Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run any spyware or adware programs [Solved]

Started by thndrlight , Apr 03 2009 11:22 AM

  • This topic is locked This topic is locked

#1
thndrlight
Posted 03 April 2009 - 11:22 AM

thndrlight

    New Member

  • Member
  • Pip
  • 8 posts
Thank you in advance for your help. Hopefully I have done everything correctly, if not let me know. I got tricked into downloading something from a friend, come to find out it wasn't even from him. Now my spybot won't run, firefox acts strangely, when I do searches it sometimes opens a new window with an odd result. I don't know what else is going on. It won't let me run the Malware program you guys have in the sticky thread. Here are my logs:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:14307 Mo/Free:1849 Mo)
D:\ [Fixed] - NTFS - (Total:95032 Mo/Free:2863 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Fixed] - NTFS - (Total:76316 Mo/Free:2498 Mo)
N:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Fri 04/03/2009|12:57

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\WINDOWS\system32\CTsvcCDA.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\WINDOWS\System32\ezSP_Px.exe
---------- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
---------- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
---------- C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
---------- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Logitech\MouseWare\system\em_exec.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
---------- C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Program Files\AVG\AVG8\aAvgApi.exe
---------- C:\Documents and Settings\Brandon\Desktop\mbam-setup.exe
---------- C:\Documents and Settings\Brandon\Desktop\alkjfasd.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Fri 04/03/2009|12:59

----------------------\\ Scan completed at 12:59




OTListIt logfile created on: 4/3/2009 1:07:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Brandon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 58.53% Memory free
2.11 Gb Paging File | 1.62 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.80 Gb Free Space | 12.91% Space Free | Partition Type: NTFS
Drive D: | 92.81 Gb Total Space | 2.80 Gb Free Space | 3.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.53 Gb Total Space | 2.44 Gb Free Space | 3.27% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-3253602F
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
PRC - C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks)
PRC - C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe (Visual Networks)
PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Logitech\MouseWare\system\em_exec.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\AVG\AVG8\aAvgApi.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Brandon\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Automatic LiveUpdate Scheduler [Auto | Stopped]) -- File not found
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Technology Ltd)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- File not found
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (pgsql-8.3 [Auto | Stopped]) -- D:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (SPTISRV [On_Demand | Stopped]) -- File not found
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (VAIOMediaPlatform-MusicServer-AppServer [On_Demand | Stopped]) -- File not found
SRV - (VAIOMediaPlatform-MusicServer-HTTP [On_Demand | Stopped]) -- File not found
SRV - (VAIOMediaPlatform-MusicServer-UPnP [On_Demand | Stopped]) -- File not found
SRV - (VAIOMediaPlatform-PhotoServer-AppServer [On_Demand | Stopped]) -- File not found
SRV - (VAIOMediaPlatform-PhotoServer-HTTP [On_Demand | Stopped]) -- File not found
SRV - (VAIOMediaPlatform-PhotoServer-UPnP [On_Demand | Stopped]) -- File not found
SRV - (VAIOMediaPlatform-VideoServer-AppServer [On_Demand | Stopped]) -- File not found
SRV - (VAIOMediaPlatform-VideoServer-HTTP [On_Demand | Stopped]) -- File not found
SRV - (VAIOMediaPlatform-VideoServer-UPnP [On_Demand | Stopped]) -- File not found
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Stopped]) -- C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (E1000 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EL90X [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xnd5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (L8042pr2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidFlt2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LMouFlt2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\npf.sys (Politecnico di Torino)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (PID_0928 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\OVCD.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smrt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smrt.sys (Sony Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (WinUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys (Microsoft Corporation)
DRV - (X4HSX32 [Auto | Running]) -- D:\Program Files\GameTap\bin\Release\X4HSX32.Sys (Exent Technologies Ltd.)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080710
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/14 18:06:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/11 09:29:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/03/11 09:29:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 23:59:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 11:54:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/19 10:33:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS

[2009/03/19 10:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon\Application Data\mozilla\Extensions
[2009/03/19 10:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/03 12:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon\Application Data\mozilla\Firefox\Profiles\bqx08dpl.default\extensions
[2009/03/20 21:02:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon\Application Data\mozilla\Firefox\Profiles\bqx08dpl.default\extensions\[email protected]
[2009/03/20 08:01:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 11:54:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/28 11:54:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 11:54:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (302562 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10430 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BlspcHlpr Class) - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll (AT&T Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" (Visual Networks)
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
O9 - Extra 'Tools' menuitem : UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
O9 - Extra Button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - D:\Program Files\MANSION\Villa\MANSION.exe (MANSION (Gibraltar) Limited)
O9 - Extra 'Tools' menuitem : MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - D:\Program Files\MANSION\Villa\MANSION.exe (MANSION (Gibraltar) Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1106666613914 (WUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/s...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab70018.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab60231.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} https://www4.lsac.or...iveX/ofmctl.cab (OmniForm Form Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.co...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/...sh.1.0.0.98.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTORUN.INF () - [ NTFS ]
O33 - MountPoints2\{5f35612c-0fae-11de-8984-000c6ea93822}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O33 - MountPoints2\{830cd36f-6386-11dd-bdbb-000c6ea93822}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\Brandon\Application Data\*.tmp files]
[2009/04/03 13:01:59 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Brandon\Desktop\OTListIt2.exe
[2009/04/03 12:57:33 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/03 12:57:29 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\Rooter.exe
[2009/04/03 12:54:12 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Brandon\Desktop\alkjfasd.exe
[2009/04/03 12:49:01 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Brandon\Desktop\lamweir.exe.exe
[2009/04/03 12:40:52 | 00,000,793 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\Spybot - Search & Destroy.lnk
[2009/04/03 08:33:44 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/03 08:33:42 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\frmwrk32.exe
[2009/04/03 08:33:29 | 00,027,136 | ---- | C] () -- C:\WINDOWS\ieocx.dll
[2009/04/02 10:51:53 | 08,653,312 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\Brayden Journal.doc
[2009/04/02 10:50:49 | 12,984,832 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\Gavin Journal.doc
[2009/04/02 10:45:08 | 16,100,10624 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/31 23:22:01 | 00,001,134 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\How_To_Make_A_Living_Playing_Poker_Online.4101982.TPB.torrent
[2009/03/29 20:34:23 | 00,198,157 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\Free Roll Win2.JPG
[2009/03/29 20:18:10 | 00,192,586 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\Free Roll Win.JPG
[2009/03/26 10:57:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\My Documents\dvd
[2009/03/25 23:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\Application Data\DVD Flick
[2009/03/24 15:54:28 | 00,039,075 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\medium_090324_new_lions_logo.jpg
[2009/03/21 00:09:03 | 00,000,681 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\DVD Flick.lnk
[2009/03/21 00:08:56 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2009/03/21 00:08:55 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2009/03/21 00:08:55 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2009/03/21 00:08:55 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2009/03/21 00:08:55 | 00,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2009/03/21 00:08:08 | 12,808,339 | ---- | C] (Dennis Meuwissen ) -- C:\DOCUME~1\Brandon\Desktop\dvdflick_setup_1.3.0.6.exe
[2009/03/20 12:59:26 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2009/03/20 12:59:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\My Documents\WDC
[2009/03/20 12:59:20 | 00,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/03/19 20:14:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/19 10:33:14 | 00,001,668 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Thunderbird.lnk
[2009/03/19 10:33:11 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/03/19 10:32:28 | 06,769,632 | ---- | C] (Mozilla) -- C:\DOCUME~1\Brandon\Desktop\Thunderbird Setup 2.0.0.21.exe
[2009/03/19 10:29:54 | 00,001,602 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/03/19 10:29:51 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/03/19 10:28:50 | 07,522,240 | ---- | C] (Mozilla) -- C:\Documents and Settings\Brandon\My Documents\Firefox Setup 3.0.7.exe
[2009/03/19 10:21:29 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Brandon\Desktop\Mail Folders
[2009/03/17 23:27:26 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\Bookmarks.doc
[2009/03/16 11:21:52 | 00,068,274 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\Bookmarks 2009-03-16.json
[2009/03/13 03:09:48 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/11 09:35:54 | 02,580,625 | ---- | C] () -- C:\DOCUME~1\Brandon\Desktop\boys.JPG
[2009/03/11 09:29:32 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/11 09:29:32 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/11 09:29:32 | 00,001,507 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/03/11 09:29:23 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/11 09:29:22 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/11 09:29:18 | 34,841,319 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/11 09:29:18 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/11 09:29:18 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/11 09:29:18 | 00,084,967 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/11 09:29:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/03/11 09:29:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\Application Data\AVGTOOLBAR
[2009/03/11 09:29:00 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/11 09:29:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/11 00:38:51 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2009/03/11 00:38:50 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2009/03/11 00:38:49 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2009/03/11 00:38:48 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2009/03/11 00:38:48 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2009/03/11 00:38:48 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2009/03/11 00:38:47 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2009/03/11 00:38:46 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2009/03/11 00:38:46 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2009/03/11 00:38:45 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2009/03/11 00:38:44 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2009/03/11 00:38:43 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2009/03/11 00:38:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/03/11 00:38:38 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/03/11 00:38:34 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/03/11 00:38:33 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/03/11 00:38:33 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2009/03/11 00:38:33 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2009/03/11 00:38:32 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/03/11 00:38:32 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2009/03/11 00:38:30 | 00,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2009/03/11 00:38:30 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2009/03/11 00:38:30 | 00,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2009/03/11 00:38:29 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2009/03/11 00:38:29 | 00,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2009/03/11 00:38:23 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2009/03/11 00:38:23 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2009/03/11 00:38:23 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2009/03/11 00:38:22 | 00,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2009/03/11 00:38:22 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2009/03/11 00:38:22 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2009/03/11 00:38:22 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2009/03/11 00:38:21 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2009/03/11 00:38:21 | 00,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2009/03/11 00:38:21 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2009/03/11 00:38:15 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2009/03/11 00:38:15 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2009/03/11 00:37:42 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2009/03/11 00:37:41 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2009/03/11 00:37:41 | 00,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2009/03/11 00:37:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2009/03/11 00:37:41 | 00,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2009/03/11 00:37:40 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2009/03/11 00:37:40 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2009/03/11 00:37:40 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2009/03/11 00:37:40 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2009/03/11 00:37:39 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2009/03/11 00:37:39 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2009/03/11 00:37:39 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2009/03/11 00:37:39 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2009/03/11 00:37:38 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2009/03/11 00:37:38 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2009/03/11 00:37:38 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2009/03/11 00:37:37 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2009/03/11 00:37:36 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/03/11 00:37:36 | 00,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2009/03/11 00:37:35 | 00,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2009/03/11 00:37:35 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2009/03/11 00:37:32 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2009/03/11 00:37:32 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2009/03/11 00:37:32 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2009/03/11 00:37:30 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2009/03/11 00:37:30 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2009/03/11 00:37:28 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2009/03/11 00:37:26 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/03/11 00:37:26 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/03/11 00:37:24 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/03/11 00:37:23 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/03/11 00:37:23 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2009/03/11 00:37:22 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2009/03/11 00:37:22 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2009/03/11 00:37:21 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2009/03/11 00:37:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/03/11 00:37:20 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2009/03/11 00:37:20 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2009/03/11 00:37:19 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2009/03/11 00:37:18 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2009/03/11 00:37:18 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/03/11 00:37:16 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/03/11 00:37:15 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2009/03/11 00:37:15 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2009/03/11 00:37:14 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2009/03/11 00:37:14 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2009/03/11 00:37:12 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2009/03/11 00:37:12 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/03/11 00:37:12 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/03/11 00:37:11 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/03/11 00:37:11 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2009/03/11 00:37:11 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2009/03/11 00:37:11 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/03/11 00:37:10 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2009/03/11 00:37:08 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2009/03/11 00:37:05 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2009/03/11 00:37:05 | 00,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2009/03/11 00:37:03 | 00,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2009/03/11 00:36:58 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2009/03/11 00:36:54 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2009/03/11 00:36:54 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/03/11 00:36:53 | 00,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2009/03/11 00:36:52 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2009/03/11 00:36:52 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2009/03/11 00:36:51 | 00,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2009/03/11 00:36:51 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2009/03/11 00:36:51 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2009/03/11 00:36:48 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2009/03/11 00:36:48 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2009/03/11 00:36:48 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2009/03/11 00:36:47 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2009/03/11 00:36:47 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2009/03/11 00:36:47 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2009/03/11 00:36:47 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2009/03/11 00:36:46 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2009/03/11 00:36:46 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2009/03/11 00:36:46 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2009/03/11 00:36:45 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2009/03/11 00:36:44 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2009/03/11 00:36:39 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2009/03/11 00:36:39 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2009/03/11 00:36:38 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2009/03/11 00:36:38 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2009/03/11 00:36:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2009/03/11 00:36:37 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2009/03/11 00:36:36 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2009/03/11 00:36:36 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2009/03/11 00:36:35 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2009/03/11 00:36:33 | 00,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2009/03/11 00:36:33 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2009/03/11 00:36:33 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2009/03/11 00:36:33 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2009/03/11 00:36:32 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2009/03/11 00:36:32 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2009/03/11 00:36:32 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2009/03/11 00:36:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2009/03/11 00:36:31 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2009/03/11 00:36:31 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2009/03/11 00:36:31 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2009/03/11 00:36:30 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2009/03/11 00:36:30 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2009/03/11 00:36:30 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2009/03/11 00:36:30 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2009/03/11 00:36:29 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009/03/11 00:36:27 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2009/03/11 00:36:26 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2009/03/11 00:36:26 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2009/03/11 00:36:26 | 00,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2009/03/11 00:36:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/03/11 00:36:25 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2009/03/11 00:36:23 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2009/03/11 00:36:22 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2009/03/11 00:36:21 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2009/03/11 00:36:20 | 00,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2009/03/11 00:36:20 | 00,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2009/03/11 00:36:20 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2009/03/11 00:36:19 | 00,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2009/03/11 00:36:19 | 00,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2009/03/11 00:36:19 | 00,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2009/03/11 00:36:18 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2009/03/11 00:36:17 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2009/03/11 00:36:15 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/03/11 00:36:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/03/11 00:36:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/03/11 00:36:15 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2009/03/11 00:36:14 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2009/03/11 00:36:14 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/03/11 00:36:13 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2009/03/11 00:36:13 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2009/03/11 00:36:13 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2009/03/11 00:36:12 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2009/03/11 00:36:11 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2009/03/11 00:36:11 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2009/03/11 00:36:10 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2009/03/11 00:36:10 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2009/03/11 00:36:09 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2009/03/11 00:36:08 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2009/03/11 00:36:08 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/03/11 00:36:08 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2009/03/11 00:36:07 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2009/03/11 00:36:06 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2009/03/11 00:36:06 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2009/03/11 00:36:05 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2009/03/11 00:36:05 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2009/03/11 00:36:05 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2009/03/11 00:36:04 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2009/03/11 00:36:04 | 00,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2009/03/11 00:36:03 | 00,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2009/03/11 00:36:03 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/03/11 00:36:02 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/03/11 00:36:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/03/11 00:36:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/03/11 00:36:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/03/11 00:36:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/03/11 00:36:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/03/11 00:35:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/03/11 00:35:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/03/11 00:35:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/03/11 00:35:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/03/11 00:35:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/03/11 00:35:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/03/11 00:35:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/03/11 00:35:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/03/11 00:35:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/03/11 00:35:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/03/11 00:35:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/03/11 00:35:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/03/11 00:35:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/03/11 00:35:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/03/11 00:35:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/03/11 00:35:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/03/11 00:35:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/03/11 00:35:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/03/11 00:35:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/03/11 00:35:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/03/11 00:35:54 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/03/11 00:35:54 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/03/11 00:35:54 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/03/11 00:35:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/03/11 00:35:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/03/11 00:35:53 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/03/11 00:35:53 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/03/11 00:35:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/03/11 00:35:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/03/11 00:35:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/03/11 00:35:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/03/11 00:35:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/03/11 00:35:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/03/11 00:35:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/03/11 00:35:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/03/11 00:35:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/03/11 00:35:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/03/11 00:35:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/03/11 00:35:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/03/11 00:35:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/03/11 00:35:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/03/11 00:35:49 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2009/03/11 00:35:47 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2009/03/11 00:35:47 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2009/03/11 00:35:47 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2009/03/11 00:35:47 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2009/03/11 00:35:46 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2009/03/11 00:35:46 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2009/03/11 00:35:46 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2009/03/11 00:35:45 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2009/03/11 00:35:45 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2009/03/11 00:35:44 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2009/03/11 00:35:44 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2009/03/11 00:35:44 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2009/03/11 00:35:43 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2009/03/11 00:35:43 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2009/03/11 00:35:43 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2009/03/11 00:35:42 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2009/03/11 00:35:42 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2009/03/11 00:35:42 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2009/03/11 00:35:41 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2009/03/11 00:35:41 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2009/03/11 00:35:40 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2009/03/11 00:35:39 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2009/03/11 00:35:38 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2009/03/11 00:35:38 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2009/03/11 00:35:37 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2009/03/11 00:35:37 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2009/03/11 00:35:37 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2009/03/11 00:35:36 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2009/03/11 00:35:36 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2009/03/11 00:35:35 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2009/03/11 00:35:35 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2009/03/11 00:35:33 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2009/03/11 00:35:33 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2009/03/11 00:35:33 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2009/03/11 00:35:32 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2009/03/11 00:35:32 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2009/03/11 00:35:32 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2009/03/11 00:35:32 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2009/03/11 00:35:31 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2009/03/11 00:35:30 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2009/03/11 00:35:29 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2009/03/11 00:35:28 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2009/03/11 00:35:25 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2009/03/11 00:35:25 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2009/03/11 00:35:24 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2009/03/11 00:35:24 | 00,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2009/03/11 00:35:23 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/03/11 00:35:22 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2009/03/11 00:35:22 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2009/03/11 00:35:21 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2009/03/11 00:35:20 | 00,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2009/03/11 00:35:20 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2009/03/11 00:35:19 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2009/03/11 00:35:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2009/03/11 00:35:14 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2009/03/11 00:35:14 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/03/11 00:35:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/03/11 00:35:13 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/03/11 00:35:13 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/03/11 00:35:13 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/03/11 00:35:12 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/03/11 00:35:12 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/03/11 00:35:12 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2009/03/11 00:35:11 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/03/11 00:35:11 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/03/11 00:35:10 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2009/03/11 00:35:09 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/03/11 00:35:09 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2009/03/11 00:35:09 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009/03/11 00:35:08 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/03/11 00:35:08 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/03/11 00:35:08 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/03/11 00:35:07 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2009/03/11 00:34:54 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2009/03/10 23:04:28 | 00,010,828 | -H-- | C] () -- C:\WINDOWS\System32\WeHelp.GID
[2009/03/10 22:34:47 | 00,011,117 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/09 12:35:13 | 00,210,472 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\Insurance cards.pdf
[2009/03/09 12:29:37 | 00,184,438 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\Progressive Ins.pdf
[2009/03/09 08:42:00 | 00,641,536 | ---- | C] () -- C:\WINDOWS\System32\WeUninstall.exe
[2009/03/09 08:42:00 | 00,015,277 | ---- | C] () -- C:\WINDOWS\System32\logout.wav
[2009/03/09 08:42:00 | 00,012,085 | ---- | C] () -- C:\WINDOWS\System32\login.wav
[2009/03/09 08:42:00 | 00,010,769 | ---- | C] () -- C:\WINDOWS\System32\Uhoh.wav
[2009/03/09 08:42:00 | 00,000,052 | ---- | C] () -- C:\WINDOWS\System32\nwt.sys
[2009/03/08 19:26:53 | 00,009,062 | ---- | C] () -- C:\WINDOWS\System32\small1.ico
[2009/03/08 19:26:53 | 00,009,062 | ---- | C] () -- C:\WINDOWS\System32\small.ico
[2009/03/08 19:26:50 | 00,001,457 | ---- | C] () -- C:\WINDOWS\AC6A35BD-5292-43f6-B548-5FE3C42C144C.bat
[2009/03/08 19:26:29 | 00,000,000 | ---D | C] -- C:\Program Files\ATT Internet Tools
[2009/03/08 01:49:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/08 01:49:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Brandon\Application Data\*.tmp files]
[2009/04/03 13:01:59 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Brandon\Desktop\OTListIt2.exe
[2009/04/03 12:57:29 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\Rooter.exe
[2009/04/03 12:54:12 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Brandon\Desktop\alkjfasd.exe
[2009/04/03 12:49:05 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Brandon\Desktop\lamweir.exe.exe
[2009/04/03 12:40:52 | 00,000,793 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\Spybot - Search & Destroy.lnk
[2009/04/03 12:19:34 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/03 12:18:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/03 12:18:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/03 12:18:51 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/03 12:05:26 | 34,841,319 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/03 12:05:26 | 00,084,967 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/03 11:54:50 | 00,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2880515504-1118440951-1555953511-1005.job
[2009/04/03 08:40:59 | 00,050,078 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/03 08:33:44 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/03 08:33:41 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\frmwrk32.exe
[2009/04/03 08:33:29 | 00,027,136 | ---- | M] () -- C:\WINDOWS\ieocx.dll
[2009/04/02 20:53:10 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\My Sharing Folders.lnk
[2009/04/02 11:10:15 | 00,043,008 | -HS- | M] () -- C:\DOCUME~1\Brandon\Desktop\Thumbs.db
[2009/04/02 10:51:54 | 08,653,312 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\Brayden Journal.doc
[2009/04/02 10:50:52 | 12,984,832 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\Gavin Journal.doc
[2009/04/01 15:11:14 | 00,068,096 | ---- | M] () -- C:\Documents and Settings\Brandon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 23:22:01 | 00,001,134 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\How_To_Make_A_Living_Playing_Poker_Online.4101982.TPB.torrent
[2009/03/30 21:38:18 | 00,002,260 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\Google Chrome.lnk
[2009/03/30 13:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/29 20:34:24 | 00,198,157 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\Free Roll Win2.JPG
[2009/03/29 20:18:10 | 00,192,586 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\Free Roll Win.JPG
[2009/03/28 09:56:57 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/24 15:54:28 | 00,039,075 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\medium_090324_new_lions_logo.jpg
[2009/03/21 00:09:03 | 00,000,681 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\DVD Flick.lnk
[2009/03/21 00:08:27 | 12,808,339 | ---- | M] (Dennis Meuwissen ) -- C:\DOCUME~1\Brandon\Desktop\dvdflick_setup_1.3.0.6.exe
[2009/03/20 13:25:41 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/20 12:59:20 | 00,020,992 | ---- | M] () -- C:\WINDOWS\jestertb.dll
[2009/03/19 10:33:14 | 00,001,668 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Thunderbird.lnk
[2009/03/19 10:32:38 | 06,769,632 | ---- | M] (Mozilla) -- C:\DOCUME~1\Brandon\Desktop\Thunderbird Setup 2.0.0.21.exe
[2009/03/19 10:29:54 | 00,001,602 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/03/19 10:28:50 | 07,522,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Brandon\My Documents\Firefox Setup 3.0.7.exe
[2009/03/17 23:27:27 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\Bookmarks.doc
[2009/03/16 11:21:53 | 00,068,274 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\Bookmarks 2009-03-16.json
[2009/03/12 03:14:51 | 00,180,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 09:35:55 | 02,580,625 | ---- | M] () -- C:\DOCUME~1\Brandon\Desktop\boys.JPG
[2009/03/11 09:29:32 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/11 09:29:32 | 00,001,507 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/03/11 09:29:23 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/11 09:29:22 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/11 09:29:18 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/11 09:29:18 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/10 23:04:39 | 00,010,828 | -H-- | M] () -- C:\WINDOWS\System32\WeHelp.GID
[2009/03/10 22:44:18 | 00,011,117 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/10 13:34:09 | 00,302,562 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/09 12:35:13 | 00,210,472 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\Insurance cards.pdf
[2009/03/09 12:29:37 | 00,184,438 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\Progressive Ins.pdf
[2009/03/08 20:15:53 | 00,001,457 | ---- | M] () -- C:\WINDOWS\AC6A35BD-5292-43f6-B548-5FE3C42C144C.bat
[2009/03/08 19:36:02 | 00,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 19:36:02 | 00,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 19:36:01 | 00,464,684 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 19:26:53 | 00,009,062 | ---- | M] () -- C:\WINDOWS\System32\small1.ico
[2009/03/08 19:26:53 | 00,009,062 | ---- | M] () -- C:\WINDOWS\System32\small.ico
[2009/03/08 01:49:51 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
< End of report >


Extras

OTListIt Extras logfile created on: 4/3/2009 1:07:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Brandon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 58.53% Memory free
2.11 Gb Paging File | 1.62 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.80 Gb Free Space | 12.91% Space Free | Partition Type: NTFS
Drive D: | 92.81 Gb Total Space | 2.80 Gb Free Space | 3.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.53 Gb Total Space | 2.44 Gb Free Space | 3.27% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-3253602F
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\support.com\client\bin\tgcmd.exe:*:Disabled:tgcmd Module (Support.com, Inc.)
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
D:\The All-Seeing Eye\eye.exe:*:Enabled:The All-Seeing Eye (Yahoo! Inc.)
D:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead (Electronic Arts Inc.)
D:\Program Files\Gunbound\GunBound\GunBound.gme:*:Enabled:GunBound File not found
D:\Program Files\firefox.exe:*:Enabled:Firefox File not found
D:\Program Files\Gunbound\GunBound\gunbound.exe:*:Enabled:GunBound Startup Application File not found
D:\Program Files\Avid\Avid Free DV\AvidFreeDV.exe:*:Enabled:Avid Editor File not found
D:\Program Files\PartyPoker\PartyPoker.exe:*:Enabled:PartyPoker File not found
D:\Program Files\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP File not found
D:\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server ()
C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui File not found
D:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe:*:Enabled:BfVietnam File not found
D:\Gunbound\GunboundWC\GunBound.gme:*:Enabled:GunBound File not found
D:\Program Files\softnyx\Rakion\Bin\Rakion.bin:*:Enabled:Rakion File not found
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour File not found
C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player File not found
C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary File not found
C:\Program Files\Yahoo!\browser\ycommon.exe:*:Disabled:YCommon Exe Module (Yahoo!, Inc.)
C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary File not found
C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® (Microsoft Corporation)
D:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire (Xfire Inc.)
D:\Program Files\MAIET\Gunz\Gunz.exe:*:Enabled:Gunz File not found
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary File not found
C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
D:\Program Files\LucasArts\SWKotOR\swupdate.exe:*:Enabled:Star Wars: Knights of the old Republic Update Program File not found
C:\Program Files\SunPoker.com\UA.exe:*:Enabled:UA Application File not found
D:\Program Files\iTunes\iTunes\iTunes.exe:*:Enabled:iTunes File not found
D:\Program Files\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound (Softnyx)
D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 ()
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Java\jre1.5.0_08\bin\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary File not found
D:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe File not found
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe File not found
D:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations (Big Huge Games, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
D:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET File not found
D:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations (Big Huge Games, Inc.)
J:\Program Files\PokerOffice\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary File not found
D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
J:\Bit Torrent Downloads\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent File not found
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath (Skype Technologies S.A.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC)" = Visual IP InSight(SBC)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2
"{1DBB465A-5DFC-4E3A-9A8A-15612D2386F0}" = Turbo Tax Offer
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993}" = Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36373CE1-6999-11D5-96DC-98302790D441}" = Bob the Builder
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3B124151-B6A0-492C-8838-0854B800535D}" = Creative MuVo NX-TX
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{598C4070-36FF-47A4-BF4E-F001F94451B8}" = ProntoEdit NG Setup Support
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.21
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.6.00
"{72067503-A483-43BD-8238-CA34FDE5CB15}" = MANSION
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.4.04
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{838E187D-8B7A-473D-B93C-C8E970B15D2B}" = psqlODBC
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}" = GameTime+
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = The Sims Makin' Magic
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A13560B2-32D2-4F21-8EE4-DE10F85111CB}" = OmniForm Filler 5.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B252ADE8-8F39-4CBD-89CB-5919008754FE}" = VC User CRT71 RTL X86 ---
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2E6EB42-B04D-4F63-853F-8016BF71B25A}" = VC User MFC71 RTL X86 ---
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"AC3Filter" = AC3Filter (remove only)
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 2.6.2
"Apex IV ™ Pro - v3.3" = Apex IV ™ Pro - v3.3
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"AVG8Uninstall" = AVG 8.5
"Azureus" = Azureus
"BitTornado" = BitTornado 0.3.7
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Cucusoft DVD to Zune + Zune Video Converter Suite_is1" = Cucusoft DVD to Zune + Zune Video Converter Suite 6.2.5.16
"DVD Burning Xpress" = DVD Burning Xpress 3.30
"DVD Flick_is1" = DVD Flick 1.3.0.6
"DVD Profiler_is1" = DVD Profiler Version 2.3.1
"ESPN_is1" = ESPN Version 2.0.6.80
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GameSpy Arcade" = GameSpy Arcade
"GunboundWC_is1" = GunboundWC
"Handbrake" = Handbrake 0.9.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"hp instant support" = hp instant support
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"hp psc 1200 series_Driver" = hp psc 1200 series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"IrfanView" = IrfanView (remove only)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MoodLogic" = MoodLogic
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MuVo Driver" = MuVo Driver
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-03-18-01
"OpenMG HotFix3.2-03-04-14-02" = OpenMG Limited Patch 3.2-03-04-14-02
"PC_Drummer_Trial_500" = PC Drummer Trial Edition 5.03
"Poker Tracker Version 2.16.02b_is1" = Poker Tracker Version 2.16.02b
"Poker Tracker Version 2.17.02_is1" = Poker Tracker Version 2.17.02
"PokerAce Hud" = PokerAce Hud (remove only)
"PokerOffice" = PokerOffice (remove only)
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PokerTracker3" = PokerTracker 3 (remove only)
"ProntoEdit NG" = ProntoEdit NG
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"SBC.MCCInstall" = AT&T Self Support Tool
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Softnyx Launcher_is1" = Softnyx Launcher
"SpongeBob Diner Dash" = SpongeBob Diner Dash (remove only)
"SysInfo" = Creative System Information
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"The Tournament Director" = The Tournament Director
"The Tournament Director 2.0" = The Tournament Director 2
"UltimateBet" = UltimateBet
"VAIO Support" = VAIO Support
"Vodei Multimedia Processor" = Vodei Multimedia Processor 1.06
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 2.3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xfire" = Xfire (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Applications" = AT&T Yahoo! Applications
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2009 9:35:18 AM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 4/3/2009 9:48:34 AM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 4/3/2009 10:00:25 AM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 4/3/2009 10:19:03 AM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 4/3/2009 10:44:27 AM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 4/3/2009 10:54:58 AM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 4/3/2009 11:06:17 AM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 4/3/2009 12:22:14 PM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application postgres.exe, version 8.3.4.8262, faulting module
msvcr80.dll, version 8.0.50727.1433, fault address 0x000324cb.

Error - 4/3/2009 12:38:19 PM | Computer Name = VALUED-3253602F | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/3/2009 12:38:29 PM | Computer Name = VALUED-3253602F | Source = SDWinSec.exe | ID = 0
Description =

[ System Events ]
Error - 4/3/2009 11:03:43 AM | Computer Name = VALUED-3253602F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 4/3/2009 11:03:45 AM | Computer Name = VALUED-3253602F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 4/3/2009 11:03:46 AM | Computer Name = VALUED-3253602F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 4/3/2009 12:04:35 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 4/3/2009 12:20:19 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 4/3/2009 12:21:40 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/3/2009 12:55:22 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7031
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 4/3/2009 12:55:46 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7031
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 4/3/2009 12:56:03 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7034
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 3 time(s).

Error - 4/3/2009 12:56:11 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.


< End of report >



I hope this can be fixed. Thanks again! Thndrlight
  • 0

Advertisements

#2
Jimmy2012
Posted 08 April 2009 - 12:18 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello thndrlight and welcome to Geeks to go. :)
Sorry about the delay.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • 0

#3
thndrlight
Posted 08 April 2009 - 06:57 PM

thndrlight

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for your help, I was getting ready to wipe it clean before your post!

ComboFix 09-04-04.01 - Brandon 2009-04-08 20:40:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1102 [GMT -4:00]
Running from: c:\documents and settings\Brandon\Desktop\thndrlifix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Brandon\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Brandon\LOCALS~1\Temp\tmp2.tmp
c:\windows\jestertb.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\UACjdliyndo.sys
c:\windows\system32\packet.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkmkjapim.dat
c:\windows\system32\UAClsenpehb.log
c:\windows\system32\UAClyuqhpvf.dll
c:\windows\system32\UACmqruskjk.dll
c:\windows\system32\UACneebdstf.log
c:\windows\system32\UACocxebcsx.dll
c:\windows\system32\UACtfebhqjl.dll
c:\windows\system32\UACtlgukpyo.dll
c:\windows\system32\UACxnpktabo.log
c:\windows\system32\uniq.tll
c:\windows\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-08 16:19 . 2009-04-08 16:19 <DIR> d-------- c:\documents and settings\Brayden\Application Data\AVGTOOLBAR
2009-04-07 11:38 . 2009-04-07 11:38 244 --ah-c--- C:\sqmnoopt16.sqm
2009-04-07 11:38 . 2009-04-07 11:38 232 --ah-c--- C:\sqmdata16.sqm
2009-04-07 08:43 . 2009-04-07 08:43 244 --ah-c--- C:\sqmnoopt15.sqm
2009-04-07 08:43 . 2009-04-07 08:43 232 --ah-c--- C:\sqmdata15.sqm
2009-04-07 08:42 . 2009-04-07 08:42 244 --ah-c--- C:\sqmnoopt14.sqm
2009-04-07 08:42 . 2009-04-07 08:42 232 --ah-c--- C:\sqmdata14.sqm
2009-04-06 21:49 . 2009-04-06 21:49 244 --ah-c--- C:\sqmnoopt13.sqm
2009-04-06 21:49 . 2009-04-06 21:49 244 --ah-c--- C:\sqmnoopt12.sqm
2009-04-06 21:49 . 2009-04-06 21:49 232 --ah-c--- C:\sqmdata13.sqm
2009-04-06 21:49 . 2009-04-06 21:49 232 --ah-c--- C:\sqmdata12.sqm
2009-04-06 13:10 . 2009-04-06 13:10 244 --ah-c--- C:\sqmnoopt11.sqm
2009-04-06 13:10 . 2009-04-06 13:10 244 --ah-c--- C:\sqmnoopt10.sqm
2009-04-06 13:10 . 2009-04-06 13:10 232 --ah-c--- C:\sqmdata11.sqm
2009-04-06 13:10 . 2009-04-06 13:10 232 --ah-c--- C:\sqmdata10.sqm
2009-04-06 11:35 . 2009-04-06 11:35 244 --ah-c--- C:\sqmnoopt09.sqm
2009-04-06 11:35 . 2009-04-06 11:35 244 --ah-c--- C:\sqmnoopt08.sqm
2009-04-06 11:35 . 2009-04-06 11:35 244 --ah-c--- C:\sqmnoopt07.sqm
2009-04-06 11:35 . 2009-04-06 11:35 232 --ah-c--- C:\sqmdata09.sqm
2009-04-06 11:35 . 2009-04-06 11:35 232 --ah-c--- C:\sqmdata08.sqm
2009-04-06 11:35 . 2009-04-06 11:35 232 --ah-c--- C:\sqmdata07.sqm
2009-04-06 10:02 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-04-06 10:02 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-04-06 08:51 . 2009-04-06 08:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-04-06 08:51 . 2009-04-06 08:51 <DIR> d-------- c:\documents and settings\Brandon\Application Data\SUPERAntiSpyware.com
2009-04-03 12:57 . 2009-04-03 12:59 <DIR> d----c--- C:\Rooter$
2009-03-25 23:46 . 2009-03-26 16:37 <DIR> d-------- c:\documents and settings\Brandon\Application Data\DVD Flick
2009-03-21 00:08 . 2004-03-08 23:00 212,240 --a------ c:\windows\system32\richtx32.ocx
2009-03-21 00:08 . 1998-06-23 23:00 164,144 --a------ c:\windows\system32\comct232.ocx
2009-03-21 00:08 . 2003-01-26 12:41 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2009-03-21 00:08 . 2007-08-31 17:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2009-03-21 00:08 . 2008-08-31 12:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2009-03-20 12:59 . 2009-03-20 12:59 <DIR> d-------- c:\program files\Western Digital Corporation
2009-03-19 20:14 . 2009-03-19 20:14 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-19 10:33 . 2009-04-08 20:29 <DIR> d-------- c:\program files\Mozilla Thunderbird
2009-03-13 03:09 . 2009-04-08 03:10 <DIR> d--h-c--- C:\$AVG8.VAULT$
2009-03-11 09:29 . 2009-04-08 18:11 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-11 09:29 . 2009-03-11 09:29 <DIR> d-------- c:\program files\AVG
2009-03-11 09:29 . 2009-04-06 11:45 <DIR> d-------- c:\documents and settings\Brandon\Application Data\AVGTOOLBAR
2009-03-11 09:29 . 2009-03-11 09:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-11 09:29 . 2009-03-11 09:29 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-11 09:29 . 2009-03-28 09:56 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-11 09:29 . 2009-03-11 09:29 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-11 00:37 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-11 00:36 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-11 00:35 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-11 00:34 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-10 23:04 . 2009-03-10 23:04 10,828 --ah----- c:\windows\system32\WeHelp.GID
2009-03-09 09:30 . 2009-03-09 09:30 <DIR> d-------- c:\documents and settings\Brayden\Application Data\Thunderbird
2009-03-09 08:42 . 2006-04-02 21:44 641,536 --a------ c:\windows\system32\WeUninstall.exe
2009-03-09 08:42 . 2001-01-18 11:14 15,277 --a------ c:\windows\system32\logout.wav
2009-03-09 08:42 . 2001-01-18 11:14 12,085 --a------ c:\windows\system32\login.wav
2009-03-09 08:42 . 1999-07-09 23:29 10,769 --a------ c:\windows\system32\Uhoh.wav
2009-03-09 08:42 . 1999-05-07 23:13 52 --a------ c:\windows\system32\nwt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 12:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-04 03:22 --------- d-----w c:\program files\Absolute Poker
2009-04-03 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-03 16:39 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-01 04:47 --------- d-----w c:\program files\PokerStars
2009-04-01 03:25 --------- d-----w c:\documents and settings\Brandon\Application Data\Azureus
2009-03-26 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-26 03:46 --------- d-----w c:\program files\Hewlett-Packard
2009-03-21 01:05 --------- d-----w c:\documents and settings\Brandon\Application Data\Move Networks
2009-03-11 03:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-11 03:46 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-11 02:44 --------- d-----w c:\program files\Yahoo!
2009-03-11 02:44 --------- d-----w c:\program files\Symantec
2009-03-09 00:15 --------- d-----w c:\program files\ATT Internet Tools
2009-03-08 23:23 --------- d-----w c:\documents and settings\Brayden\Application Data\Yahoo!
2009-03-06 13:38 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 04:19 --------- d-----w c:\documents and settings\Brandon\Application Data\uTorrent
2008-09-30 01:35 43,936 -c--a-w c:\documents and settings\Brandon\Application Data\GDIPFONTCACHEV1.DAT
2007-11-24 19:10 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-04-29 12:38 501 -c-ha-w c:\documents and settings\Jenny\hpothb07.dat
2007-03-21 14:38 300,680 -c----w c:\documents and settings\All Users\Application Data\arclib.dll
2006-08-20 02:21 164 -c-ha-w c:\documents and settings\All Users\hpothb07.dat
2006-06-27 02:35 42,040 -c--a-w c:\documents and settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2008-08-05 20:11 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-11 1932568]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-11 09:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 0f5b

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 16:07 133104 c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-09 16:29 7561216 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 16:48 21760296 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-11-10 13:23 157312 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"d:\\The All-Seeing Eye\\eye.exe"=
"d:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"d:\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-11 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-11 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-11 298264]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;d:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\Brandon\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\Brandon\LOCALS~1\Temp\cdiskdun.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f35612c-0fae-11de-8984-000c6ea93822}]
\Shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830cd36f-6386-11dd-bdbb-000c6ea93822}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2880515504-1118440951-1555953511-1005.job
- c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 16:07]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: {{CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - d:\program files\MANSION\Villa\MANSION.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bqx08dpl.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bqx08dpl.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 20:50:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2880515504-1118440951-1555953511-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5b,09,07,ab,aa,3c,4b,12,9b,85,63,1c,ad,df,f4,1b,92,f4,4f,c7,a2,33,a1,
4a,44,cf,1d,e4,03,33,27,b1,6d,55,5a,80,8d,36,b5,97,16,bf,41,ef,f0,43,bd,8c,\
"??"=hex:a7,61,de,94,5e,f2,50,12,a5,16,3a,99,8c,2d,cb,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\ZuneBusEnum.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-04-08 20:54:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 00:54:46

Pre-Run: 1,686,597,632 bytes free
Post-Run: 1,723,969,536 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

302 --- E O F --- 2009-03-26 07:00:46
  • 0

#4
Jimmy2012
Posted 08 April 2009 - 10:51 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello thndrlight,


  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\system32\WeUninstall.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.





1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\docume~1\Brandon\LOCALS~1\Temp\cdiskdun.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f35612c-0fae-11de-8984-000c6ea93822}]

Driver::
cdiskdun

SysRst::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following reports into your next reply:
  • Combofix.txt
  • The VirScan log.

  • 0

#5
thndrlight
Posted 09 April 2009 - 07:16 PM

thndrlight

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 09-04-04.01 - Brandon 2009-04-09 20:46:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.827 [GMT -4:00]
Running from: c:\documents and settings\Brandon\Desktop\thndrlifix.exe
Command switches used :: c:\documents and settings\Brandon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\docume~1\Brandon\LOCALS~1\Temp\cdiskdun.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDISKDUN
-------\Service_cdiskdun


((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-09 20:44 . 2006-03-03 00:42 73,728 --a--c--- C:\pv.exe
2009-04-08 16:19 . 2009-04-08 16:19 <DIR> d-------- c:\documents and settings\Brayden\Application Data\AVGTOOLBAR
2009-04-07 11:38 . 2009-04-07 11:38 244 --ah-c--- C:\sqmnoopt16.sqm
2009-04-07 11:38 . 2009-04-07 11:38 232 --ah-c--- C:\sqmdata16.sqm
2009-04-07 08:43 . 2009-04-07 08:43 244 --ah-c--- C:\sqmnoopt15.sqm
2009-04-07 08:43 . 2009-04-07 08:43 232 --ah-c--- C:\sqmdata15.sqm
2009-04-07 08:42 . 2009-04-07 08:42 244 --ah-c--- C:\sqmnoopt14.sqm
2009-04-07 08:42 . 2009-04-07 08:42 232 --ah-c--- C:\sqmdata14.sqm
2009-04-06 21:49 . 2009-04-06 21:49 244 --ah-c--- C:\sqmnoopt13.sqm
2009-04-06 21:49 . 2009-04-06 21:49 244 --ah-c--- C:\sqmnoopt12.sqm
2009-04-06 21:49 . 2009-04-06 21:49 232 --ah-c--- C:\sqmdata13.sqm
2009-04-06 21:49 . 2009-04-06 21:49 232 --ah-c--- C:\sqmdata12.sqm
2009-04-06 13:10 . 2009-04-06 13:10 244 --ah-c--- C:\sqmnoopt11.sqm
2009-04-06 13:10 . 2009-04-06 13:10 244 --ah-c--- C:\sqmnoopt10.sqm
2009-04-06 13:10 . 2009-04-06 13:10 232 --ah-c--- C:\sqmdata11.sqm
2009-04-06 13:10 . 2009-04-06 13:10 232 --ah-c--- C:\sqmdata10.sqm
2009-04-06 11:35 . 2009-04-06 11:35 244 --ah-c--- C:\sqmnoopt09.sqm
2009-04-06 11:35 . 2009-04-06 11:35 244 --ah-c--- C:\sqmnoopt08.sqm
2009-04-06 11:35 . 2009-04-06 11:35 244 --ah-c--- C:\sqmnoopt07.sqm
2009-04-06 11:35 . 2009-04-06 11:35 232 --ah-c--- C:\sqmdata09.sqm
2009-04-06 11:35 . 2009-04-06 11:35 232 --ah-c--- C:\sqmdata08.sqm
2009-04-06 11:35 . 2009-04-06 11:35 232 --ah-c--- C:\sqmdata07.sqm
2009-04-06 10:02 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-04-06 10:02 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-04-06 08:51 . 2009-04-06 08:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-04-06 08:51 . 2009-04-06 08:51 <DIR> d-------- c:\documents and settings\Brandon\Application Data\SUPERAntiSpyware.com
2009-04-03 12:57 . 2009-04-03 12:59 <DIR> d----c--- C:\Rooter$
2009-03-25 23:46 . 2009-03-26 16:37 <DIR> d-------- c:\documents and settings\Brandon\Application Data\DVD Flick
2009-03-21 00:08 . 2004-03-08 23:00 212,240 --a------ c:\windows\system32\richtx32.ocx
2009-03-21 00:08 . 1998-06-23 23:00 164,144 --a------ c:\windows\system32\comct232.ocx
2009-03-21 00:08 . 2003-01-26 12:41 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2009-03-21 00:08 . 2007-08-31 17:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2009-03-21 00:08 . 2008-08-31 12:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2009-03-20 12:59 . 2009-03-20 12:59 <DIR> d-------- c:\program files\Western Digital Corporation
2009-03-19 20:14 . 2009-03-19 20:14 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-19 10:33 . 2009-04-09 19:59 <DIR> d-------- c:\program files\Mozilla Thunderbird
2009-03-13 03:09 . 2009-04-09 03:30 <DIR> d--h-c--- C:\$AVG8.VAULT$
2009-03-11 09:29 . 2009-04-09 18:34 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-11 09:29 . 2009-03-11 09:29 <DIR> d-------- c:\program files\AVG
2009-03-11 09:29 . 2009-04-06 11:45 <DIR> d-------- c:\documents and settings\Brandon\Application Data\AVGTOOLBAR
2009-03-11 09:29 . 2009-03-11 09:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-11 09:29 . 2009-03-11 09:29 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-11 09:29 . 2009-03-28 09:56 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-11 09:29 . 2009-03-11 09:29 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-11 00:37 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-11 00:36 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-11 00:35 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-11 00:34 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-10 23:04 . 2009-03-10 23:04 10,828 --ah----- c:\windows\system32\WeHelp.GID

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 12:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-04 03:22 --------- d-----w c:\program files\Absolute Poker
2009-04-03 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-03 16:39 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-01 04:47 --------- d-----w c:\program files\PokerStars
2009-04-01 03:25 --------- d-----w c:\documents and settings\Brandon\Application Data\Azureus
2009-03-26 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-26 03:46 --------- d-----w c:\program files\Hewlett-Packard
2009-03-21 01:05 --------- d-----w c:\documents and settings\Brandon\Application Data\Move Networks
2009-03-11 03:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-11 03:46 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-11 02:44 --------- d-----w c:\program files\Yahoo!
2009-03-11 02:44 --------- d-----w c:\program files\Symantec
2009-03-09 13:30 --------- d-----w c:\documents and settings\Brayden\Application Data\Thunderbird
2009-03-09 00:15 --------- d-----w c:\program files\ATT Internet Tools
2009-03-08 23:23 --------- d-----w c:\documents and settings\Brayden\Application Data\Yahoo!
2009-03-06 13:38 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 04:19 --------- d-----w c:\documents and settings\Brandon\Application Data\uTorrent
2008-09-30 01:35 43,936 -c--a-w c:\documents and settings\Brandon\Application Data\GDIPFONTCACHEV1.DAT
2007-11-24 19:10 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-04-29 12:38 501 -c-ha-w c:\documents and settings\Jenny\hpothb07.dat
2007-03-21 14:38 300,680 -c----w c:\documents and settings\All Users\Application Data\arclib.dll
2006-08-20 02:21 164 -c-ha-w c:\documents and settings\All Users\hpothb07.dat
2006-06-27 02:35 42,040 -c--a-w c:\documents and settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2008-08-05 20:11 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_20.52.35.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-10 00:52:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_730.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-11 1932568]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-11 09:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 0f5b

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 16:07 133104 c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-09 16:29 7561216 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 16:48 21760296 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-11-10 13:23 157312 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"d:\\The All-Seeing Eye\\eye.exe"=
"d:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"d:\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-11 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-11 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-11 298264]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;d:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830cd36f-6386-11dd-bdbb-000c6ea93822}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2880515504-1118440951-1555953511-1005.job
- c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 16:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: {{CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - d:\program files\MANSION\Villa\MANSION.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bqx08dpl.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\bqx08dpl.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 20:57:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2880515504-1118440951-1555953511-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5b,09,07,ab,aa,3c,4b,12,9b,85,63,1c,ad,df,f4,1b,92,f4,4f,c7,a2,33,a1,
4a,44,cf,1d,e4,03,33,27,b1,6d,55,5a,80,8d,36,b5,97,16,bf,41,ef,f0,43,bd,8c,\
"??"=hex:a7,61,de,94,5e,f2,50,12,a5,16,3a,99,8c,2d,cb,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\ZuneBusEnum.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
d:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-04-09 21:03:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-10 01:03:08
ComboFix2.txt 2009-04-09 00:54:54

Pre-Run: 1,600,442,368 bytes free
Post-Run: 1,642,373,120 bytes free

275 --- E O F --- 2009-03-26 07:00:46





VirSCAN.org Scanned Report :
Scanned time : 2009/04/09 20:37:19 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : WeUninstall.exe
File Size : 641536 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 967c4e9dca79e89e7a6c1f1a7bfaed64
SHA1 : 43f9eb38b7e5a63bf4e8be75318a93ecbfe7587f
Online report : http://virscan.org/r...4269a0d7ca.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090409194450 2009-04-09 1.91 -
AhnLab V3 2009.04.10.01 2009.04.10 2009-04-10 0.64 -
AntiVir 7.9.0.138 7.1.3.40 2009-04-09 1.99 -
Antiy 2.0.18 20090409.2288078 2009-04-09 0.12 -
Authentium 5.1.1 200904092036 2009-04-09 5.40 -
AVAST! 3.0.1 090409-0 2009-04-09 0.04 -
AVG 7.5.52.442 270.11.50/2051 2009-04-09 2.04 -
BitDefender 7.81008.2845856 7.24699 2009-04-10 2.71 -
CA (VET) 9.0.0.143 31.6.6448 2009-04-10 5.38 -
ClamAV 0.95 9218 2009-04-09 0.12 -
Comodo 3.8 1107 2009-04-09 0.55 -
CP Secure 1.1.0.715 2009.04.09 2009-04-09 8.11 -
Dr.Web 4.44.0.9170 2009.04.09 2009-04-09 4.46 -
F-Prot 4.4.4.56 20090409 2009-04-09 5.08 -
F-Secure 5.51.6100 2009.04.09.16 2009-04-09 0.78 -
Fortinet 2.81-3.117 10.266 2009-04-09 0.27 -
GData 19.4497/19.294 20090409 2009-04-09 4.20 -
ViRobot 20090409 2009.04.09 2009-04-09 0.44 -
Ikarus T3.1.01.49 2009.04.09.72554 2009-04-09 2.99 -
JiangMin 11.0.706 2009.04.09 2009-04-09 1.81 -
Kaspersky 5.5.10 2009.04.09 2009-04-09 0.12 -
KingSoft 2009.2.5.15 2009.4.9.21 2009-04-09 0.64 -
McAfee 5.3.00 5579 2009-04-09 2.76 -
Microsoft 1.4502 2009.04.09 2009-04-09 4.76 -
mks_vir 2.01 2009.04.09 2009-04-09 2.79 -
Norman 6.00.06 6.00.00 2009-04-03 10.01 -
Panda 9.05.01 2009.04.09 2009-04-09 1.76 -
Trend Micro 8.700-1004 5.956.14 2009-04-09 0.04 -
Quick Heal 10.00 2009.04.09 2009-04-09 1.58 -
Rising 20.0 21.23.40.00 2009-04-03 1.33 -
Sophos 2.85.0 4.40 2009-04-10 2.15 -
Sunbelt 5083 5083 2009-04-08 0.84 -
Symantec 1.3.0.24 20090409.004 2009-04-09 0.09 -
nProtect 20090409.02 3453499 2009-04-09 6.63 -
The Hacker 6.3.4.0 v00305 2009-04-09 0.61 -
VBA32 3.12.10.2 20090408.1215 2009-04-08 2.02 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 2.11 -
  • 0

#6
Jimmy2012
Posted 09 April 2009 - 11:28 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello thndrlight,

  • Please open OTListIt2.exe
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Files
C:\pv.exe

:Commands
[purity]
[emptytemp]
[reboot]
  • Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste.
  • Click the Run Fix button.
  • Let the program run until it is finished, reboot when it is done.
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#7
thndrlight
Posted 10 April 2009 - 05:55 PM

thndrlight

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for all your help!

========== FILES ==========
C:\pv.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Brandon\Local Settings\temp\~DFF66C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brandon\Local Settings\temp\~DFF677.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\4NI0LEOR\iframe[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\4CQ8S6XQ\Can-t-run-any-spyware-adware-programs-t234392[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_730.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.9.1 log created on 04102009_192058

Files moved on Reboot...
File C:\Documents and Settings\Brandon\Local Settings\temp\~DFF66C.tmp not found!
File C:\Documents and Settings\Brandon\Local Settings\temp\~DFF677.tmp not found!
C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\4NI0LEOR\iframe[2].htm moved successfully.
C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\4CQ8S6XQ\Can-t-run-any-spyware-adware-programs-t234392[2].htm moved successfully.
C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_730.dat not found!

Registry entries deleted on Reboot...
  • 0

#8
Jimmy2012
Posted 10 April 2009 - 11:47 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello thndrlight,
No problem. :)



  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.








Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log
  • 0

#9
thndrlight
Posted 12 April 2009 - 08:27 PM

thndrlight

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I am away on work for a few days. Please don't close this thread as I want to complete this and am grateful for all your help!
  • 0

#10
Jimmy2012
Posted 13 April 2009 - 11:03 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Ok, no problem. :)
  • 0

#11
thndrlight
Posted 15 April 2009 - 11:21 AM

thndrlight

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.36
Database version: 1986
Windows 5.1.2600 Service Pack 3

4/15/2009 8:39:02 AM
mbam-log-2009-04-15 (08-39-02).txt

Scan type: Quick Scan
Objects scanned: 94092
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ieocxapp.ieocx.1 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, April 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 15, 2009 14:23:56
Records in database: 2047148
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
U:\

Scan statistics:
Files scanned: 164643
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:04:49


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACjdliyndo.sys.vir Infected: Rootkit.Win32.Agent.iuq 1

The selected area was scanned.
  • 0

#12
Jimmy2012
Posted 16 April 2009 - 07:38 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello thndrlight,

How is your computer running now?
  • 0

#13
thndrlight
Posted 16 April 2009 - 09:14 AM

thndrlight

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It sure seems to be running fine! Thank you so much for your help. Is there anything I should do to help prevent this in the future? I use the AVG program as well as Spybot, Ad Aware and Crap Cleaner. Again, thank you!
  • 0

#14
Jimmy2012
Posted 16 April 2009 - 10:05 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello thndrlight,

Is there anything I should do to help prevent this in the future?

Keep your programs up to date and be safe online, watch what you download and what sites you go to.


Your logs look clean. :)
Just a few more things to do.





Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.








Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image









Please download OTCleanIt and save it to your Desktop.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button to begin removing tools used to clean your computer
  • If you are prompted to Reboot during the cleanup, please select Yes

Please remove any leftover tools used to clean your computer.









The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to help remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • 0

#15
Jimmy2012
Posted 23 April 2009 - 12:31 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP