Siko
Premium
join:2006-11-27
Mechanicsburg, PA
clubs:
 ·Dish Network
 ·Verizon Online DSL
1 edit | reply to bcastner
Re: Always get redirected after clicking link in google
Here they are
ComboFix 08-04-08.4 - Murlin Wei 2008-04-08 15:28:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1299 [GMT -4:00]
Running from: C:\Users\Murlin Wei\Desktop\ComboFix.exe
Command switches used :: C:\Users\Murlin Wei\Desktop\CFscript.txt
.
((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))
.
2008-04-06 19:44 . 2008-04-06 19:44 d-------- C:\Users\Murlin Wei\AppData\Roaming\Malwarebytes
2008-04-06 19:44 . 2008-04-06 19:44 d-------- C:\Users\All Users\Malwarebytes
2008-04-06 19:44 . 2008-04-06 19:44 d-------- C:\ProgramData\Malwarebytes
2008-04-06 19:44 . 2008-04-06 19:44 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-06 19:31 . 2008-04-06 19:31 d-------- C:\_OTMoveIt
2008-04-06 19:10 . 2008-04-06 19:10 d-------- C:\Program Files\Azureus
2008-04-06 10:00 . 2008-04-08 15:27 d-------- C:\Users\Murlin Wei\AppData\Roaming\Azureus
2008-04-06 10:00 . 2008-04-06 10:00 d-------- C:\Users\All Users\Azureus
2008-04-06 10:00 . 2008-04-06 10:00 d-------- C:\ProgramData\Azureus
2008-04-06 08:03 . 2008-04-06 08:05 178 --a------ C:\megaScenery.ini
2008-04-05 19:34 . 2008-04-06 08:06 d-------- C:\Users\Murlin Wei\AppData\Roaming\AVG7
2008-04-05 19:33 . 2008-04-05 19:33 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-04-05 14:50 . 2008-04-05 19:35 d-------- C:\Program Files\COMODO
2008-04-05 14:45 . 2008-04-06 08:06 d-------- C:\Users\All Users\Avg7
2008-04-05 14:45 . 2008-04-06 08:06 d-------- C:\ProgramData\Avg7
2008-04-05 09:07 . 2007-02-22 22:19 172,032 --a------ C:\Windows\System32\igfxres.dll
2008-04-05 09:03 . 2008-04-05 09:03 d-------- C:\Intel
2008-04-05 09:03 . 2006-12-13 03:17 3,276,800 --a------ C:\Windows\System32\igfxress.dll
2008-04-05 09:03 . 2006-12-13 03:16 212,992 --a------ C:\Windows\System32\igfxdev.dll
2008-04-05 09:03 . 2007-02-22 23:44 204,800 --a------ C:\Windows\System32\igfxCoIn_v1214.dll
2008-04-05 09:03 . 2006-12-13 03:16 196,608 --a------ C:\Windows\System32\igfxsrvc.exe
2008-04-05 09:03 . 2006-12-13 03:16 155,648 --a------ C:\Windows\System32\igfxpph.dll
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\Users\Murlin Wei\AppData\Roaming\Apple Computer
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\Users\All Users\Apple Computer
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\ProgramData\Apple Computer
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\Program Files\QuickTime
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\Program Files\iPod
2008-04-04 21:01 . 2008-04-07 16:47 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-04 21:01 . 2008-04-04 21:01 1,409 --a------ C:\Windows\QTFont.for
2008-04-04 21:00 . 2008-04-04 21:00 d-------- C:\Users\All Users\Apple
2008-04-04 21:00 . 2008-04-04 21:00 d-------- C:\ProgramData\Apple
2008-04-04 21:00 . 2008-04-04 21:00 d-------- C:\Program Files\Common Files\Apple
2008-04-04 21:00 . 2008-04-04 21:00 d-------- C:\Program Files\Apple Software Update
2008-04-04 20:39 . 2008-04-04 20:39 d-------- C:\Program Files\Real
2008-04-04 20:39 . 2008-04-04 20:39 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 20:39 . 2008-04-04 20:39 d-------- C:\Program Files\Common Files\Real
2008-04-04 15:31 . 2008-04-04 15:31 d-------- C:\Users\Murlin Wei\AppData\Roaming\Microsoft Game Studios
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\Windows\System32\xfcodec.dll
2008-03-31 17:00 . 2008-03-31 17:00 d-------- C:\Users\Murlin Wei\AppData\Roaming\InstallShield
2008-03-29 17:45 . 2008-03-29 17:45 d-------- C:\Program Files\Ken Salter
2008-03-29 16:23 . 2008-03-29 16:23 d-------- C:\Users\Murlin Wei\AppData\Roaming\Ethereal
2008-03-29 16:21 . 2008-03-29 16:21 d-------- C:\Temp
2008-03-29 16:21 . 2008-03-29 16:21 d-------- C:\Program Files\Ethereal
2008-03-29 16:21 . 2008-03-29 16:21 d-------- C:\Program Files\AirSnare
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-03-27 18:33 . 2008-03-27 18:33 1,024 --a------ C:\Windows\utraffic1.lic
2008-03-26 16:50 . 2008-03-26 16:50 1,107 --a------ C:\Windows\mozver.dat
2008-03-25 18:20 . 2008-03-25 18:20 d-------- C:\Windows\System32\Adobe
2008-03-24 21:04 . 2008-03-24 21:04 d-------- C:\Program Files\7-Zip
2008-03-23 20:33 . 2008-03-23 20:33 2,048 --a------ C:\Windows\atr72-500.lic
2008-03-23 18:44 . 2008-03-23 18:44 d-------- C:\Program Files\Dragonfly
2008-03-23 07:47 . 2008-03-23 07:52 d-------- C:\Windows\Lhsp
2008-03-22 21:21 . 2008-03-22 21:22 d-------- C:\Program Files\FSFDT
2008-03-22 16:27 . 2008-03-22 16:27 d-------- C:\Program Files\XviD
2008-03-22 16:26 . 2008-03-25 16:58 d-------- C:\Program Files\Common Files\GC Install
2008-03-22 14:57 . 2008-04-08 15:27 d-------- C:\Users\Murlin Wei\AppData\Roaming\SiteAdvisor
2008-03-22 14:57 . 2008-03-22 14:57 d-------- C:\Users\All Users\SiteAdvisor
2008-03-22 14:57 . 2008-03-22 14:57 d-------- C:\Users\All Users\McAfee
2008-03-22 14:57 . 2008-03-22 14:57 d-------- C:\ProgramData\SiteAdvisor
2008-03-22 14:57 . 2008-03-22 14:57 d-------- C:\ProgramData\McAfee
2008-03-22 14:20 . 2008-03-22 14:20 d-------- C:\Users\All Users\Adobe
2008-03-22 13:56 . 2008-03-22 13:56 d-------- C:\Program Files\GARMIN
2008-03-22 13:55 . 1997-11-19 15:49 303,616 --a------ C:\Windows\IsUninst.exe
2008-03-22 13:54 . 2008-03-22 13:54 2,048 --a------ C:\Windows\dfa36.lic
2008-03-22 07:49 . 2008-03-22 07:51 3,675 --a------ C:\Windows\aitt.ini
2008-03-21 16:29 . 2008-03-21 16:37 d-------- C:\Users\All Users\Lavasoft
2008-03-21 16:29 . 2008-03-21 16:37 d-------- C:\ProgramData\Lavasoft
2008-03-21 15:51 . 2008-03-21 15:51 d-------- C:\Users\Murlin Wei\AppData\Roaming\Grisoft
2008-03-21 15:51 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-21 09:49 . 2008-04-05 08:59 d-------- C:\Program Files\Realtek
2008-03-21 09:49 . 2006-09-12 00:34 499,712 --a------ C:\Windows\RtlExUpd.dll
2008-03-20 15:40 . 2008-03-20 15:40 d-------- C:\Users\Murlin Wei\{aa0d5936-10b8-4d4e-b491-2ffd51f2ccbe}
2008-03-20 15:15 . 2008-03-20 15:15 dr-h----- C:\MSOCache
2008-03-19 20:56 . 2008-01-19 03:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-03-19 20:55 . 2008-01-19 02:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-18 20:32 . 2008-03-18 20:32 d-------- C:\Windows\System32\VC
2008-03-18 20:32 . 2008-03-18 20:32 d-------- C:\Windows\System32\MinGW
2008-03-18 20:32 . 2008-03-18 20:32 d-------- C:\Windows\System32\Builder5
2008-03-18 20:22 . 2008-03-18 20:26 155,648 --a------ C:\Windows\System32\libssl32.dll
2008-03-18 18:32 . 2008-03-18 18:32 286,720 --a------ C:\Windows\iun506.exe
2008-03-17 15:34 . 2008-03-17 15:34 d-------- C:\Users\Murlin Wei\AppData\Roaming\eMule
2008-03-17 15:34 . 2008-04-04 18:16 d-------- C:\Users\All Users\eMule
2008-03-17 15:34 . 2008-04-04 18:16 d-------- C:\ProgramData\eMule
2008-03-16 14:12 . 2008-03-16 14:12 4 --a------ C:\Windows\startup_BBCP.ini
2008-03-16 14:03 . 2008-03-16 14:03 d-------- C:\Users\All Users\Ubisoft
2008-03-16 14:03 . 2008-03-16 14:03 d-------- C:\ProgramData\Ubisoft
2008-03-16 14:03 . 2008-03-16 14:03 d-------- C:\Program Files\Microsoft Speech SDK 5.1
2008-03-16 14:03 . 2008-03-16 14:03 d-------- C:\Program Files\IL2 Sturmovik
2008-03-16 14:03 . 2008-03-16 14:03 d-------- C:\Program Files\IL-2 Sturmovik Forgotten Battles
2008-03-16 14:03 . 2004-03-29 17:23 90,112 --a------ C:\Windows\unvise32.exe
2008-03-16 10:43 . 2008-03-29 16:21 d-------- C:\Program Files\WinPcap
2008-03-15 07:21 . 2008-03-15 07:21 176,937 --a------ C:\Windows\Sky Environment Ultra FS9 Uninstaller.exe
2008-03-13 16:36 . 2008-03-13 16:36 d-------- C:\Program Files\Bevelstone Production
2008-03-13 16:16 . 2008-03-15 18:22 d-------- C:\Program Files\Common Files\InstallShield
2008-03-13 15:11 . 2008-03-13 15:11 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-13 15:10 . 2008-03-22 14:20 d-------- C:\Program Files\Common Files\Adobe
2008-03-13 15:09 . 2008-03-13 15:09 d-------- C:\Program Files\Microsoft Silverlight
2008-03-12 20:41 . 2008-03-12 20:41 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-12 16:48 . 2008-03-12 16:48 d-------- C:\Program Files\DocPad
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 19:32 --------- d-----w C:\ProgramData\Xfire
2008-04-08 19:32 --------- d-----w C:\Program Files\Xfire
2008-04-08 00:12 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\Xfire
2008-04-07 22:27 179,034,213 ----a-w C:\Windows\DUMP449a.tmp
2008-04-06 23:11 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\uTorrent
2008-04-06 17:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-06 13:54 --------- d---a-w C:\ProgramData\TEMP
2008-04-06 13:54 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-05 23:33 --------- d-----w C:\ProgramData\Grisoft
2008-04-05 12:59 319,984 ----a-w C:\Windows\DIFxAPI.dll
2008-04-01 20:27 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-31 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 22:54 --------- d-----w C:\Program Files\IEPro
2008-03-29 17:25 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\Winamp
2008-03-23 19:04 1,392,304 ----a-w C:\Windows\System32\AutoPartNt.exe
2008-03-23 19:01 114,048 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-03-23 19:01 --------- d-----w C:\Program Files\Common Files\Acronis
2008-03-23 19:01 --------- d-----w C:\Program Files\Acronis
2008-03-22 18:48 --------- d-----w C:\Program Files\Java
2008-03-22 16:54 --------- d-----w C:\Program Files\FS Real Time
2008-03-21 20:33 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-03-21 20:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 01:20 174 --sha-w C:\Program Files\desktop.ini
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Defender
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Calendar
2008-03-20 01:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-20 01:05 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-20 00:17 --------- d-----w C:\Program Files\Microsoft Games
2008-03-09 01:03 169,109 ----a-w C:\Windows\system32\drivers\scskusbs.sys
2008-03-09 01:03 11,385 ----a-w C:\Windows\system32\drivers\scskusbf.sys
2008-03-06 21:25 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\NPLUTO Corporation
2008-03-05 21:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-03 00:21 --------- d-----w C:\Program Files\OO Software
2008-03-02 19:51 --------- d-----w C:\Program Files\SwiftSwitch
2008-03-02 19:32 --------- d-----w C:\ProgramData\SwiftSwitch
2008-03-02 16:09 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\Ventrilo
2008-03-02 12:12 --------- d-----w C:\Program Files\FSFlyingSchool
2008-03-02 02:32 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\HiFi
2008-03-01 19:37 --------- d-----w C:\Program Files\FOC 2003
2008-02-29 20:20 --------- d-----w C:\Program Files\Runtime Software
2008-02-29 00:23 --------- d-----w C:\Program Files\Recuva
2008-02-28 21:55 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\SUPERAntiSpyware.com
2008-02-28 21:55 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-02-28 15:45 230,152 ----a-w C:\Windows\System32\PDBoot.exe
2008-02-27 00:10 --------- d-----w C:\Program Files\RegSeeker
2008-02-26 23:34 --------- d-----w C:\Program Files\Shockwave 3D Lights Redux for FS9
2008-02-24 12:35 --------- d-----w C:\Program Files\DivX
2008-02-21 02:45 --------- d-----w C:\Program Files\SquawkBox3
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-19 08:24 7,808 ----a-w C:\Windows\system32\drivers\psi_mf.sys
2008-02-19 01:58 316,768 ----a-w C:\Windows\System32\sayax.dll
2008-02-19 00:50 --------- d-----w C:\Program Files\Microsoft Works
2008-02-18 15:14 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-18 11:57 --------- d-----w C:\Program Files\rcv4
2008-02-17 20:15 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\Flight1
2008-02-17 18:10 202,149 ----a-w C:\Windows\Water Details FS 2004 Uninstaller.exe
2008-02-17 16:21 --------- d-----w C:\Program Files\Flight One Software
2008-02-16 16:43 --------- d-----w C:\Program Files\Intel
2008-02-16 16:40 --------- d-----w C:\Program Files\Belarc
2008-02-15 19:22 59,392 ----a-w C:\Windows\system32\drivers\RTSTOR.sys
2008-02-14 01:17 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-14 01:17 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-14 01:16 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-13 13:01 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\OpenOffice.org2
2008-02-12 23:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-12 21:59 --------- d-----w C:\ProgramData\Abacus
2008-02-12 18:36 --------- d-----w C:\Program Files\Common Files\InstallShieldCrap
2008-02-11 15:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll
2008-02-11 15:34 29,932 ----a-w C:\Windows\System32\igmedcompkrn.bin
2008-02-11 15:34 2,215,364 ----a-w C:\Windows\System32\igklg400.bin
2008-02-11 15:34 1,971,732 ----a-w C:\Windows\System32\igklg450.bin
2008-02-11 00:19 --------- d-----w C:\Program Files\Ventrilo
2008-02-10 17:11 543 ----a-w C:\Program Files\INSTALL.LOG
2008-02-10 14:03 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-09 19:25 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-06 04:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
2008-01-29 16:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-04-06_19.39.55.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-06 23:37:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-08 19:32:09 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-06 23:17:13 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-08 18:42:55 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-06 23:37:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-08 19:32:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-08 19:32:33 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-06 23:33:53 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-08 19:28:41 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-06 23:37:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-08 19:32:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-08 19:32:33 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-06 23:34:10 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-08 19:28:50 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-04-06 18:06:50 108,178 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-07 22:34:13 108,178 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-06 18:06:50 629,252 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-07 22:34:13 629,252 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-06 18:04:09 8,110 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2738104663-2755392700-2221383480-1000_UserData.bin
+ 2008-04-07 22:29:38 8,468 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2738104663-2755392700-2221383480-1000_UserData.bin
- 2008-04-06 18:04:08 59,130 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-07 22:29:38 59,434 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-13 03:17 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-13 03:19 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-13 03:17 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-05 19:33 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-05 19:33 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-05 19:33 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM\~\startupfolder\C:^Users^Murlin Wei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Users\Murlin Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Murlin Wei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI (RC1).lnk]
path=C:\Users\Murlin Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI (RC1).lnk
backup=C:\Windows\pss\Secunia PSI (RC1).lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-02-16 19:49 149024 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-02-16 19:57 1945960 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 12:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-12-13 03:19 106496 C:\Windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-12-13 03:17 98304 C:\Windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 H:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\Windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-12-13 03:17 81920 C:\Windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 H:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
E:\Flight Simulator Software\rapget140\rapget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-12-01 00:37 4186112 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-04-06 13:17 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-04 20:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-02-16 19:45 1169776 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-19 03:36 2153472 C:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 03:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2738104663-2755392700-2221383480-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{61455193-5548-4882-BB4F-1FFC86E41172}C:\\ijji\\english\\u_skid.exe"= UDP:C:\ijji\english\u_skid.exe:
"UDP Query User{6099BF92-BFC5-416D-AEC6-DA00AFB25A65}C:\\ijji\\english\\u_skid.exe"= TCP:C:\ijji\english\u_skid.exe:
"TCP Query User{7E27783F-27CC-4E95-8A1E-47091E0453EF}K:\\program files\\driftcity\\driftcity.exe"= UDP:K:\program files\driftcity\driftcity.exe:DriftCity
"UDP Query User{68C2CEBB-F1D1-4589-A707-19610F1F7E77}K:\\program files\\driftcity\\driftcity.exe"= TCP:K:\program files\driftcity\driftcity.exe:DriftCity
"TCP Query User{FE38E010-F2C0-4967-83FD-96B25A3F5B30}C:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:C:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{19A69707-47F5-4ED8-A3D4-D983B5833183}C:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:C:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{B66503DB-7D5D-4DE9-9921-A25C9F1EA5AB}H:\\program files\\driftcity\\driftcity.exe"= UDP:H:\program files\driftcity\driftcity.exe:DriftCity
"UDP Query User{14612DD0-8A9C-44A2-9B51-5491B5A88018}H:\\program files\\driftcity\\driftcity.exe"= TCP:H:\program files\driftcity\driftcity.exe:DriftCity
"TCP Query User{A8D6E0B6-86C5-4D81-9FDF-F0378CD75F37}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5DC64609-489B-4CCD-8BDC-DA888571FCC7}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{17C23B69-DBF2-487A-A532-7D9ABF255A9E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{94906B86-E338-4979-ADE4-B4200BD59672}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{30964450-8A26-40BA-A03B-E0D17BDCC6BB}G:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:G:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{426ADF18-258D-442E-B866-DE3813E88673}G:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:G:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"{0E586831-FC73-45B0-9F08-096BF0D40C38}"= UDP:80:80
"{34AD0E95-78FA-44A3-A14A-4A598E511536}"= TCP:80:80
"{28CEFC0F-00A3-4EAB-9D8B-9D64D7265705}"= UDP:6112:6112
"{991C1B7E-6DA8-49BB-9C14-B6C74730B50A}"= TCP:6112:6112
"{8A3679AF-CD19-4CE2-A038-9DE3E3E5A34B}"= UDP:54789:54789
"{8C63877E-7C19-4DA5-B287-AA6D0F8CFC28}"= TCP:54789:54789
"TCP Query User{58038DE4-2BB8-41E1-8189-030A5E823718}H:\\nexon\\maplestory\\patcher.exe"= UDP:H:\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
"UDP Query User{41D9A998-FD0B-4C1B-A90E-B0F2BED2BFC4}H:\\nexon\\maplestory\\patcher.exe"= TCP:H:\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
"TCP Query User{57B550CD-25EA-460B-AE48-681C32F87C39}H:\\nexon\\maplestory\\maplestory.exe"= UDP:H:\nexon\maplestory\maplestory.exe:MapleStory
"UDP Query User{609320D2-5ECE-4286-8362-B486263DA9E3}H:\\nexon\\maplestory\\maplestory.exe"= TCP:H:\nexon\maplestory\maplestory.exe:MapleStory
"TCP Query User{83AB73F7-1946-4300-A08C-DB73E9369C8F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{48ACEBD7-DC97-4FF2-BB6F-704618FB53B2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"1c9b3cdd-3bce-43a9-881b-5fb372fe469c"=
"TCP Query User{6A3FA9AA-E952-4D4D-8FD7-FC7ED8BD727F}H:\\program files\\america's army\\system\\armyops.exe"= UDP:H:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{BEB13D38-D94C-4F4C-9245-7E48245BFA1D}H:\\program files\\america's army\\system\\armyops.exe"= TCP:H:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{50F33169-380A-49AF-81BE-7C6E8C8C2451}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{DF0B00AF-395E-4FA4-B850-2BD9EF20F7ED}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{5021BF18-01CD-4258-97B4-0C63DB4C1B7E}C:\\program files\\fsfdt\\control panel\\fsfdtcp.exe"= UDP:C:\program files\fsfdt\control panel\fsfdtcp.exe:FSFDT Control Panel
"UDP Query User{3DB1FC88-0596-4F01-A186-E39F227CE84D}C:\\program files\\fsfdt\\control panel\\fsfdtcp.exe"= TCP:C:\program files\fsfdt\control panel\fsfdtcp.exe:FSFDT Control Panel
"TCP Query User{1AB14382-F73F-48C9-B315-3EE9B8CB2694}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{17CAEFA6-0C1E-42AC-978B-C4A6CBAAC66B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"eb8b0e56-37ab-4db7-9f9e-1a1d6608d4e0"= %ProgramFiles%\FSFDT\FSInn UI\FSInnUI.exe:FSINN
"UDP Query User{D86A64A0-98DB-45F2-B30E-9C99810EA427}C:\\program files\\fsfdt\\fwinn\\fwinn.exe"= C:\program files\fsfdt\fwinn\fwinn.exe:FSInn Application
"TCP Query User{F3FF54FA-890C-4280-937A-E4B25DFDC64A}C:\\program files\\fsfdt\\fwinn\\fwinn.exe"= C:\program files\fsfdt\fwinn\fwinn.exe:FSInn Application
"5d038ed9-b69c-43ca-9e9d-361f03d7074d"= %ProgramFiles%\FSFDT\Control Panel\FSFDTCP.exe:FSUDCP
"09c2c1b0-5d17-4e76-8c53-65f0895ca6d1"= UDP:3782|LPort=3290|LPort=3783|LPort=6809:SQ
"3a769932-0d65-4226-8f87-9af21c6399fa"= TCP:3782|LPort=3290|LPort=3783|LPort=6809:SQ1
"7bda4004-dec1-4e68-ae03-4b18dca28327"= TCP:32062:FSINN
"TCP Query User{7BA25555-49F6-4C6F-A3BE-B1091A7CD7E6}C:\\program files\\swiftswitch\\swiftswitch.exe"= UDP:C:\program files\swiftswitch\swiftswitch.exe:Utility for RuneScape
"UDP Query User{F3D3B80D-3F35-4E98-BAE6-FFC8C8B398CB}C:\\program files\\swiftswitch\\swiftswitch.exe"= TCP:C:\program files\swiftswitch\swiftswitch.exe:Utility for RuneScape
"TCP Query User{2E3A70D7-0AC2-4254-B11B-0A2EC31E6D05}H:\\program files\\dragonfly\\special force\\specialforce.exe"= UDP:H:\program files\dragonfly\special force\specialforce.exe:SpecialForce
"UDP Query User{6137764F-CAE8-4517-AF49-6CB2607C5DB8}H:\\program files\\dragonfly\\special force\\specialforce.exe"= TCP:H:\program files\dragonfly\special force\specialforce.exe:SpecialForce
"TCP Query User{0D1EF090-833B-4967-9D45-EAF64C49861F}C:\\ijji\\english\\gunz\\gunz.exe"= UDP:C:\ijji\english\gunz\gunz.exe:Gunz
"UDP Query User{560CD26A-B4D8-4DD6-9AF8-BA438C3E071D}C:\\ijji\\english\\gunz\\gunz.exe"= TCP:C:\ijji\english\gunz\gunz.exe:Gunz
"TCP Query User{63EC054C-903B-40D8-A36F-D2F80B55FF3D}C:\\users\\murlin wei\\desktop\\fshost32\\fshost32.exe"= UDP:C:\users\murlin wei\desktop\fshost32\fshost32.exe:fshost32.exe
"UDP Query User{D8E76696-D62C-4EBD-8A08-5450B40122C9}C:\\users\\murlin wei\\desktop\\fshost32\\fshost32.exe"= TCP:C:\users\murlin wei\desktop\fshost32\fshost32.exe:fshost32.exe
"TCP Query User{854A4DB3-1DFB-4B87-A7E0-AEA6B9C0074B}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{A36A3890-68AE-4E2D-BC3B-FDAC339499B3}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{2D0919A8-6553-4CDF-A595-A46EF1D2F4D3}C:\\program files\\dragonfly\\special force\\specialforce.exe"= UDP:C:\program files\dragonfly\special force\specialforce.exe:specialforce
"UDP Query User{BC4A08A4-5B7E-4662-810F-1D9F1662B2AC}C:\\program files\\dragonfly\\special force\\specialforce.exe"= TCP:C:\program files\dragonfly\special force\specialforce.exe:specialforce
"{73852E8D-6030-4943-9978-138A7E864BD9}"= UDP:C:\Windows\Temp\~osCD95.tmp\ossproxy.exe:ossproxy.exe
"{43868274-2029-4933-8F1C-885F387F06D2}"= UDP:C:\Windows\Temp\~osDBBC.tmp\ossproxy.exe:ossproxy.exe
"{607558EF-6597-4863-8D25-F007069A2EC9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{46E5FDB3-D48D-4321-B224-C365CF959155}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9B21F62D-DF09-44A2-BD05-BC7EEE8742C9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{68F77BA3-1444-44C8-AC53-D586A7FD787C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{48866029-02D4-420C-AF33-2058433DC7D9}"= UDP:H:\Program Files\iTunes\iTunes.exe:iTunes
"{AB169B2B-5F22-47D8-B596-C06720D2E476}"= TCP:H:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{37AFDF7F-9FEF-441B-B24D-75F2E325B8C7}H:\\program files\\azureus\\azureus.exe"= UDP:H:\program files\azureus\azureus.exe:Azureus
"UDP Query User{2414528D-9012-4CCF-B04D-4D7AC667B755}H:\\program files\\azureus\\azureus.exe"= TCP:H:\program files\azureus\azureus.exe:Azureus
"TCP Query User{9225565D-E33E-467E-9533-ED9B2675E3C6}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{9F98D73A-65DD-4D0E-B968-DC1D3C6EBAA6}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{BC712732-FEB9-4EDA-8C73-9FC226F9DB1A}H:\\program files\\counter-strike source\\hl2.exe"= UDP:H:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{57A7C5E6-CBE4-4652-AFEF-DCFD72CBE342}H:\\program files\\counter-strike source\\hl2.exe"= TCP:H:\program files\counter-strike source\hl2.exe:hl2
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-13 04:32]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 15:22]
R3 rxpvbus;Reality XP Avionics Bus Driver;C:\Windows\system32\DRIVERS\rxpvbus.sys [2005-11-04 09:35]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2007-02-22 19:53]
S3 HPFXBULK;HPFXBULK;C:\Windows\system32\drivers\hpfxbulk.sys [2007-06-20 03:21]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-02-19 04:24]
S3 scskusbf;USB SCSK Filter Driver Service;C:\Windows\system32\drivers\scskusbf.sys [2008-03-08 21:03]
S3 scskusbs;USB SCSK Driver Service;C:\Windows\system32\drivers\scskusbs.sys [2008-03-08 21:03]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 03:30]
S4 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe" []
S4 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe" []
S4 PD91VMDefrag;PD91VMDefrag;"C:\Program Files\Raxco\PerfectDisk\PD91VMDefrag.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-04-08 15:32:40
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\oodag.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2008-04-08 15:33:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-08 19:33:39
ComboFix2.txt 2008-04-06 23:40:34
Pre-Run: 20,452,012,032 bytes free
Post-Run: 20,367,503,360 bytes free
.
2008-04-06 19:37:25 --- E O F ---
and MoveIt didn't find anything to move.
File/Folder # %TEMP%\ossproxy.exe not found.
File/Folder # C:\Users\ossproxy.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_152529 |
