows\system32\c_10021.nls
2009-10-22 03:33:12 66082 ----a-w- c:\windows\system32\c_10005.nls
2009-10-22 03:33:12 66082 ----a-w- c:\windows\system32\c_10004.nls
2009-10-22 03:33:12 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-10-22 03:33:12 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-10-22 03:33:12 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2009-10-22 03:33:12 10752 ----a-w- c:\windows\system32\c_iscii.dll
2009-10-22 01:35:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-22 01:35:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-22 01:16:07 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2009-10-22 01:15:55 0 d-----w- c:\program files\AIM
2009-10-22 01:09:29 0 d-----w- c:\windows\system32\appmgmt
2009-10-22 01:02:00 0 d--h--w- C:\$AVG
2009-10-22 01:01:49 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-22 01:01:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-22 01:01:43 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-22 01:01:36 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-22 01:01:17 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:17 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:13 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2008-12-11 23:36:57 1572 ----a-w- c:\program files\fcmsxsm.txt
2005-12-28 00:12:00 83 ----a-w- c:\program files\AoA DVD Ripper Serial.txt
2005-12-27 23:52:00 1698495 ----a-w- c:\program files\AoA DVD Ripper 3.86.exe

============= FINISH: 21:13:53.20 ===============

Attached Files


Edited by Orange Blossom, 15 November 2009 - 10:34 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 15 November 2009 - 11:11 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Adalanne

Adalanne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 16 November 2009 - 12:02 AM

Hi T,

Thanks for coming to my aid, and so quickly, too.

ComboFix log is below.

All best,
Ady

ComboFix 09-11-16.03 - AJB 11/15/2009 23:36..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.453 [GMT -5:00]
Running from: c:\documents and settings\AJB.RISSA\Desktop\thcbytes.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1042098297-2924961068-1041099964-1005
c:\recycler\S-1-5-21-1236361457-1141409950-1858971822-1005
c:\windows\kb913800.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-16 04:30 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-16 04:30 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-15 23:13 . 2009-11-15 23:13 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Sonic
2009-11-15 23:12 . 2009-11-15 23:12 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Leadertech
2009-11-13 02:06 . 2009-11-10 01:52 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-13 02:06 . 2009-11-10 01:52 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-13 02:06 . 2009-11-10 01:52 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-13 02:06 . 2009-10-22 01:01 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-13 02:06 . 2009-11-10 01:51 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-13 02:06 . 2009-10-23 20:28 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-11 03:52 . 2009-11-11 03:52 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Identities
2009-11-10 01:51 . 2009-10-22 01:01 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-09 02:50 . 2009-11-09 02:50 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Apple
2009-11-09 02:50 . 2009-11-09 02:50 -------- d-----w- c:\program files\Apple Software Update
2009-11-09 02:49 . 2009-11-09 02:49 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Apple Computer
2009-11-07 20:47 . 2009-11-15 17:44 117760 ----a-w- c:\documents and settings\AJB.RISSA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 20:46 . 2009-11-07 20:46 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\SUPERAntiSpyware.com
2009-11-07 19:30 . 2009-11-07 19:30 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Malwarebytes
2009-11-07 19:29 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 19:29 . 2009-11-07 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 19:29 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 18:47 . 2009-11-07 18:47 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Canneverbe_Limited
2009-11-07 18:12 . 2009-11-07 18:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-07 04:28 . 2009-11-07 04:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-01 04:56 . 2009-11-02 01:35 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\WMTools Downloaded Files
2009-11-01 04:15 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-29 23:52 . 2009-10-29 23:52 -------- d-sh--w- c:\documents and settings\AJB.RISSA\PrivacIE
2009-10-29 23:50 . 2009-11-06 01:25 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\HpUpdate
2009-10-28 23:56 . 2009-10-28 23:56 126970 ----a-w- c:\documents and settings\AJB.RISSA\Application Data\Move Networks\uninstall.exe
2009-10-28 23:56 . 2009-10-28 23:57 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Move Networks
2009-10-25 16:28 . 2009-10-25 16:34 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Adobe
2009-10-23 21:11 . 2009-10-23 21:12 -------- d-----w- c:\windows\system32\scripting
2009-10-23 21:11 . 2009-10-23 21:11 -------- d-----w- c:\windows\system32\en
2009-10-23 21:11 . 2009-10-23 21:11 -------- d-----w- c:\windows\system32\bits
2009-10-23 20:28 . 2009-10-23 20:28 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-10-23 20:28 . 2009-10-23 20:27 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-10-23 20:28 . 2009-10-22 01:01 842520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-10-23 20:23 . 2009-10-23 20:23 -------- d-----w- c:\windows\system32\LogFiles
2009-10-23 20:23 . 2009-10-23 20:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-23 20:22 . 2009-10-23 20:22 -------- d-sh--w- c:\documents and settings\AJB.RISSA\IETldCache
2009-10-23 03:03 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-23 03:03 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-23 03:03 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-23 03:03 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-23 03:03 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-23 03:03 . 2009-08-29 08:08 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-23 03:03 . 2009-10-23 03:03 -------- d-----w- c:\windows\ie8updates
2009-10-23 03:03 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-23 03:02 . 2009-10-23 03:02 -------- dc-h--w- c:\windows\ie8
2009-10-23 02:37 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-23 02:37 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-23 02:37 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-23 02:37 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-23 02:35 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll
2009-10-23 02:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-23 02:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-23 02:25 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-10-23 02:25 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-10-23 02:25 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-10-23 02:25 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-10-23 02:25 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-10-23 02:25 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-10-23 02:25 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-23 02:25 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-10-23 02:25 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-23 02:25 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-10-23 02:24 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-23 02:21 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-10-23 02:21 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-23 02:21 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-23 02:21 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-23 02:21 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-23 02:20 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-23 02:19 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-23 02:06 . 2009-06-10 13:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-23 02:06 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-23 02:06 . 2008-09-04 16:42 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-23 02:05 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-23 02:05 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-23 02:04 . 2007-10-27 21:39 228864 ------w- c:\windows\system32\dllcache\wmasf.dll
2009-10-23 02:04 . 2009-08-05 00:44 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-23 02:04 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-23 02:04 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-23 02:04 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-23 00:19 . 2009-10-23 00:20 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\vlc
2009-10-23 00:18 . 2009-10-23 00:18 1527352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4220\AIMinst.exe
2009-10-22 03:43 . 2009-10-22 03:43 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Mozilla
2009-10-22 03:38 . 2009-11-16 04:49 -------- d-sh--w- c:\documents and settings\AJB.RISSA\Temporary Internet Files
2009-10-22 03:38 . 2009-10-22 03:38 -------- d-sh--w- c:\documents and settings\AJB.RISSA\History
2009-10-22 03:33 . 2006-03-15 20:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-10-22 03:33 . 2006-03-15 20:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-10-22 03:33 . 2006-03-15 20:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2009-10-22 03:33 . 2006-03-15 20:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2009-10-22 01:35 . 2009-10-22 01:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-22 01:34 . 2009-10-22 01:34 152576 ----a-w- c:\documents and settings\AJB.RISSA\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-22 01:17 . 2009-10-22 01:18 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\acccore
2009-10-22 01:17 . 2009-10-22 01:26 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\AIM
2009-10-22 01:16 . 2009-10-22 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-10-22 01:15 . 2009-10-22 01:16 -------- d-----w- c:\program files\AIM
2009-10-22 01:15 . 2009-10-22 01:15 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\AOL
2009-10-22 01:02 . 2009-10-22 01:02 -------- d-----w- C:\$AVG
2009-10-22 01:01 . 2009-11-10 01:52 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-22 01:01 . 2009-10-22 01:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-22 01:01 . 2009-10-22 01:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-22 01:01 . 2009-10-22 01:01 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-22 01:01 . 2009-11-15 20:03 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-22 01:01 . 2009-11-15 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 22:29 . 2006-09-12 06:39 65680 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 21:40 . 2006-09-12 07:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-29 23:50 . 2006-09-12 05:33 -------- d-----w- c:\program files\HP
2009-10-28 23:56 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\AJB.RISSA\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-23 21:16 . 2006-06-29 18:43 89719 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-23 00:13 . 2006-09-12 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-23 00:13 . 2006-09-12 06:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-22 03:39 . 2009-10-22 03:36 132 ----a-w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\fusioncache.dat
2009-10-22 03:37 . 2009-10-22 03:37 1783 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG371UA#ABA)_YN_0Pavi_QCNF6472TRN_E419857002_46_I30BB_SQuanta_V66.21_BF.08_T061106_WXP2_L409_M1015_J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG371UA#ABA)_XMOBILE_CN10_Z.MRK
2009-10-22 03:08 . 2006-09-12 07:29 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-22 03:07 . 2006-09-12 07:29 -------- d-----w- c:\program files\Quickensetup
2009-10-22 03:07 . 2006-09-12 07:05 -------- d-----w- c:\program files\RGB
2009-10-22 03:06 . 2006-09-12 07:26 -------- d-----w- c:\program files\NetWaiting
2009-10-22 03:05 . 2006-09-12 07:26 -------- d-----w- c:\program files\music_now
2009-10-22 03:05 . 2006-09-12 07:06 -------- d-----w- c:\program files\Microsoft Works
2009-10-22 03:04 . 2006-09-12 07:28 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2009-10-22 02:57 . 2006-09-12 07:28 -------- d-----w- c:\program files\DivX
2009-10-22 02:57 . 2006-09-12 06:46 -------- d-----w- c:\program files\CONEXANT
2009-10-22 02:56 . 2006-09-12 05:33 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-10-22 02:56 . 2006-09-12 05:33 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-22 02:55 . 2006-09-12 07:42 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-22 02:48 . 2006-09-12 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-22 02:47 . 2006-09-12 06:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2009-10-22 01:53 . 2006-09-12 07:16 -------- d-----w- c:\program files\WildTangent
2009-10-22 01:45 . 2006-09-12 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-10-22 01:11 . 2006-09-12 07:24 -------- d-----w- c:\program files\Yahoo!
2009-10-22 01:09 . 2006-09-12 07:29 -------- d-----w- c:\program files\Quicken
2009-10-22 01:01 . 2009-07-15 04:08 -------- d-----w- c:\program files\AVG
2009-10-10 02:48 . 2009-08-10 19:54 -------- d-----w- c:\documents and settings\Amy\Application Data\Skype
2009-10-09 22:16 . 2009-08-10 19:55 -------- d-----w- c:\documents and settings\Amy\Application Data\skypePM
2009-10-08 03:28 . 2009-10-08 03:28 152576 ----a-w- c:\documents and settings\Amy\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-03 20:24 . 2009-08-10 21:45 -------- d-----w- c:\documents and settings\Amy\Application Data\HP
2009-10-01 02:44 . 2009-10-01 02:42 -------- d-----w- c:\documents and settings\Amy\Application Data\Apple Computer
2009-10-01 02:42 . 2009-10-01 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 02:41 . 2009-10-01 02:38 -------- d-----w- c:\program files\Common Files\Apple
2009-10-01 02:41 . 2009-10-01 02:41 -------- d-----w- c:\program files\Bonjour
2009-10-01 02:40 . 2007-10-04 12:06 -------- d-----w- c:\program files\QuickTime
2009-10-01 02:02 . 2009-09-27 19:06 117760 ----a-w- c:\documents and settings\Amy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-30 00:22 . 2009-09-25 23:53 -------- d-----w- c:\documents and settings\Amy\Application Data\Move Networks
2009-09-30 00:22 . 2009-09-30 00:22 126970 ----a-w- c:\documents and settings\Amy\Application Data\Move Networks\uninstall.exe
2009-09-30 00:22 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Amy\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-09-27 19:05 . 2009-09-27 19:05 -------- d-----w- c:\documents and settings\Amy\Application Data\SUPERAntiSpyware.com
2009-09-25 05:48 . 2009-09-25 05:48 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-21 21:09 . 2009-09-21 21:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-19 15:40 . 2009-09-19 15:40 3584 ----a-r- c:\documents and settings\Amy\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-09-19 15:40 . 2009-09-19 15:40 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-19 15:39 . 2009-09-19 15:39 -------- d-----w- c:\program files\MSECACHE
2009-09-19 15:28 . 2009-09-19 15:28 152576 ----a-w- c:\documents and settings\Amy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-19 15:23 . 2009-08-28 02:13 -------- d-----w- c:\documents and settings\Amy\Application Data\HpUpdate
2009-09-19 15:15 . 2009-09-19 15:15 -------- d-----w- c:\program files\CDBurnerXP
2009-09-19 15:12 . 2009-08-08 04:25 -------- d-----w- c:\documents and settings\Amy\Application Data\gtk-2.0
2009-09-19 15:11 . 2009-09-19 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-19 15:11 . 2009-09-19 15:11 -------- d-----w- c:\program files\NOS
2009-09-11 14:18 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-03-16 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-12-11 23:36 . 2008-12-11 23:36 1572 ----a-w- c:\program files\fcmsxsm.txt
2005-12-28 00:12 . 2005-12-28 00:12 83 ----a-w- c:\program files\AoA DVD Ripper Serial.txt
2005-12-27 23:52 . 2005-12-27 23:52 1698495 ----a-w- c:\program files\AoA DVD Ripper 3.86.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 16:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SAS\SomeAuralSystem.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-22 149280]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-14 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-22 01:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/21/2009 8:01 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/21/2009 8:01 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SAS\sasdifsv.sys [3/23/2009 1:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SAS\SASKUTIL.SYS [3/23/2009 1:07 PM 72944]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/21/2009 8:01 PM 285392]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952]
R3 SASENUM;SASENUM;c:\program files\SAS\SASENUM.SYS [3/23/2009 1:07 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
AddRemove-B3EE3001-DC24-4cd1-8743-5692C716659F - c:\program files\EnglishOtto\uninstallotto.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 23:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????v??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D2B50C]<<
kernel: MBR read successfully

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-15 23:56
ComboFix-quarantined-files.txt 2009-11-16 04:56

Pre-Run: 73,683,337,216 bytes free
Post-Run: 76,463,132,672 bytes free

- - End Of File - - 4398BAD85E3822BA7BBD4FF45FB1F6C1

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 16 November 2009 - 01:43 PM

Are you still getting redirected?

Please do this...

Please download MBR.exe from here ->
http://www2.gmer.net/mbr/mbr.exe

Save the file to your desktop and double click on it.

A new text file will appear on your desktop, created by the tool. Copy and paste that file here, please.

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *atapi*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==========

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

==========

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\drivers\atapi.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
==========

With your next post please provide:

* Still getting redirected?
* Mbr log
* Gmer log
* SystemLook.txt
* Upload result
* ESET log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Adalanne

Adalanne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 17 November 2009 - 07:55 AM

I haven't had the the opportunity to go through with the last step (ESET) yet all the way, but I do have a question. On the same screen with the "Scan Archives" check box, there was a box already checked that read something like "Remove Found Threats." Should that remain checked or should I uncheck it before performing the scan?

Thanks so much for your help.

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 17 November 2009 - 09:59 AM

Yes. Let it remove the threats. :(
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Adalanne

Adalanne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 17 November 2009 - 09:55 PM

Thought that would be the thing to do, but wanted to make sure. :(

Yes, still getting redirected. (Both before I did all the following, and now that I have done all of it.)

MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully



GMER:

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-16 21:33:56
Windows 5.1.2600 Service Pack 3
Running: zd3n6vqz.exe; Driver: C:\DOCUME~1\AJB~1.RIS\LOCALS~1\Temp\uxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SAS\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9F117DF0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



SystemLook:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:51 on 16/11/2009 by AJB (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi*"
C:\cmdcons\ATAPI.SY_ --a--- 49558 bytes [03:59 04/08/2004] [03:59 04/08/2004] 28541D14647BB58502D09D1CEAEE6684
C:\I386\ATAPI.SY_ --a--- 49558 bytes [20:00 15/03/2006] [20:00 15/03/2006] 28541D14647BB58502D09D1CEAEE6684
C:\I386\COMPDATA\DECATAPI.HTM --a--- 881 bytes [20:00 15/03/2006] [20:00 15/03/2006] FDA00ABB8831E4903E9442E9B01843ED
C:\I386\COMPDATA\DECATAPI.TXT --a--- 449 bytes [20:00 15/03/2006] [20:00 15/03/2006] F5A5EAC5B4790D90031B913DD5D559A5
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [21:06 23/10/2009] [13:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [04:50 16/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [23:45 18/08/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--- 96512 bytes [04:30 16/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [04:30 16/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-



Jotti:

Filename: a0u20og3.sys
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 10 Nov 2009 17:37:22 (CET) Permalink

Additional Info:
File size: 96512 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 9f3a2f5aa6875c72bf062c712cfa2674
SHA1: a719156e8ad67456556a02c34e762944234e7a44
Packer (Kaspersky): PE_Patch



ESET:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent15.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent27.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent46.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined



Thanks,

Ady

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 17 November 2009 - 10:50 PM

Arrgghhhh! :(

Let's keep digging........

Right click and delete you current copy of Combofix.

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========
With your next post please provide:

* Combofix.txt
* MBAM log
* RootRepeal log
* OTL logs
* Still redirected?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Adalanne

Adalanne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 18 November 2009 - 08:42 PM

Well, at least I know it wasn't an easy little fix I was overlooking. ;)

But good news! After doing all the below, I'm not getting redirected anymore. I did a bunch of searches to make sure it wasn't a fluke, but everything is working fine now!

You're fabulous, t. Thank you so much for your help! If there's anything more I should do, let me know.

Thanks again!

-Ady



ComboFix:

ComboFix 09-11-18.06 - AJB 11/18/2009 19:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.617 [GMT -5:00]
Running from: c:\documents and settings\AJB.RISSA\Desktop\thcbytes.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-17 03:21 . 2009-11-17 03:21 -------- d-----w- c:\program files\ESET
2009-11-16 04:30 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-16 04:30 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-15 23:13 . 2009-11-15 23:13 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Sonic
2009-11-15 23:12 . 2009-11-15 23:12 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Leadertech
2009-11-13 02:06 . 2009-11-10 01:52 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-13 02:06 . 2009-11-10 01:52 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-13 02:06 . 2009-11-10 01:52 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-13 02:06 . 2009-10-22 01:01 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-13 02:06 . 2009-11-10 01:51 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-13 02:06 . 2009-10-23 20:28 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-11 03:52 . 2009-11-11 03:52 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Identities
2009-11-10 01:51 . 2009-10-22 01:01 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-09 02:50 . 2009-11-09 02:50 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Apple
2009-11-09 02:50 . 2009-11-09 02:50 -------- d-----w- c:\program files\Apple Software Update
2009-11-09 02:49 . 2009-11-09 02:49 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Apple Computer
2009-11-07 20:47 . 2009-11-19 00:08 117760 ----a-w- c:\documents and settings\AJB.RISSA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 20:46 . 2009-11-07 20:46 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\SUPERAntiSpyware.com
2009-11-07 19:30 . 2009-11-07 19:30 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Malwarebytes
2009-11-07 19:29 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 19:29 . 2009-11-07 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 19:29 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 18:47 . 2009-11-07 18:47 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Canneverbe_Limited
2009-11-07 18:12 . 2009-11-07 18:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-07 04:28 . 2009-11-07 04:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-01 04:56 . 2009-11-02 01:35 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\WMTools Downloaded Files
2009-11-01 04:15 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-29 23:52 . 2009-10-29 23:52 -------- d-sh--w- c:\documents and settings\AJB.RISSA\PrivacIE
2009-10-29 23:50 . 2009-11-06 01:25 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\HpUpdate
2009-10-28 23:56 . 2009-10-28 23:56 126970 ----a-w- c:\documents and settings\AJB.RISSA\Application Data\Move Networks\uninstall.exe
2009-10-28 23:56 . 2009-10-28 23:57 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\Move Networks
2009-10-25 16:28 . 2009-10-25 16:34 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Adobe
2009-10-23 21:11 . 2009-10-23 21:12 -------- d-----w- c:\windows\system32\scripting
2009-10-23 21:11 . 2009-10-23 21:11 -------- d-----w- c:\windows\system32\en
2009-10-23 21:11 . 2009-10-23 21:11 -------- d-----w- c:\windows\system32\bits
2009-10-23 20:28 . 2009-10-23 20:28 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-10-23 20:28 . 2009-10-23 20:27 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-10-23 20:28 . 2009-10-22 01:01 842520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-10-23 20:23 . 2009-10-23 20:23 -------- d-----w- c:\windows\system32\LogFiles
2009-10-23 20:23 . 2009-10-23 20:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-23 20:22 . 2009-10-23 20:22 -------- d-sh--w- c:\documents and settings\AJB.RISSA\IETldCache
2009-10-23 03:03 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-23 03:03 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-23 03:03 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-23 03:03 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-23 03:03 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-23 03:03 . 2009-08-29 08:08 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-23 03:03 . 2009-10-23 03:03 -------- d-----w- c:\windows\ie8updates
2009-10-23 03:03 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-23 03:02 . 2009-10-23 03:02 -------- dc-h--w- c:\windows\ie8
2009-10-23 02:37 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-23 02:37 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-23 02:37 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-23 02:37 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-23 02:35 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll
2009-10-23 02:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-23 02:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-23 02:25 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-10-23 02:25 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-10-23 02:25 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-10-23 02:25 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-10-23 02:25 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-10-23 02:25 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-10-23 02:25 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-23 02:25 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-10-23 02:25 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-23 02:25 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-10-23 02:24 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-23 02:21 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-10-23 02:21 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-23 02:21 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-23 02:21 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-23 02:21 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-23 02:20 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-23 02:19 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-23 02:06 . 2009-06-10 13:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-23 02:06 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-23 02:06 . 2008-09-04 16:42 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-23 02:05 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-23 02:05 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-23 02:04 . 2007-10-27 21:39 228864 ------w- c:\windows\system32\dllcache\wmasf.dll
2009-10-23 02:04 . 2009-08-05 00:44 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-23 02:04 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-23 02:04 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-23 02:04 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-23 00:19 . 2009-10-23 00:20 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\vlc
2009-10-23 00:18 . 2009-10-23 00:18 1527352 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4220\AIMinst.exe
2009-10-22 03:43 . 2009-10-22 03:43 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\Mozilla
2009-10-22 03:38 . 2009-11-19 00:47 -------- d--h--w- c:\documents and settings\AJB.RISSA\Temporary Internet Files
2009-10-22 03:38 . 2009-10-22 03:38 -------- d--h--w- c:\documents and settings\AJB.RISSA\History
2009-10-22 03:33 . 2006-03-15 20:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-10-22 03:33 . 2006-03-15 20:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-10-22 03:33 . 2006-03-15 20:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2009-10-22 03:33 . 2006-03-15 20:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2009-10-22 01:35 . 2009-10-22 01:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-22 01:34 . 2009-10-22 01:34 152576 ----a-w- c:\documents and settings\AJB.RISSA\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-22 01:17 . 2009-10-22 01:18 -------- d-----w- c:\documents and settings\AJB.RISSA\Application Data\acccore
2009-10-22 01:17 . 2009-10-22 01:26 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\AIM
2009-10-22 01:16 . 2009-10-22 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-10-22 01:15 . 2009-10-22 01:16 -------- d-----w- c:\program files\AIM
2009-10-22 01:15 . 2009-10-22 01:15 -------- d-----w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\AOL
2009-10-22 01:02 . 2009-10-22 01:02 -------- d-----w- C:\$AVG
2009-10-22 01:01 . 2009-11-10 01:52 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-22 01:01 . 2009-10-22 01:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-22 01:01 . 2009-10-22 01:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-22 01:01 . 2009-10-22 01:01 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-22 01:01 . 2009-11-19 00:11 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-22 01:01 . 2009-11-15 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 22:29 . 2006-09-12 06:39 65680 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 21:40 . 2006-09-12 07:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-29 23:50 . 2006-09-12 05:33 -------- d-----w- c:\program files\HP
2009-10-28 23:56 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\AJB.RISSA\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-23 21:16 . 2006-06-29 18:43 89719 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-23 00:13 . 2006-09-12 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-23 00:13 . 2006-09-12 06:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-22 03:39 . 2009-10-22 03:36 132 ----a-w- c:\documents and settings\AJB.RISSA\Local Settings\Application Data\fusioncache.dat
2009-10-22 03:37 . 2009-10-22 03:37 1783 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG371UA#ABA)_YN_0Pavi_QCNF6472TRN_E419857002_46_I30BB_SQuanta_V66.21_BF.08_T061106_WXP2_L409_M1015_J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG371UA#ABA)_XMOBILE_CN10_Z.MRK
2009-10-22 03:08 . 2006-09-12 07:29 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-22 03:07 . 2006-09-12 07:29 -------- d-----w- c:\program files\Quickensetup
2009-10-22 03:07 . 2006-09-12 07:05 -------- d-----w- c:\program files\RGB
2009-10-22 03:06 . 2006-09-12 07:26 -------- d-----w- c:\program files\NetWaiting
2009-10-22 03:05 . 2006-09-12 07:26 -------- d-----w- c:\program files\music_now
2009-10-22 03:05 . 2006-09-12 07:06 -------- d-----w- c:\program files\Microsoft Works
2009-10-22 03:04 . 2006-09-12 07:28 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2009-10-22 02:57 . 2006-09-12 07:28 -------- d-----w- c:\program files\DivX
2009-10-22 02:57 . 2006-09-12 06:46 -------- d-----w- c:\program files\CONEXANT
2009-10-22 02:56 . 2006-09-12 05:33 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-10-22 02:56 . 2006-09-12 05:33 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-22 02:55 . 2006-09-12 07:42 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-22 02:48 . 2006-09-12 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-22 02:47 . 2006-09-12 06:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2009-10-22 01:53 . 2006-09-12 07:16 -------- d-----w- c:\program files\WildTangent
2009-10-22 01:45 . 2006-09-12 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-10-22 01:11 . 2006-09-12 07:24 -------- d-----w- c:\program files\Yahoo!
2009-10-22 01:09 . 2006-09-12 07:29 -------- d-----w- c:\program files\Quicken
2009-10-22 01:01 . 2009-07-15 04:08 -------- d-----w- c:\program files\AVG
2009-10-10 02:48 . 2009-08-10 19:54 -------- d-----w- c:\documents and settings\Amy\Application Data\Skype
2009-10-09 22:16 . 2009-08-10 19:55 -------- d-----w- c:\documents and settings\Amy\Application Data\skypePM
2009-10-08 03:28 . 2009-10-08 03:28 152576 ----a-w- c:\documents and settings\Amy\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-03 20:24 . 2009-08-10 21:45 -------- d-----w- c:\documents and settings\Amy\Application Data\HP
2009-10-01 02:44 . 2009-10-01 02:42 -------- d-----w- c:\documents and settings\Amy\Application Data\Apple Computer
2009-10-01 02:42 . 2009-10-01 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 02:41 . 2009-10-01 02:38 -------- d-----w- c:\program files\Common Files\Apple
2009-10-01 02:41 . 2009-10-01 02:41 -------- d-----w- c:\program files\Bonjour
2009-10-01 02:40 . 2007-10-04 12:06 -------- d-----w- c:\program files\QuickTime
2009-10-01 02:02 . 2009-09-27 19:06 117760 ----a-w- c:\documents and settings\Amy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-30 00:22 . 2009-09-25 23:53 -------- d-----w- c:\documents and settings\Amy\Application Data\Move Networks
2009-09-30 00:22 . 2009-09-30 00:22 126970 ----a-w- c:\documents and settings\Amy\Application Data\Move Networks\uninstall.exe
2009-09-30 00:22 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Amy\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-09-27 19:05 . 2009-09-27 19:05 -------- d-----w- c:\documents and settings\Amy\Application Data\SUPERAntiSpyware.com
2009-09-25 05:48 . 2009-09-25 05:48 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-21 21:09 . 2009-09-21 21:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-19 15:40 . 2009-09-19 15:40 3584 ----a-r- c:\documents and settings\Amy\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-09-19 15:28 . 2009-09-19 15:28 152576 ----a-w- c:\documents and settings\Amy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-11 14:18 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-16 04:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-03-16 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-12-11 23:36 . 2008-12-11 23:36 1572 ----a-w- c:\program files\fcmsxsm.txt
2005-12-28 00:12 . 2005-12-28 00:12 83 ----a-w- c:\program files\AoA DVD Ripper Serial.txt
2005-12-27 23:52 . 2005-12-27 23:52 1698495 ----a-w- c:\program files\AoA DVD Ripper 3.86.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-16_04.49.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-19 00:40 . 2009-11-19 00:40 16384 c:\windows\temp\Perflib_Perfdata_514.dat
+ 2006-09-12 06:46 . 2009-11-19 00:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-12 06:46 . 2009-11-15 17:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-07 18:12 . 2009-11-19 00:07 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-11-07 18:12 . 2009-11-15 17:43 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-09-12 06:46 . 2009-11-19 00:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-12 06:46 . 2009-11-15 17:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 16:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SAS\SomeAuralSystem.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-22 149280]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-14 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-22 01:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/21/2009 8:01 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/21/2009 8:01 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SAS\sasdifsv.sys [3/23/2009 1:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SAS\SASKUTIL.SYS [3/23/2009 1:07 PM 72944]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/21/2009 8:01 PM 285392]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952]
S3 SASENUM;SASENUM;c:\program files\SAS\SASENUM.SYS [3/23/2009 1:07 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 19:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????v??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-18 19:49
ComboFix-quarantined-files.txt 2009-11-19 00:49
ComboFix2.txt 2009-11-16 04:57

Pre-Run: 76,266,541,056 bytes free
Post-Run: 76,227,805,184 bytes free

- - End Of File - - 5E36F8541EB2FCC516EDB6212CD7B1EE



MBAM:

Malwarebytes' Anti-Malware 1.41
Database version: 3195
Windows 5.1.2600 Service Pack 3

11/18/2009 8:13:21 PM
mbam-log-2009-11-18 (20-13-21).txt

Scan type: Quick Scan
Objects scanned: 120648
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



RootRepeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/18 20:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\AJB~1.RIS\LOCALS~1\Temp\catchme.sys
Address: 0x9F649000 Size: 31744 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF79F2000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9D710000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\$avg\$chjw\60527e24-2202-4971-aecb-286139da6999
Status: Size mismatch (API: 1307472, Raw: 1182780)

Path: c:\$avg\$chjw\e324f9dd-749c-4fdf-a5a9-885422d74f4d
Status: Size mismatch (API: 2396540, Raw: 2310852)

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

==EOF==



OTL:

OTL logfile created on: 11/18/2009 8:26:54 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\AJB.RISSA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 425.99 Mb Available Physical Memory | 42.01% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 71.00 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.15 Gb Free Space | 9.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RISSA
Current User Name: AJB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/18 20:25:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AJB.RISSA\Desktop\OTL.exe
PRC - [2009/11/12 21:06:10 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/06 09:30:52 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/21 20:35:08 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/21 20:01:24 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/21 20:01:23 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/21 20:01:22 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/21 20:01:18 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/06/22 06:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2009/06/22 06:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/18 18:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/12/15 22:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/18 20:25:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AJB.RISSA\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/21 20:35:08 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/21 20:01:18 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/22 06:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2009/06/22 06:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/06/12 15:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 18:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/12/15 22:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2005/10/06 20:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/08/04 04:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 11:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme)
DRV - [2009/11/09 20:52:02 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/21 20:01:43 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/21 20:01:42 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/22 06:48:44 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/03/23 13:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SAS\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 13:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SAS\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 13:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SAS\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/05/08 09:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/06/16 23:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/06/06 15:39:56 | 00,061,952 | ---- | M] (Ricoh) -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 10:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 15:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 12:06:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/04/20 11:03:20 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 11:02:40 | 00,208,000 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 11:02:36 | 00,727,296 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/11 05:35:18 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2006/03/22 15:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/03/15 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/15 06:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/22 12:02:22 | 00,051,840 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 15:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 13:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 04:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 16:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 16:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 16:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/06/20 19:05:58 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 01:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\S-1-5-21-2682602586-3902047396-2612792117-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.the-leaky-cauldron.org"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/22 09:51:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 09:30:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 21:51:19 | 00,000,000 | ---D | M]

[2009/10/21 19:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Mozilla\Extensions
[2009/10/21 19:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/21 19:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Mozilla\Firefox\Profiles\vmlie8z8.default\extensions
[2009/11/18 20:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 09:30:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/19 10:12:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/22 09:51:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/19 10:19:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/06 09:30:52 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 09:30:52 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/09/03 13:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/09/19 10:29:20 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/03/20 17:21:26 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/06 09:30:54 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/12/18 03:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2007/02/08 13:24:54 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/11/08 21:51:19 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/08 21:51:19 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/08 21:51:19 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/08 21:51:19 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/08 21:51:19 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/08 21:51:19 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/08 21:51:19 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/02/08 13:24:59 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2007/02/08 13:24:50 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/08/29 09:01:22 | 00,106,348 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/09/19 19:09:14 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/19 19:09:14 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/14 23:10:33 | 00,001,497 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/09/19 19:09:14 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/19 19:09:14 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/19 19:09:14 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/19 19:09:14 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/19 19:09:14 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SAS\SomeAuralSystem.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 22:01:29 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/11/16 22:01:32 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/18 20:25:54 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AJB.RISSA\Desktop\OTL.exe
[2009/11/16 22:21:55 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/16 22:01:29 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/11/15 23:35:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/15 23:30:15 | 00,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/11/15 23:30:15 | 00,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/11/15 23:28:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/15 23:25:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/15 23:25:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/15 23:25:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/15 23:25:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/15 23:24:46 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/15 18:13:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Sonic
[2009/11/15 18:12:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Leadertech
[2009/11/14 23:21:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\AJB.RISSA\Desktop\RootRepeal.exe
[2009/11/10 22:52:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Identities
[2009/11/08 21:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Apple
[2009/11/08 21:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/11/08 21:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Apple Computer
[2009/11/07 16:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/11/07 15:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\SUPERAntiSpyware.com
[2009/11/07 14:30:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Malwarebytes
[2009/11/07 14:29:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 14:29:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 14:29:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/07 13:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\My Documents\CDBurnerXP Projects
[2009/11/07 13:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Canneverbe_Limited
[2009/10/31 23:56:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/31 23:15:08 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009/10/31 23:15:08 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2009/10/29 18:52:43 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\AJB.RISSA\PrivacIE
[2009/10/29 18:50:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\HpUpdate
[2009/10/28 18:56:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Move Networks
[2009/10/25 11:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Adobe
[2009/10/25 11:18:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Adobe
[2009/10/23 16:25:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/23 16:11:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/23 16:11:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/23 16:11:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/10/23 15:23:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/23 15:22:41 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\AJB.RISSA\IETldCache
[2009/10/22 22:03:29 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/22 22:03:28 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/10/22 22:03:28 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/10/22 22:03:28 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/10/22 22:03:28 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/22 22:03:28 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/10/22 22:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/22 22:03:16 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/22 22:02:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/22 22:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/10/22 22:00:47 | 26,768,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/22 21:37:05 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/10/22 21:37:03 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/10/22 21:37:03 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/10/22 21:37:03 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/10/22 21:36:57 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/10/22 21:36:57 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/10/22 21:36:57 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/10/22 21:36:57 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/10/22 21:36:57 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/10/22 21:36:57 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/10/22 21:36:57 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/10/22 21:36:56 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/10/22 21:36:56 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/10/22 21:36:56 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/10/22 21:36:56 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/10/22 21:36:52 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/10/22 21:36:52 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/10/22 21:36:52 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/10/22 21:36:45 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/10/22 21:36:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009/10/22 21:36:43 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/10/22 21:36:43 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/10/22 21:36:43 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/10/22 21:36:43 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/10/22 21:36:43 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/10/22 21:36:43 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/10/22 21:36:43 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/10/22 21:36:43 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/10/22 21:36:43 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/10/22 21:36:43 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/10/22 21:36:42 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/10/22 21:36:41 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/10/22 21:36:40 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/10/22 21:36:38 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/10/22 21:36:38 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/10/22 21:36:38 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/10/22 21:36:37 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/10/22 21:36:37 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/10/22 21:36:37 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/10/22 21:36:36 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/10/22 21:36:36 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/10/22 21:36:35 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/10/22 21:36:35 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/10/22 21:36:34 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/10/22 21:36:33 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/10/22 21:36:31 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/10/22 21:36:28 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/10/22 21:36:28 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/10/22 21:36:27 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/10/22 21:36:22 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/10/22 21:36:22 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/10/22 21:36:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/10/22 21:36:22 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/10/22 21:36:21 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/10/22 21:36:21 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/10/22 21:36:21 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/10/22 21:36:21 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/10/22 21:36:20 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/10/22 21:36:20 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/10/22 21:36:19 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/10/22 21:36:19 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/10/22 21:36:07 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/10/22 21:36:07 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/10/22 21:36:07 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/10/22 21:36:07 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/10/22 21:36:03 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/10/22 21:36:03 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/10/22 21:36:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/10/22 21:36:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/10/22 21:36:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/10/22 21:36:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/10/22 21:35:50 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/10/22 21:35:50 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/10/22 21:35:50 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/10/22 21:35:45 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/10/22 21:35:45 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/10/22 21:35:45 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/10/22 21:35:45 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/10/22 21:35:44 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/10/22 21:35:44 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/10/22 21:35:44 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/10/22 21:35:44 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/10/22 21:35:44 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/10/22 21:35:44 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/10/22 21:35:44 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/10/22 21:35:44 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/10/22 21:35:44 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/10/22 21:35:44 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/10/22 21:35:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/10/22 21:35:42 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/10/22 21:35:42 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/10/22 21:35:42 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/10/22 21:35:42 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/10/22 21:35:42 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/10/22 21:35:42 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/10/22 21:35:42 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/10/22 21:35:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/10/22 21:35:42 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/10/22 21:35:42 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/10/22 21:35:32 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/10/22 21:35:30 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/10/22 21:35:30 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/10/22 21:35:30 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/10/22 21:35:30 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/10/22 21:35:30 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/10/22 21:35:30 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/10/22 21:35:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/10/22 21:35:29 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/10/22 21:35:29 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/10/22 21:35:24 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/10/22 21:35:24 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/10/22 21:35:24 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/10/22 21:35:24 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/10/22 21:35:24 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/10/22 21:35:24 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/10/22 21:35:24 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/10/22 21:35:24 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/10/22 21:35:24 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/10/22 21:35:24 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/10/22 21:35:24 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/10/22 21:35:24 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/10/22 21:35:19 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/10/22 21:35:19 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/10/22 21:35:19 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/10/22 21:35:19 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/10/22 21:35:19 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/10/22 21:35:19 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/10/22 21:35:19 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/10/22 21:35:19 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/10/22 21:35:19 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/10/22 21:35:19 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/10/22 21:35:19 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/10/22 21:35:19 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/10/22 21:35:19 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/10/22 21:35:19 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/10/22 21:35:19 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/10/22 21:35:19 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/10/22 21:35:19 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/10/22 21:35:19 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/10/22 21:35:19 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/10/22 21:35:18 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/10/22 21:35:18 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/10/22 21:35:18 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/10/22 21:35:18 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/10/22 21:35:18 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/10/22 21:35:18 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/10/22 21:35:18 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/10/22 21:35:18 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/10/22 21:35:18 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/10/22 21:35:18 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/10/22 21:35:18 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/10/22 21:35:18 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/10/22 21:26:23 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/10/22 21:26:23 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/10/22 21:25:34 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/10/22 21:25:18 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/10/22 21:25:18 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/10/22 21:25:18 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/10/22 21:25:18 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/10/22 21:25:18 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/10/22 21:25:18 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/10/22 21:25:17 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/10/22 21:25:17 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/10/22 21:25:16 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/10/22 21:24:33 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/10/22 21:23:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/10/22 21:21:25 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/10/22 21:21:25 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/10/22 21:21:19 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/10/22 21:21:12 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/10/22 21:21:07 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/10/22 21:20:58 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/10/22 21:19:14 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/10/22 21:06:48 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/10/22 21:06:24 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/10/22 21:06:18 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/10/22 21:05:02 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/10/22 21:05:02 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/10/22 21:04:59 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/10/22 21:04:44 | 00,228,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmasf.dll
[2009/10/22 21:04:25 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/10/22 21:04:24 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/10/22 21:04:23 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/10/22 21:04:23 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/10/22 21:03:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/10/22 19:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\vlc
[2009/10/22 19:15:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/21 22:43:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Mozilla
[2009/10/21 22:43:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Mozilla
[2009/10/21 22:38:20 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\AJB.RISSA\Temporary Internet Files
[2009/10/21 22:38:20 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\AJB.RISSA\History
[2009/10/21 22:36:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Microsoft
[2009/10/21 22:36:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\AJB.RISSA\SendTo
[2009/10/21 22:36:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\AJB.RISSA\Recent
[2009/10/21 22:36:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data
[2009/10/21 22:36:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\AJB.RISSA\Start Menu
[2009/10/21 22:36:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\AJB.RISSA\My Documents\My Videos
[2009/10/21 22:36:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\AJB.RISSA\My Documents\My Pictures
[2009/10/21 22:36:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\AJB.RISSA\My Documents\My Music
[2009/10/21 22:36:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\AJB.RISSA\My Documents
[2009/10/21 22:36:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\AJB.RISSA\Favorites
[2009/10/21 22:36:55 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\AJB.RISSA\Cookies
[2009/10/21 22:36:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\AJB.RISSA\PrintHood
[2009/10/21 22:36:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\AJB.RISSA\NetHood
[2009/10/21 22:36:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Desktop
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Microsoft
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\IsolatedStorage
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\HP
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\BVRP Software
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\ApplicationHistory
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Macromedia
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Intuit
[2009/10/21 22:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Identities
[2009/10/21 22:36:54 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\AJB.RISSA\Templates
[2009/10/21 22:33:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2009/10/21 22:33:12 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2009/10/21 22:33:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2009/10/21 22:33:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2009/10/21 20:35:26 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/21 20:35:26 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/21 20:35:26 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/21 20:35:26 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/21 20:35:26 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/21 20:33:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Sun
[2009/10/21 20:17:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\acccore
[2009/10/21 20:17:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\AIM
[2009/10/21 20:16:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/21 20:15:55 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/10/21 20:15:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\AOL
[2009/10/21 20:09:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/21 20:02:00 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/21 20:01:49 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/21 20:01:49 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/21 20:01:43 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/21 20:01:42 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/21 20:01:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/21 20:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/21 19:47:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\My Documents\Downloads
[2005/12/27 18:52:00 | 01,698,495 | ---- | C] (AoAMedia.Com ) -- C:\Program Files\AoA DVD Ripper 3.86.exe
[2005/09/24 10:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/18 20:25:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AJB.RISSA\Desktop\OTL.exe
[2009/11/18 19:49:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/18 19:47:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/18 19:40:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/18 19:40:13 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/18 19:39:23 | 02,359,296 | -H-- | M] () -- C:\Documents and Settings\AJB.RISSA\NTUSER.DAT
[2009/11/18 19:39:23 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\AJB.RISSA\ntuser.ini
[2009/11/18 19:29:02 | 03,565,213 | R--- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\thcbytes.exe
[2009/11/18 19:11:28 | 45,401,354 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/18 19:11:09 | 00,095,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/18 19:08:20 | 00,001,096 | ---- | M] () -- C:\hpqp.ini
[2009/11/18 19:07:56 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/11/16 22:21:30 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\esetsmartinstaller_enu.exe
[2009/11/16 21:57:04 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Flash_Disinfector.exe
[2009/11/16 21:45:44 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\SystemLook.exe
[2009/11/16 20:11:54 | 00,291,840 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\zd3n6vqz.exe
[2009/11/16 20:09:35 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\mbr.exe
[2009/11/16 19:58:52 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 23:28:41 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/11/15 23:18:48 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\rkill.pif
[2009/11/15 23:16:14 | 00,126,976 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\ResetTeaTimer.exe
[2009/11/15 21:10:55 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\dds.scr
[2009/11/14 23:42:07 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Win32kDiag.exe
[2009/11/14 23:22:29 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\settings.dat
[2009/11/14 23:21:34 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\AJB.RISSA\Desktop\RootRepeal.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/11 23:35:27 | 00,558,755 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\My Documents\racechat.html
[2009/11/11 20:13:26 | 00,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 20:52:02 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/08 21:51:10 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/07 16:41:29 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/07 16:41:02 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/07 16:40:40 | 00,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/07 16:33:11 | 00,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2009/11/07 14:29:58 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/05 00:12:51 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 23:01:52 | 00,453,442 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 23:01:52 | 00,391,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/02 23:01:52 | 00,056,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 23:11:14 | 03,048,613 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\hween_09.zip
[2009/11/01 00:26:45 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/23 16:29:20 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/23 16:09:15 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/10/22 19:22:25 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Windows Media Player.lnk
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/21 22:39:19 | 00,000,132 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\fusioncache.dat
[2009/10/21 22:37:46 | 00,001,783 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG371UA#ABA)_YN_0Pavi_QCNF6472TRN_E419857002_46_I30BB_SQuanta_V66.21_BF.08_T061106_WXP2_L409_M1015_J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG371UA#ABA)_XMOBILE_CN10_Z.MRK
[2009/10/21 22:35:36 | 00,038,383 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/21 22:35:33 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/10/21 22:35:31 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2009/10/21 20:35:08 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/21 20:35:08 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/21 20:35:08 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/21 20:35:08 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/21 20:35:07 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/21 20:17:13 | 00,001,917 | -H-- | M] () -- C:\IPH.PH
[2009/10/21 20:09:20 | 00,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/21 20:01:49 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/21 20:01:49 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/21 20:01:43 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/21 20:01:42 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/21 20:01:42 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/21 20:01:36 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/21 20:01:36 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/18 19:29:02 | 03,565,213 | R--- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\thcbytes.exe
[2009/11/16 22:21:13 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\esetsmartinstaller_enu.exe
[2009/11/16 21:57:04 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Flash_Disinfector.exe
[2009/11/16 21:45:44 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\SystemLook.exe
[2009/11/16 20:11:52 | 00,291,840 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\zd3n6vqz.exe
[2009/11/16 20:09:35 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\mbr.exe
[2009/11/15 23:28:41 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/11/15 23:28:35 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/15 23:25:44 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/15 23:25:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/15 23:25:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/15 23:25:44 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/15 23:25:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/15 23:18:48 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\rkill.pif
[2009/11/15 23:16:14 | 00,126,976 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\ResetTeaTimer.exe
[2009/11/15 21:10:54 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\dds.scr
[2009/11/14 23:42:06 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Win32kDiag.exe
[2009/11/14 23:22:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\settings.dat
[2009/11/11 23:35:27 | 00,558,755 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\My Documents\racechat.html
[2009/11/08 21:51:10 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/07 16:58:00 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Recipes.doc
[2009/11/07 14:29:58 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 23:10:53 | 03,048,613 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\hween_09.zip
[2009/10/31 23:48:43 | 02,926,656 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\3-The Man With The Hex - The Atomic Fireballs.mp3
[2009/10/31 23:41:51 | 03,351,702 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\10. Bad Moon Rising.mp3
[2009/10/31 23:28:01 | 02,805,859 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\02 Batty.wma
[2009/10/31 23:26:30 | 05,238,247 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\10 Masquerade.mp3
[2009/10/31 21:28:11 | 00,049,664 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/22 21:36:24 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/10/22 21:35:50 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/10/22 21:35:37 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/10/22 21:35:24 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/10/22 21:05:02 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/10/22 19:22:25 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Windows Media Player.lnk
[2009/10/21 22:42:26 | 00,001,474 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Pavilion Webcam Demo.lnk
[2009/10/21 22:37:40 | 00,001,783 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG371UA#ABA)_YN_0Pavi_QCNF6472TRN_E419857002_46_I30BB_SQuanta_V66.21_BF.08_T061106_WXP2_L409_M1015_J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG371UA#ABA)_XMOBILE_CN10_Z.MRK
[2009/10/21 22:37:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\AJB.RISSA\Application Data\desktop.ini
[2009/10/21 22:36:58 | 00,000,992 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Help and Support.lnk
[2009/10/21 22:36:57 | 00,051,192 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/21 22:36:57 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\fusioncache.dat
[2009/10/21 22:36:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\DSwitch.txt
[2009/10/21 22:36:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\AtStart.txt
[2009/10/21 22:36:56 | 04,844,004 | -H-- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\IconCache.db
[2009/10/21 22:36:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\QSwitch.txt
[2009/10/21 22:36:54 | 02,359,296 | -H-- | C] () -- C:\Documents and Settings\AJB.RISSA\NTUSER.DAT
[2009/10/21 22:36:54 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\AJB.RISSA\ntuser.ini
[2009/10/21 22:33:12 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/10/21 22:33:12 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/10/21 22:33:12 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/10/21 22:33:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/10/21 22:33:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/10/21 22:33:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/10/21 22:33:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/10/21 22:33:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/10/21 22:28:29 | 10,633,09312 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/21 20:01:49 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/21 20:01:42 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/21 20:01:36 | 45,401,354 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/21 20:01:36 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/21 20:01:36 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/21 20:01:36 | 00,095,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/11 18:36:57 | 00,001,572 | ---- | C] () -- C:\Program Files\fcmsxsm.txt
[2007/04/29 21:58:25 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/02 21:31:08 | 00,000,578 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/02 15:08:52 | 00,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/01/01 20:22:14 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/12 02:29:34 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 02:25:15 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 02:10:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 01:57:52 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 14:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/29 13:49:18 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 13:46:56 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 13:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 13:13:22 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/29 06:00:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/06/29 06:00:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/04 02:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/27 19:12:00 | 00,000,083 | ---- | C] () -- C:\Program Files\AoA DVD Ripper Serial.txt
[2005/12/02 13:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 13:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 15:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== LOP Check ==========

[2007/01/01 20:26:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB\Application Data\acccore
[2009/06/22 09:55:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB\Application Data\Canneverbe_Limited
[2009/05/01 14:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB\Application Data\GlarySoft
[2009/10/21 20:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\acccore
[2009/11/07 13:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Canneverbe_Limited
[2009/11/15 18:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Leadertech
[2008/12/09 21:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/21 20:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/09/06 12:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/07/16 20:28:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/15 12:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/01/02 17:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/04/25 12:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 22:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/21 20:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/09/30 21:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/14 22:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\acccore
[2009/09/06 00:19:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Amazon
[2009/09/19 10:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\gtk-2.0
[2009/08/16 11:24:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Leadertech
[2009/07/14 22:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\MSNInstaller
[2006/03/15 23:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/18 19:49:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >


OTL Extras:

OTL Extras logfile created on: 11/18/2009 8:26:54 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\AJB.RISSA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 425.99 Mb Available Physical Memory | 42.01% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 71.00 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.15 Gb Free Space | 9.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RISSA
Current User Name: AJB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Search" = AIM Search
"AIM_7" = AIM 7
"AVG9Uninstall" = AVG Free 9.0
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2009 12:29:39 AM | Computer Name = RISSA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/16/2009 12:35:47 AM | Computer Name = RISSA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 11/15/2009 11:34:05 AM | Computer Name = RISSA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/15/2009 11:34:05 AM | Computer Name = RISSA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/15/2009 1:43:31 PM | Computer Name = RISSA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/15/2009 1:43:31 PM | Computer Name = RISSA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/16/2009 8:59:17 PM | Computer Name = RISSA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/16/2009 8:59:17 PM | Computer Name = RISSA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/16/2009 9:27:49 PM | Computer Name = RISSA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/16/2009 9:27:49 PM | Computer Name = RISSA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/16/2009 11:04:20 PM | Computer Name = RISSA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/16/2009 11:04:20 PM | Computer Name = RISSA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 18 November 2009 - 11:27 PM

Your welcome. :(

Congratulations! You now appear clean!

==========

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
==========

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.
**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
**********

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Windows XP
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
**********

System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

**********

Good luck & safe surfing,
Regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Adalanne

Adalanne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 November 2009 - 02:33 PM

Hi T,

Everything is running great. Thanks so much for your brilliant help!

-Ady


ComboFix:



All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: AJB

User: AJB.RISSA
->Temp folder emptied: 56938 bytes
->Temporary Internet Files folder emptied: 3965967 bytes
->Java cache emptied: 25493442 bytes
->FireFox cache emptied: 97045855 bytes

User: All Users

User: Amy
->Temp folder emptied: 14754760 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 32005500 bytes
->FireFox cache emptied: 238262011 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58707 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 392.65 mb


OTL by OldTimer - Version 3.1.6.0 log created on 11202009_141426

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 20 November 2009 - 11:55 PM

Your welcome.
It was my pleasure helping you! :(

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 29 November 2009 - 10:33 PM

*** Re-opened per user request ***

Unfortunately, I find my computer redirecting again when I do internet searches. I believe it's a new bug, though, because I went to a photo site that made the computer glitchy; running MBAM right away found a couple things but it had trouble destroying one of them.


Sorry to hear that you having problems again.

Please do this....

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log

Kind regards,
~t

Edited by thcbytes, 29 November 2009 - 10:36 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 Adalanne

Adalanne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 30 November 2009 - 08:46 PM

Hi T,

Thanks so much for following up with me!

-Ady

OTL:

OTL logfile created on: 11/29/2009 10:56:45 PM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\AJB.RISSA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 420.83 Mb Available Physical Memory | 41.50% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 83.08% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 73.72 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.15 Gb Free Space | 9.89% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RISSA
Current User Name: AJB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/29 22:55:47 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AJB.RISSA\Desktop\OTL.exe
PRC - [2009/11/21 11:07:54 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/21 11:07:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/12 21:06:13 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/12 21:06:10 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/21 20:01:24 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/21 20:01:23 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/21 20:01:22 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/21 20:01:18 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/08/21 03:15:32 | 00,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/06/22 06:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2009/06/22 06:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/19 17:14:20 | 00,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2006/06/19 13:33:12 | 00,163,840 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/06/17 00:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/05/18 18:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/05/04 00:58:26 | 00,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2006/03/22 15:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/22 15:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/09/24 10:42:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2009/11/29 22:55:47 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AJB.RISSA\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/21 11:07:54 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/21 20:01:18 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/22 06:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2009/06/22 06:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2006/06/12 15:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 18:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/10/06 20:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 20:52:02 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/21 20:01:43 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/21 20:01:42 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/22 06:48:44 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/06/17 07:20:34 | 00,012,648 | ---- | M] (Secunia) -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/03/23 13:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SAS\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 13:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SAS\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 13:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SAS\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/05/08 09:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/06/16 23:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/06/06 15:39:56 | 00,061,952 | ---- | M] (Ricoh) -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 10:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 15:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 12:06:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/20 11:03:20 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 11:02:40 | 00,208,000 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 11:02:36 | 00,727,296 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/11 05:35:18 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/03/22 15:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/03/15 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/15 06:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/22 12:02:22 | 00,051,840 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 15:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 13:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 04:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 16:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 16:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 16:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/06/20 19:05:58 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 01:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\S-1-5-21-2682602586-3902047396-2612792117-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.the-leaky-cauldron.org"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 09:30:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 21:51:19 | 00,000,000 | ---D | M]

[2009/10/21 19:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Mozilla\Extensions
[2009/11/28 23:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Mozilla\Firefox\Profiles\vmlie8z8.default\extensions
[2009/11/28 23:36:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SAS\SomeAuralSystem.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\AJB.RISSA\Start Menu\Programs\StartUp\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2682602586-3902047396-2612792117-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 22:01:29 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/11/16 22:01:32 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/29 22:55:46 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AJB.RISSA\Desktop\OTL.exe
[2009/11/27 20:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Desktop\BeingHuman
[2009/11/27 00:56:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Paint.NET
[2009/11/27 00:49:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/11/27 00:48:25 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/11/27 00:48:25 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/11/27 00:48:25 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/11/27 00:48:25 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/11/27 00:48:25 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/11/27 00:48:25 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/11/27 00:48:24 | 00,000,000 | ---D | C] -- C:\50675f1a9d005ca09b
[2009/11/27 00:36:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/11/27 00:24:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\WinRAR
[2009/11/22 20:51:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\My Documents\AIMLogger
[2009/11/22 01:12:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Skype
[2009/11/21 21:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\QuickPlay
[2009/11/21 21:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\HP
[2009/11/21 11:08:11 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/21 11:08:11 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/21 11:08:11 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/21 11:08:11 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/21 11:07:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/21 11:06:41 | 16,832,288 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\AJB.RISSA\Desktop\jre-6u17-windows-i586-s.exe
[2009/11/20 15:38:45 | 00,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\AJB.RISSA\Desktop\StartUpLite.exe
[2009/11/20 15:25:36 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2009/11/20 15:24:18 | 00,716,320 | ---- | C] (Secunia) -- C:\Documents and Settings\AJB.RISSA\Desktop\PSISetup.exe
[2009/11/16 22:21:55 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/16 22:01:29 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/11/15 23:30:15 | 00,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/11/15 23:28:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/15 23:25:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/15 18:13:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Sonic
[2009/11/15 18:12:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Leadertech
[2009/11/10 22:52:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Identities
[2009/11/08 21:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Apple
[2009/11/08 21:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/11/08 21:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\Apple Computer
[2009/11/07 16:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/11/07 15:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\SUPERAntiSpyware.com
[2009/11/07 14:30:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Malwarebytes
[2009/11/07 14:29:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 14:29:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 14:29:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/07 13:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\My Documents\CDBurnerXP Projects
[2009/11/07 13:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Application Data\Canneverbe_Limited
[2009/10/31 23:56:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/31 23:15:08 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2005/12/27 18:52:00 | 01,698,495 | ---- | C] (AoAMedia.Com ) -- C:\Program Files\AoA DVD Ripper 3.86.exe
[2005/09/24 10:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2009/11/29 22:55:47 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AJB.RISSA\Desktop\OTL.exe
[2009/11/29 19:20:00 | 45,908,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/29 19:12:00 | 00,001,319 | ---- | M] () -- C:\hpqp.ini
[2009/11/29 19:11:51 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/11/29 19:11:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/29 19:11:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/29 19:11:03 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/29 19:11:03 | 00,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/29 19:10:03 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\AJB.RISSA\NTUSER.DAT
[2009/11/29 19:10:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\AJB.RISSA\ntuser.ini
[2009/11/29 18:52:22 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/11/29 17:33:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/29 16:52:23 | 00,092,160 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\My Documents\log.doc
[2009/11/29 16:39:22 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\My Documents\timeline.doc
[2009/11/29 10:53:12 | 00,106,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/29 00:38:02 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/28 01:26:08 | 00,478,156 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 01:26:08 | 00,421,182 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 01:26:08 | 00,068,876 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/27 20:14:55 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/27 00:56:26 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2009/11/25 23:41:55 | 00,041,721 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\dreidelgasp.jpg
[2009/11/25 23:41:09 | 00,034,644 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Playing-Dreidel1.gif
[2009/11/25 23:36:05 | 00,028,592 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\illustration.gif
[2009/11/25 23:33:47 | 00,062,402 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\score.jpg
[2009/11/25 23:33:21 | 00,028,842 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\gametrio.jpg
[2009/11/24 23:40:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 21:26:52 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/21 11:07:54 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/21 11:07:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/21 11:07:54 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/21 11:07:54 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/21 11:07:54 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/21 11:06:52 | 16,832,288 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\AJB.RISSA\Desktop\jre-6u17-windows-i586-s.exe
[2009/11/21 11:05:48 | 00,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/20 15:38:45 | 00,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\AJB.RISSA\Desktop\StartUpLite.exe
[2009/11/20 15:26:01 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Start Menu\Programs\StartUp\Secunia PSI.lnk
[2009/11/20 15:24:19 | 00,716,320 | ---- | M] (Secunia) -- C:\Documents and Settings\AJB.RISSA\Desktop\PSISetup.exe
[2009/11/15 23:28:41 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/11/11 23:35:27 | 00,558,755 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\My Documents\racechat.html
[2009/11/09 20:52:02 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/08 21:51:10 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/07 16:41:29 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/07 16:41:02 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/07 16:40:40 | 00,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/07 16:33:11 | 00,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2009/11/07 14:29:58 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 23:11:14 | 03,048,613 | ---- | M] () -- C:\Documents and Settings\AJB.RISSA\Desktop\hween_09.zip

========== Files Created - No Company Name ==========

[2009/11/29 00:38:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/29 00:27:25 | 00,092,160 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\My Documents\log.doc
[2009/11/29 00:26:50 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\My Documents\timeline.doc
[2009/11/27 00:56:26 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2009/11/25 23:41:54 | 00,041,721 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\dreidelgasp.jpg
[2009/11/25 23:41:08 | 00,034,644 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Playing-Dreidel1.gif
[2009/11/25 23:36:04 | 00,028,592 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\illustration.gif
[2009/11/25 23:33:47 | 00,062,402 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\score.jpg
[2009/11/25 23:33:20 | 00,028,842 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\gametrio.jpg
[2009/11/20 15:26:01 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Start Menu\Programs\StartUp\Secunia PSI.lnk
[2009/11/15 23:28:41 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/11/15 23:28:35 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/11 23:35:27 | 00,558,755 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\My Documents\racechat.html
[2009/11/08 21:51:10 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/07 16:58:00 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\Recipes.doc
[2009/11/07 14:29:58 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 23:10:53 | 03,048,613 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\hween_09.zip
[2009/10/31 23:48:43 | 02,926,656 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\3-The Man With The Hex - The Atomic Fireballs.mp3
[2009/10/31 23:41:51 | 03,351,702 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\10. Bad Moon Rising.mp3
[2009/10/31 23:28:01 | 02,805,859 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\02 Batty.wma
[2009/10/31 23:26:30 | 05,238,247 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Desktop\10 Masquerade.mp3
[2009/10/31 21:28:11 | 00,051,200 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/21 22:36:57 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\fusioncache.dat
[2009/10/21 22:36:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\DSwitch.txt
[2009/10/21 22:36:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\AtStart.txt
[2009/10/21 22:36:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\AJB.RISSA\Local Settings\Application Data\QSwitch.txt
[2008/12/11 18:36:57 | 00,001,572 | ---- | C] () -- C:\Program Files\fcmsxsm.txt
[2007/04/29 21:58:25 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/02 21:31:08 | 00,000,578 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/02 15:08:52 | 00,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/01/01 20:22:14 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/12 02:29:34 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 02:25:15 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 02:10:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 01:57:52 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 14:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 13:49:18 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 13:46:56 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 13:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/04 02:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/27 19:12:00 | 00,000,083 | ---- | C] () -- C:\Program Files\AoA DVD Ripper Serial.txt
[2005/12/02 13:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 13:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 15:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== LOP Check ==========

[2007/01/01 20:26:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB\Application Data\acccore
[2009/06/22 09:55:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB\Application Data\Canneverbe_Limited
[2009/05/01 14:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB\Application Data\GlarySoft
[2009/10/21 20:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\acccore
[2009/11/07 13:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Canneverbe_Limited
[2009/11/15 18:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AJB.RISSA\Application Data\Leadertech
[2008/12/09 21:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/21 20:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/09/06 12:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/11/20 14:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/15 12:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/01/02 17:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/04/25 12:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 22:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/21 20:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/09/30 21:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/14 22:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\acccore
[2009/09/06 00:19:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Amazon
[2009/09/19 10:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\gtk-2.0
[2009/08/16 11:24:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Leadertech
[2009/07/14 22:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\MSNInstaller

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >



Extras:

OTL Extras logfile created on: 11/29/2009 10:56:45 PM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\AJB.RISSA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 420.83 Mb Available Physical Memory | 41.50% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 83.08% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 73.72 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.15 Gb Free Space | 9.89% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RISSA
Current User Name: AJB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AVG9Uninstall" = AVG Free 9.0
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PROSet" = Intel® PRO Network Connections Drivers
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2682602586-3902047396-2612792117-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



GMER:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-30 20:42:52
Windows 5.1.2600 Service Pack 3
Running: m2cbipg7.exe; Driver: C:\DOCUME~1\AJB~1.RIS\LOCALS~1\Temp\uxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SAS\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA494BDF0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 30 November 2009 - 10:02 PM

Please do this...

1. Download the file TDSSKiller.zip and extract it to your desktop.
2. Click start->run->copy-paste "%userprofile%desktop\TDSSKiller.exe" -l report.txt -v into the textbox and press enter.
3. Report.txt should be generated into same location with TDSSKiller.exe. Post contents of that report, please.

Still getting redirected?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users