Google Redirect virus firefox too [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Google Redirect virus firefox too [Solved] avg will not update,google -yahoo redirectHH

#1 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 05 April 2009 - 03:04 AM

Hi all and thank you for considering this call for help. The first sign i had a problem was when avg would not up date ,kept coming back with a connection problem (can not connect). then when i tried to go to the avg site it took 3 attempts to get there, so i tried other sites the same .I then watched what was going on and noticed it came up with redirect while processing the http address. I have tried to do the steps but malwarebytes keep coming back with link broke.I hope i have this right and the too los appear.

Dashound
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:55419 Mo/Free:266 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)

Sun 05/04/2009|17:44

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\ATK0100\Hcontrol.exe
---------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
---------- C:\Program Files\D-Link\D-Link Wireless G DWA-610\AirGCFG.exe
---------- C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
---------- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
---------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
---------- C:\WINDOWS\ATK0100\ATKOSD.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.7,85.255.112.88
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.141,85.255.112.91
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.7,85.255.112.88
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{1B5079F6-5596-4378-8E60-EC0359A034A6}]
NameServer REG_SZ 85.255.112.7,85.255.112.88
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{1B5079F6-5596-4378-8E60-EC0359A034A6}]
DhcpNameServer REG_SZ 85.255.112.7,85.255.112.88
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{64F958F0-2EB0-48FD-B287-ACAA05B31361}]
NameServer REG_SZ 85.255.112.7,85.255.112.88
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{1B5079F6-5596-4378-8E60-EC0359A034A6}]
NameServer REG_SZ 85.255.112.141,85.255.112.91
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{1B5079F6-5596-4378-8E60-EC0359A034A6}]
DhcpNameServer REG_SZ 85.255.112.141,85.255.112.91
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{64F958F0-2EB0-48FD-B287-ACAA05B31361}]
NameServer REG_SZ 85.255.112.141,85.255.112.91
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{1B5079F6-5596-4378-8E60-EC0359A034A6}]
NameServer REG_SZ 85.255.112.7,85.255.112.88
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{1B5079F6-5596-4378-8E60-EC0359A034A6}]
DhcpNameServer REG_SZ 85.255.112.7,85.255.112.88
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{64F958F0-2EB0-48FD-B287-ACAA05B31361}]
NameServer REG_SZ 85.255.112.7,85.255.112.88
==> WAREOUT <==

----------------------\\ ROOTKIT !!

1 - "C:\Rooter$\Rooter_1.txt" - Sun 05/04/2009|17:44

OTListIt logfile created on: 5/04/2009 6:10:18 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.36 Mb Total Physical Memory | 446.22 Mb Available Physical Memory | 43.60% Memory free
2.41 Gb Paging File | 1.87 Gb Available in Paging File | 77.68% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.12 Gb Total Space | 24.23 Gb Free Space | 44.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARRY-C4C82B6A2
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\ATK0100\Hcontrol.exe ()
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Program Files\D-Link\D-Link Wireless G DWA-610\AirGCFG.exe (D-Link)
PRC - C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ANIWZCSdService [Auto | Stopped]) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe ()
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (KodakCCS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AIRPLUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\airplus.sys (D-Link)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\system32\ANIO.SYS (Alpha Networks Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DcCam [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\system32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ATKACPI.sys ()
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090404.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090404.003\NAVEX15.SYS (Symantec Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT61 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RT61.sys (Ralink Technology Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090325.001\SymIDSco.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (USB28xxBGA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emOEM.sys (eMPIA Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (WBMS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\WBMS.SYS (Winbond Electronics Corp.)
DRV - (WBSD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\WBSD.SYS (Winbond Electronics Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/homepage/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bigpond.com/homepage/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/10 16:28:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/02 17:45:50 | 00,000,000 | ---D | M]

[2009/03/10 16:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\mozilla\Extensions
[2009/03/10 16:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/10 16:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\mozilla\Firefox\Profiles\vpsaqcc1.default\extensions
[2009/03/10 16:27:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/10 16:27:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/20 11:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/20 11:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/20 05:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/20 05:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/20 05:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/20 05:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/20 05:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/20 05:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/20 05:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll (Symantec Corporation)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-610] C:\Program Files\D-Link\D-Link Wireless G DWA-610\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\Barry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1220154335877 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.195,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{1B5079F6-5596-4378-8E60-EC0359A034A6}\\NameServer = 85.255.112.195,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{64F958F0-2EB0-48FD-B287-ACAA05B31361}\\NameServer = 85.255.112.195,85.255.112.14
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf () - [ NTFS ]
O33 - MountPoints2\{07eaee53-7062-11dd-a90e-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{07eaee53-7062-11dd-a90e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07eaee53-7062-11dd-a90e-806d6172696f}\Shell\Open\command - "" = C:\RECYCLER\S-5-3-70-100013111-100032333-100022375-6765.com -- File not found
O33 - MountPoints2\{137e9bb0-150d-11de-b43d-00112fa609ef}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/04/05 17:50:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/05 17:45:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\My Documents\Logs
[2009/04/05 17:44:04 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/05 17:00:11 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Barry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/05 17:00:01 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\NTREGOPT.lnk
[2009/04/05 17:00:01 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\ERUNT.lnk
[2009/04/05 17:00:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/05 15:49:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/04 16:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/03 21:41:08 | 00,023,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\COH_Mon.sys
[2009/04/03 21:41:08 | 00,010,537 | ---- | C] () -- C:\WINDOWS\System32\drivers\COH_Mon.cat
[2009/04/03 21:41:08 | 00,000,706 | ---- | C] () -- C:\WINDOWS\System32\drivers\COH_Mon.inf
[2009/04/03 21:34:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\Symantec
[2009/04/03 20:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Symantec
[2009/04/03 20:18:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/03 18:52:51 | 00,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[2009/04/03 18:49:02 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009/04/03 18:48:00 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/03 18:48:00 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/03 18:48:00 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/04/03 18:48:00 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/04/03 18:47:33 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/04/03 18:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/04/03 18:47:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/03 18:47:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/04/02 19:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\MMToolz
[2009/04/02 17:09:00 | 00,001,469 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\DivX Movies.lnk
[2009/04/02 16:38:44 | 00,000,409 | RHS- | C] () -- C:\autorun.inf
[2009/04/02 16:38:29 | 00,000,000 | ---D | C] -- C:\Program Files\DVDextraPL
[2009/04/02 16:36:40 | 00,153,301 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\Windows.Media.Player.License.exe
[2009/04/02 16:30:46 | 00,000,000 | ---D | C] -- C:\New Folder
[2009/04/01 13:49:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/28 11:37:38 | 03,212,799 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\DSL-G604T_ADSL2+_Manual_v1.00.pdf
[2009/03/25 07:31:07 | 00,138,106 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\irf5305.pdf
[2009/03/24 10:37:22 | 00,038,400 | R--- | C] () -- C:\WINDOWS\System32\GsiDi32.dll
[2009/03/23 17:41:51 | 00,000,663 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Easy Video Joiner.lnk
[2009/03/23 17:41:49 | 00,000,000 | ---D | C] -- C:\Program Files\Easy Video Joiner
[2009/03/23 17:37:34 | 00,000,000 | ---D | C] -- C:\Program Files\Filesweb
[2009/03/23 16:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/03/23 16:36:16 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\PDVD_MediaDisc.PlayList
[2009/03/23 10:33:04 | 00,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB69E7DB-A7F2-4E71-A13E-963DA731AC53}.job
[2009/03/23 10:26:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/23 10:22:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/23 10:20:10 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/22 16:11:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2009/03/22 16:11:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2009/03/22 16:04:42 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/03/22 16:03:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/03/22 15:55:59 | 00,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2009/03/22 15:55:59 | 00,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/03/21 21:09:17 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\NewzToolz.lnk
[2009/03/21 21:09:15 | 00,000,000 | ---D | C] -- C:\Program Files\NewzToolz
[2009/03/21 19:52:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\NewzToolz-EZ
[2009/03/21 19:19:27 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\AusLogics Disk Defrag.lnk
[2009/03/21 19:19:26 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/03/19 14:10:10 | 02,590,134 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\AZDEN_PCS-2000_user.pdf
[2009/03/18 16:01:01 | 00,000,000 | ---D | C] -- C:\Pokemon
[2009/03/18 15:54:31 | 00,000,000 | ---D | C] -- C:\PVC Output
[2009/03/14 14:06:59 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/13 21:11:11 | 12,341,641 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\AutoGordianKnot.2.55.Setup.exe
[2009/03/10 16:28:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/10 16:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Local Settings\Application Data\Mozilla
[2009/03/10 16:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\Mozilla
[2009/03/10 16:27:41 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/10 16:27:37 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/03/08 14:22:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/02/07 19:12:11 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/07 16:08:29 | 00,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 13:41:56 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/20 12:45:35 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Barry.ini
[2008/09/30 19:13:24 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/06 13:13:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/08/24 06:57:56 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/23 02:45:04 | 00,405,596 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/08/23 02:45:03 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/22 17:45:20 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/08/22 17:35:27 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/08/22 17:29:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/08/22 17:26:56 | 00,005,786 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2008/08/22 17:26:30 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2008/08/22 17:18:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/08/22 17:15:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/08/22 17:15:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/08/22 17:14:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/08/22 17:14:17 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/08/22 17:13:32 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/08/22 17:13:31 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/08/04 10:56:46 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2004/08/04 10:56:46 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/04 10:56:46 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/08/04 10:56:46 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2004/08/04 10:56:46 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/04 10:56:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/08/04 10:56:44 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/08/04 10:56:44 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/04 10:56:44 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/04 10:56:44 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/04 10:56:44 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/04 10:56:42 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/04 10:56:42 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/04 10:56:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/04 10:56:14 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/03 22:46:56 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/03 22:45:16 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/03 22:45:16 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/03 22:45:14 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/03 22:45:12 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/03 22:45:10 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/07/17 11:46:14 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/07/17 11:34:48 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/03/24 17:16:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/13 21:40:42 | 01,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2002/12/20 15:11:10 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2002/10/16 08:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 22:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001/08/23 22:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001/08/23 22:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001/08/23 22:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001/08/23 22:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001/08/23 22:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001/08/23 22:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001/08/23 22:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001/08/23 22:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001/08/23 22:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001/08/23 22:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001/08/23 22:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001/08/23 22:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001/08/23 22:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001/08/23 22:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001/08/23 22:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 22:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001/08/23 22:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001/08/23 22:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001/08/23 22:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001/08/23 22:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001/08/23 22:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001/08/23 22:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001/08/23 22:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001/08/23 22:00:00 | 00,000,542 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 22:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001/08/23 22:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/18 08:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/05 18:11:48 | 00,000,409 | RHS- | M] () -- C:\autorun.inf
[2009/04/05 17:51:11 | 00,763,904 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/05 17:51:11 | 00,558,080 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/05 17:50:20 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{64F958F0-2EB0-48FD-B287-ACAA05B31361}
[2009/04/05 17:50:11 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/04/05 17:49:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/05 17:48:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/05 17:48:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/05 17:22:16 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB69E7DB-A7F2-4E71-A13E-963DA731AC53}.job
[2009/04/05 17:00:11 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Barry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/05 17:00:01 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\NTREGOPT.lnk
[2009/04/05 17:00:01 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\ERUNT.lnk
[2009/04/04 20:07:00 | 01,577,878 | -H-- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\IconCache.db
[2009/04/03 21:21:15 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/03 21:21:15 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/03 21:21:15 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/04/03 21:21:15 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/04/03 18:52:51 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[2009/04/02 19:56:04 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 17:09:01 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\DivX Movies.lnk
[2009/04/02 16:36:47 | 00,153,301 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\Windows.Media.Player.License.exe
[2009/04/01 20:56:33 | 00,198,656 | ---- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 13:49:51 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\CCleaner.lnk
[2009/03/28 11:37:38 | 03,212,799 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\DSL-G604T_ADSL2+_Manual_v1.00.pdf
[2009/03/25 07:31:07 | 00,138,106 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\irf5305.pdf
[2009/03/23 17:41:51 | 00,000,663 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Easy Video Joiner.lnk
[2009/03/23 16:36:16 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\PDVD_MediaDisc.PlayList
[2009/03/23 10:28:31 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Barry\My Documents\desktop.ini
[2009/03/22 16:17:43 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/03/22 16:17:43 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2009/03/22 16:07:13 | 00,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/22 16:07:13 | 00,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/22 16:07:12 | 00,405,596 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/21 21:09:17 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\NewzToolz.lnk
[2009/03/21 19:19:27 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\AusLogics Disk Defrag.lnk
[2009/03/19 14:10:10 | 02,590,134 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\AZDEN_PCS-2000_user.pdf
[2009/03/18 19:37:31 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\AutoGK.ini
[2009/03/14 14:06:59 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/13 21:11:11 | 12,341,641 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\AutoGordianKnot.2.55.Setup.exe
[2009/03/12 11:42:16 | 00,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 16:28:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/03/10 16:27:41 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/03/08 04:35:10 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/03/08 04:34:48 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/03/08 04:33:48 | 00,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/03/08 04:32:52 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/03/08 04:24:28 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/03/08 04:22:46 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2009/03/08 04:15:06 | 00,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
< End of report >

Attached File(s)

Rooter.txt (4.3K)
Number of downloads: 75
OTListIt.Txt (102.79K)
Number of downloads: 124

#2 Essexboy

Group: GeekU Moderator
Posts: 55,558
Joined: 31-May 06

Posted 05 April 2009 - 07:15 AM

Hi there lets try this quick fix. I notice you still have Norton on your system - do you use it anymore ?

Run OTList2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.195,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{1B5079F6-5596-4378-8E60-EC0359A034A6}\\NameServer = 85.255.112.195,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{64F958F0-2EB0-48FD-B287-ACAA05B31361}\\NameServer = 85.255.112.195,85.255.112.14
O33 - MountPoints2\{07eaee53-7062-11dd-a90e-806d6172696f}\Shell\Open\command - "" = C:\RECYCLER\S-5-3-70-100013111-100032333-100022375-6765.com -- File not found

:Files
C:\WINDOWS\System32\JJAKEn.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

#3 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 06 April 2009 - 12:35 AM

Thank you for the reply and so fast, i have managed to cpoy the scrip and run OTList2 and now with luck the new log .========== OTLISTIT ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1B5079F6-5596-4378-8E60-EC0359A034A6}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{64F958F0-2EB0-48FD-B287-ACAA05B31361}\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07eaee53-7062-11dd-a90e-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07eaee53-7062-11dd-a90e-806d6172696f}\ not found.
File C:\RECYCLER\S-5-3-70-100013111-100032333-100022375-6765.com not found.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\System32\JJAKEn.dll
C:\WINDOWS\System32\JJAKEn.dll NOT unregistered.
C:\WINDOWS\System32\JJAKEn.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\me_8rg7zv06kUBu9jE scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\me_nnTlMUGQ9O9rb6C scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\me_R4BZeTLKlOTzAiq scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\me_VfVMpPyU8rGjZ6C scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\me_Y4vx4C7o9bx6CUa scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\tmp26.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\tmp27.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\~DFAA3B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\~DFAA40.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\~DFAA9B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\~DFAAA0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\~DFAAE9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temp\~DFAAEE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\Content.IE5\FLTS9ABF\Google-Redirect-virus-firefox-too-t234579[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\Content.IE5\FLTS9ABF\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET322F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET3384.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.11.0 log created on 04062009_154627

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\Documents and Settings\Barry\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\Barry\Local Settings\Temp\IadHide5.dll NOT unregistered.
C:\Documents and Settings\Barry\Local Settings\Temp\IadHide5.dll moved successfully.
File C:\Documents and Settings\Barry\Local Settings\Temp\me_8rg7zv06kUBu9jE not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\me_nnTlMUGQ9O9rb6C not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\me_R4BZeTLKlOTzAiq not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\me_VfVMpPyU8rGjZ6C not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\me_Y4vx4C7o9bx6CUa not found!
C:\Documents and Settings\Barry\Local Settings\Temp\tmp26.tmp moved successfully.
C:\Documents and Settings\Barry\Local Settings\Temp\tmp27.tmp moved successfully.
File C:\Documents and Settings\Barry\Local Settings\Temp\~DFAA3B.tmp not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\~DFAA40.tmp not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\~DFAA9B.tmp not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\~DFAAA0.tmp not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\~DFAAE9.tmp not found!
File C:\Documents and Settings\Barry\Local Settings\Temp\~DFAAEE.tmp not found!
File C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\Content.IE5\FLTS9ABF\Google-Redirect-virus-firefox-too-t234579[2].htm not found!
File C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\Content.IE5\FLTS9ABF\iframe[1].htm not found!
C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\JET322F.tmp not found!
File C:\WINDOWS\temp\JET3384.tmp not found!

Registry entries deleted on Reboot...

I hope this is right
Dashound

#4 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 06 April 2009 - 03:36 AM

Essexboy hi, just to let you know i have hit a snag. The Malwarebytes will not run,i have tried it 6 times. I downloaded it from both sites incase it was correcpt from one . I run the install ,get to the finish and wait but it does not bring up the program,i waited up to 1 hr. I tried to open it manualy but no good,is there another program we can try.

Dashound

#5 Essexboy

Group: GeekU Moderator
Posts: 55,558
Joined: 31-May 06

Posted 06 April 2009 - 12:26 PM

Are you still having re-directs ?

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a OTListit log so we can continue cleaning the system.

#6 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 06 April 2009 - 05:39 PM

No i do not think so,i get sent to a blank google page. As for nortons 360 it was only a trial and was a pain had to remove it. Now not running a anti virus program. Willtry to reload avg also i do not think windows is able to update.
the lists below i hope. Dashound.ComboFix 09-04-04.01 - Barry 2009-04-07 9:19:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.801 [GMT 10:00]
Running from: c:\documents and settings\Barry\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\docume~1\Barry\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Barry\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Barry\Application Data\inst.exe
c:\recycler\S-2-0-75-100012528-100013536-100026970-9569.com
c:\windows\emMON.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxilrrovmktkkdabwrqppjqatotxjixwip.sys
c:\windows\system32\drivers\gaopdxltewbaqgvpwcirrsipjbuwqbdhesdruk.sys
c:\windows\system32\drivers\gaopdxqmlmsrswffiaxwprqhyiyupyyjkltepp.sys
c:\windows\system32\drivers\gaopdxqqfooqvxewmettpujyfjrapakpnxlsvr.sys
c:\windows\system32\drivers\gaopdxtiltivalboscmqltfaqpqjovnrjxdorj.sys
c:\windows\system32\drivers\gaopdxujxtliqpxjdapamyxympmyltpiyrssfv.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxjenbmuwyktltnwnlqgojnsodudisfydg.dll

----- BITS: Possible infected sites -----

hxxp://webstore.loadit.com.au
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-06 19:10 . 2009-04-06 19:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:10 . 2009-04-06 19:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-06 19:10 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:10 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-06 15:46 . 2009-04-06 15:46 <DIR> d-------- C:\_OTListIt
2009-04-05 18:23 . 2009-04-05 18:23 <DIR> d-------- C:\New Folder (2)
2009-04-05 17:44 . 2009-04-05 17:44 <DIR> d-------- C:\Rooter$
2009-04-05 17:00 . 2009-04-05 17:00 <DIR> d-------- c:\program files\ERUNT
2009-04-04 16:54 . 2009-04-04 16:54 <DIR> d-------- c:\program files\Trend Micro
2009-04-03 21:41 . 2008-07-30 17:42 23,888 --a------ c:\windows\system32\drivers\COH_Mon.sys
2009-04-03 21:41 . 2008-07-30 17:28 10,537 --a------ c:\windows\system32\drivers\COH_Mon.cat
2009-04-03 21:41 . 2008-07-30 17:28 706 --a------ c:\windows\system32\drivers\COH_Mon.inf
2009-04-03 21:34 . 2009-04-03 21:34 <DIR> d-------- c:\documents and settings\Barry\Application Data\Symantec
2009-04-03 20:18 . 2009-04-03 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-04-03 18:54 . 2009-04-03 18:54 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-04-03 18:49 . 2009-04-07 09:03 <DIR> d-------- c:\program files\Norton 360
2009-04-03 18:48 . 2009-04-03 21:21 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-03 18:48 . 2009-04-03 21:21 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-04-03 18:48 . 2009-04-03 21:21 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-03 18:48 . 2009-04-03 21:21 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-04-03 18:47 . 2009-04-03 21:21 <DIR> d-------- c:\program files\Symantec
2009-04-03 18:47 . 2009-04-07 09:04 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-04-03 18:47 . 2009-04-07 09:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-04-02 19:52 . 2009-04-02 19:52 <DIR> d-------- c:\program files\MMToolz
2009-04-02 17:09 . 2009-02-25 05:35 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-04-02 17:09 . 2009-02-25 05:35 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-04-02 16:38 . 2009-04-02 16:38 <DIR> d-------- c:\program files\DVDextraPL
2009-04-02 16:30 . 2009-04-05 18:26 <DIR> d-------- C:\Logs
2009-04-01 13:49 . 2009-04-01 13:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-24 10:37 . 2005-01-21 18:04 38,400 -ra------ c:\windows\system32\GsiDi32.dll
2009-03-23 17:41 . 2009-03-23 17:41 <DIR> d-------- c:\program files\Easy Video Joiner
2009-03-23 17:37 . 2009-03-23 17:37 <DIR> d-------- c:\program files\Filesweb
2009-03-23 16:49 . 2009-04-02 17:09 <DIR> d-------- c:\program files\Common Files\DivX Shared
2009-03-23 10:33 . 2009-03-23 10:33 <DIR> d--hs---- c:\documents and settings\Barry\IECompatCache
2009-03-23 10:31 . 2009-03-23 10:31 <DIR> d--hs---- c:\documents and settings\Barry\PrivacIE
2009-03-23 10:28 . 2009-03-23 10:28 <DIR> d--hs---- c:\documents and settings\Barry\IETldCache
2009-03-23 10:26 . 2009-03-23 10:26 <DIR> d-------- c:\windows\ie8updates
2009-03-23 10:22 . 2009-03-23 10:24 <DIR> d--h-c--- c:\windows\ie8
2009-03-23 10:20 . 2009-02-28 14:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-22 16:11 . 2009-03-22 16:11 <DIR> d-------- c:\windows\Performance
2009-03-22 16:11 . 2009-03-22 17:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-03-22 15:55 . 2009-03-22 16:17 1,908 --a------ c:\windows\diagwrn.xml
2009-03-22 15:55 . 2009-03-22 16:17 1,908 --a------ c:\windows\diagerr.xml
2009-03-21 21:09 . 2009-03-21 21:09 <DIR> d-------- c:\program files\NewzToolz
2009-03-21 19:52 . 2009-03-21 20:09 <DIR> d-------- c:\documents and settings\Barry\Application Data\NewzToolz-EZ
2009-03-21 19:19 . 2009-03-21 19:19 <DIR> d-------- c:\program files\Auslogics
2009-03-18 16:01 . 2009-03-18 16:36 <DIR> d-------- C:\Pokemon
2009-03-18 15:54 . 2009-03-18 16:35 <DIR> d-------- C:\PVC Output
2009-03-10 16:28 . 2009-03-10 16:28 0 --a------ c:\windows\nsreg.dat
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 06:18 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-02 08:46 --------- d-----w c:\program files\DivX
2009-04-02 07:14 --------- d-----w c:\program files\Total Video Converter
2009-04-01 09:22 --------- d-----w c:\documents and settings\Barry\Application Data\GrabIt
2009-04-01 03:49 --------- d-----w c:\program files\Yahoo!
2009-03-26 04:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 07:12 --------- d-----w c:\documents and settings\Barry\Application Data\NewzToolz
2009-03-22 07:55 --------- d-----w c:\program files\NCH Software
2009-03-18 06:31 --------- d-----w c:\documents and settings\Barry\Application Data\dvdcss
2009-03-14 04:06 --------- d-----w c:\program files\Common Files\Adobe
2009-03-07 18:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-07 18:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 18:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-07 18:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 18:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-07 18:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 18:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 18:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-07 18:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 18:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-02 03:50 --------- d-----w c:\documents and settings\Barry\Application Data\MMToolz
2009-03-02 03:47 --------- d-----w c:\program files\JLC's Software
2009-03-02 03:24 --------- d-----w c:\documents and settings\Barry\Application Data\JLC's Software
2009-03-01 07:55 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2009-02-26 03:08 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 19:35 129,784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:34 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 684,032 ----a-w c:\windows\system32\DivX.dll
2009-02-20 02:51 --------- d-----w c:\program files\Intuwave Ltd
2009-02-20 02:49 --------- d-----w c:\program files\LG PC Suite
2009-02-18 21:43 --------- d-----w c:\documents and settings\Barry\Application Data\LG Electronics
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 09:11 --------- d-----w c:\program files\ASUS
2009-01-27 01:34 90,112 ----a-w c:\windows\system32\dpl100.dll
2009-01-07 08:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 08:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 08:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 08:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 08:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2008-09-12 04:06 47,360 ----a-w c:\documents and settings\Barry\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2004-01-19 65536]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2003-12-02 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 618496]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-610"="c:\program files\D-Link\D-Link Wireless G DWA-610\AirGCFG.exe" [2007-05-04 1662976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ATIModeChange"="Ati2mdxx.exe" [2004-03-24 c:\windows\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-01-30 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Barry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 151552]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-03 101936]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;c:\windows\system32\drivers\wbms.sys [2009-02-07 35328]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [2009-02-07 26240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{137e9bb0-150d-11de-b43d-00112fa609ef}]
\Shell\AutoRun\command - E:\WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-04-06 c:\windows\Tasks\User_Feed_Synchronization-{BB69E7DB-A7F2-4E71-A13E-963DA731AC53}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/homepage/
FF - ProfilePath - c:\documents and settings\Barry\Application Data\Mozilla\Firefox\Profiles\vpsaqcc1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bigpond.com/homepage/
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 09:21:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-07 9:23:25
ComboFix-quarantined-files.txt 2009-04-06 23:23:16

Pre-Run: 26,143,027,200 bytes free
Post-Run: 26,132,271,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

234 --- E O F --- 2009-03-21 10:55:38

OTListIt logfile created on: 7/04/2009 9:24:30 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.36 Mb Total Physical Memory | 744.81 Mb Available Physical Memory | 72.78% Memory free
2.41 Gb Paging File | 2.26 Gb Available in Paging File | 93.97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.12 Gb Total Space | 24.37 Gb Free Space | 45.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARRY-C4C82B6A2
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ANIWZCSdService [Auto | Start_Pending]) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (KodakCCS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AIRPLUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\airplus.sys (D-Link)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\system32\ANIO.SYS (Alpha Networks Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (DcCam [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\system32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ATKACPI.sys ()
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090406.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090406.003\NAVEX15.SYS (Symantec Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT61 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RT61.sys (Ralink Technology Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (SRTSP [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (USB28xxBGA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emOEM.sys (eMPIA Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (WBMS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\WBMS.SYS (Winbond Electronics Corp.)
DRV - (WBSD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\WBSD.SYS (Winbond Electronics Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/homepage/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bigpond.com/homepage/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/10 16:28:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/02 17:45:50 | 00,000,000 | ---D | M]

[2009/03/10 16:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\mozilla\Extensions
[2009/03/10 16:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/10 16:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\mozilla\Firefox\Profiles\vpsaqcc1.default\extensions
[2009/03/10 16:27:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/10 16:27:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/20 11:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/20 11:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/20 05:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/20 05:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/20 05:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/20 05:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/20 05:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/20 05:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/20 05:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-610] C:\Program Files\D-Link\D-Link Wireless G DWA-610\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\Barry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1220154335877 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{137e9bb0-150d-11de-b43d-00112fa609ef}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/04/07 09:23:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/04/07 09:10:16 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/07 09:10:12 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/07 09:10:11 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/07 09:08:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/07 09:08:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/07 09:08:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/07 09:08:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/07 09:08:18 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/04/07 09:08:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/07 09:08:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/07 09:08:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/04/07 09:08:18 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/07 09:03:28 | 00,003,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/04/07 07:44:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/07 07:42:54 | 03,067,803 | R--- | C] () -- C:\Documents and Settings\Barry\Desktop\Combo-Fix.exe
[2009/04/06 19:10:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 19:10:38 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/06 19:10:35 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 19:10:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/06 19:10:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/06 15:46:27 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/05 18:23:54 | 00,000,000 | ---D | C] -- C:\New Folder (2)
[2009/04/05 17:50:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/05 17:45:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\My Documents\Logs
[2009/04/05 17:44:04 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/05 17:00:11 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Barry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/05 17:00:01 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\NTREGOPT.lnk
[2009/04/05 17:00:01 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\ERUNT.lnk
[2009/04/05 17:00:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/05 15:49:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/04 16:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/03 21:41:08 | 00,023,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\COH_Mon.sys
[2009/04/03 21:41:08 | 00,010,537 | ---- | C] () -- C:\WINDOWS\System32\drivers\COH_Mon.cat
[2009/04/03 21:41:08 | 00,000,706 | ---- | C] () -- C:\WINDOWS\System32\drivers\COH_Mon.inf
[2009/04/03 21:34:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\Symantec
[2009/04/03 20:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Symantec
[2009/04/03 20:18:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/03 18:49:02 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009/04/03 18:48:00 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/03 18:48:00 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/03 18:48:00 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/04/03 18:48:00 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/04/03 18:47:33 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/04/03 18:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/04/03 18:47:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/03 18:47:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/04/02 19:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\MMToolz
[2009/04/02 17:09:00 | 00,001,469 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\DivX Movies.lnk
[2009/04/02 16:38:29 | 00,000,000 | ---D | C] -- C:\Program Files\DVDextraPL
[2009/04/02 16:36:40 | 00,153,301 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\Windows.Media.Player.License.exe
[2009/04/02 16:30:46 | 00,000,000 | ---D | C] -- C:\Logs
[2009/04/01 13:49:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/28 11:37:38 | 03,212,799 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\DSL-G604T_ADSL2+_Manual_v1.00.pdf
[2009/03/25 07:31:07 | 00,138,106 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\irf5305.pdf
[2009/03/24 10:37:22 | 00,038,400 | R--- | C] () -- C:\WINDOWS\System32\GsiDi32.dll
[2009/03/23 17:41:51 | 00,000,663 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Easy Video Joiner.lnk
[2009/03/23 17:41:49 | 00,000,000 | ---D | C] -- C:\Program Files\Easy Video Joiner
[2009/03/23 17:37:34 | 00,000,000 | ---D | C] -- C:\Program Files\Filesweb
[2009/03/23 16:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/03/23 16:36:16 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\PDVD_MediaDisc.PlayList
[2009/03/23 10:33:04 | 00,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB69E7DB-A7F2-4E71-A13E-963DA731AC53}.job
[2009/03/23 10:26:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/23 10:22:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/23 10:20:10 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/22 16:11:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2009/03/22 16:11:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2009/03/22 16:04:42 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/03/22 16:03:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/03/22 15:55:59 | 00,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2009/03/22 15:55:59 | 00,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/03/21 21:09:17 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\NewzToolz.lnk
[2009/03/21 21:09:15 | 00,000,000 | ---D | C] -- C:\Program Files\NewzToolz
[2009/03/21 19:52:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\NewzToolz-EZ
[2009/03/21 19:19:27 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\AusLogics Disk Defrag.lnk
[2009/03/21 19:19:26 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/03/19 14:10:10 | 02,590,134 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\AZDEN_PCS-2000_user.pdf
[2009/03/18 16:01:01 | 00,000,000 | ---D | C] -- C:\Pokemon
[2009/03/18 15:54:31 | 00,000,000 | ---D | C] -- C:\PVC Output
[2009/03/14 14:06:59 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/13 21:11:11 | 12,341,641 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\AutoGordianKnot.2.55.Setup.exe
[2009/03/10 16:28:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/10 16:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Local Settings\Application Data\Mozilla
[2009/03/10 16:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\Mozilla
[2009/03/10 16:27:41 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/10 16:27:37 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/03/08 14:22:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/02/07 19:12:11 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/07 16:08:29 | 00,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 13:41:56 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/20 12:45:35 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Barry.ini
[2008/09/30 19:13:24 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/06 13:13:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/08/24 06:57:56 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/23 02:45:04 | 00,405,596 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/08/23 02:45:03 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/22 17:35:27 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/08/22 17:29:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/08/22 17:26:56 | 00,005,786 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2008/08/22 17:26:30 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2008/08/22 17:18:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/08/22 17:15:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/08/22 17:15:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/08/22 17:14:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/08/22 17:14:17 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/08/22 17:13:32 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/08/22 17:13:31 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/08/04 10:56:46 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2004/08/04 10:56:46 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/04 10:56:46 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/08/04 10:56:46 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2004/08/04 10:56:46 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/04 10:56:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/08/04 10:56:44 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/08/04 10:56:44 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/04 10:56:44 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/04 10:56:44 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/04 10:56:44 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/04 10:56:42 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/04 10:56:42 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/04 10:56:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/04 10:56:14 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/03 22:46:56 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/03 22:45:16 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/03 22:45:16 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/03 22:45:14 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/03 22:45:12 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/03 22:45:10 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/07/17 11:46:14 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/07/17 11:34:48 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/03/24 17:16:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/13 21:40:42 | 01,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2002/12/20 15:11:10 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2002/10/16 08:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 22:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001/08/23 22:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001/08/23 22:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001/08/23 22:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001/08/23 22:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001/08/23 22:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001/08/23 22:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001/08/23 22:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001/08/23 22:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001/08/23 22:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001/08/23 22:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001/08/23 22:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001/08/23 22:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001/08/23 22:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001/08/23 22:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001/08/23 22:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 22:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001/08/23 22:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001/08/23 22:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001/08/23 22:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001/08/23 22:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001/08/23 22:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001/08/23 22:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001/08/23 22:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001/08/23 22:00:00 | 00,000,542 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 22:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001/08/23 22:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/18 08:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/07 09:23:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/07 09:21:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/07 09:18:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/07 09:18:36 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{64F958F0-2EB0-48FD-B287-ACAA05B31361}
[2009/04/07 09:18:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/07 09:10:16 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/07 09:05:59 | 00,763,904 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/07 09:05:58 | 00,558,080 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/07 09:05:25 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/04/07 09:03:28 | 00,003,140 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/04/07 08:58:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/07 07:42:54 | 03,067,803 | R--- | M] () -- C:\Documents and Settings\Barry\Desktop\Combo-Fix.exe
[2009/04/07 07:29:05 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB69E7DB-A7F2-4E71-A13E-963DA731AC53}.job
[2009/04/06 20:43:20 | 01,578,698 | -H-- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\IconCache.db
[2009/04/06 19:10:38 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/05 17:00:11 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Barry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/05 17:00:01 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\NTREGOPT.lnk
[2009/04/05 17:00:01 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\ERUNT.lnk
[2009/04/03 21:21:15 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/03 21:21:15 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/03 21:21:15 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/04/03 21:21:15 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/04/02 19:56:04 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 17:09:01 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\DivX Movies.lnk
[2009/04/02 16:36:47 | 00,153,301 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\Windows.Media.Player.License.exe
[2009/04/01 20:56:33 | 00,198,656 | ---- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 13:49:51 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\CCleaner.lnk
[2009/03/28 11:37:38 | 03,212,799 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\DSL-G604T_ADSL2+_Manual_v1.00.pdf
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 07:31:07 | 00,138,106 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\irf5305.pdf
[2009/03/23 17:41:51 | 00,000,663 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Easy Video Joiner.lnk
[2009/03/23 16:36:16 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\PDVD_MediaDisc.PlayList
[2009/03/23 10:28:31 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Barry\My Documents\desktop.ini
[2009/03/22 16:17:43 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/03/22 16:17:43 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2009/03/22 16:07:13 | 00,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/22 16:07:13 | 00,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/22 16:07:12 | 00,405,596 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/21 21:09:17 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\NewzToolz.lnk
[2009/03/21 19:19:27 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\AusLogics Disk Defrag.lnk
[2009/03/19 14:10:10 | 02,590,134 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\AZDEN_PCS-2000_user.pdf
[2009/03/18 19:37:31 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\AutoGK.ini
[2009/03/14 14:06:59 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/13 21:11:11 | 12,341,641 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\AutoGordianKnot.2.55.Setup.exe
[2009/03/12 11:42:16 | 00,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 16:28:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/03/10 16:27:41 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
< End of report >

#7 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 06 April 2009 - 07:59 PM

Well i have just reinstalled avg8.5 and it updated ok so i ran it and came back with 3 trojan horses, avg did remove them, i then went into ie and no redirect, tried several sites. Have to see if windows will update next but looks like back to working ok? what is the best way to keep it clearn or is their more to do? A big thanks for the help so far.

Dashound

#8 Essexboy

Group: GeekU Moderator
Posts: 55,558
Joined: 31-May 06

Posted 07 April 2009 - 11:42 AM

Looking at that log windows updates should now run. Norton can be a pain to remove so I recommend downloading and running their removal tool to clear it all

Can you now retry MBAM and do a full scan

Let me know if AVG and windows update correctly and we shall then know where we stand

#9 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 07 April 2009 - 10:33 PM

Yes windows and avg updated and the mam found 1 infection and removed it.

#10 Essexboy

Group: GeekU Moderator
Posts: 55,558
Joined: 31-May 06

Posted 08 April 2009 - 03:12 AM

OK then last check - how is you computer now any problems at all

#11 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 09 April 2009 - 04:50 AM

All seems to be ok, a big thanks

Dashound

#12 Essexboy

Group: GeekU Moderator
Posts: 55,558
Joined: 31-May 06

Posted 09 April 2009 - 01:14 PM

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

SpywareBlaster to help prevent spyware from installing in the first place.
SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Secunia Software inspector To check your programme update status
Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

#13 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 09 April 2009 - 10:37 PM

Yes i always put my tools away, all done and windows had no updates to do.

I now have .combo-fix
.erunt
.ntregopt
.mam
.hjt
should i keep all? It appeared i did not have any java on the computer to be removed. Was this the april fools vrus?

Dashound

#14 Essexboy

Group: GeekU Moderator
Posts: 55,558
Joined: 31-May 06

Posted 10 April 2009 - 03:46 AM

There is no need to keep Combofix or MBAM as they update almost daily and can be downloaded as required. ERUNT is always good to keep (ntregopt is part of that) You just had a generic re-direct it was not conficker

#15 Dashound

Group: Member
Posts: 9
Joined: 05-April 09

Posted 11 April 2009 - 12:05 AM

Thank you for all your help, i will do my best to keep it clean. Easter here, have a safe holiday.

Dashound

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Google Redirect virus firefox too [Solved] - Geeks to Go Forums