Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan filling up C Drive


  • This topic is locked This topic is locked
25 replies to this topic

#16 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 PM

Posted 03 July 2011 - 06:48 PM

There's a list of the bad folders which we will remove with Combofix first

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

folders::
c:\users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D}
c:\users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247}
c:\users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}
c:\users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F}
c:\users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579}
c:\users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291}
c:\users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC}
c:\users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393}
c:\users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}
c:\users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472}
c:\users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}
c:\users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED}
c:\users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}
c:\users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178}
c:\users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}
c:\users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}
c:\users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}
c:\users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A}
c:\users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355}
c:\users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}
c:\users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8}
c:\users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}
c:\users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8}
c:\users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37}
c:\users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50}
c:\users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}
c:\users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E1}
c:\users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E}
c:\users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Now please rerun the same script as before with SystemLook and post that log too.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

BC AdBot (Login to Remove)

 


#17 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 04 July 2011 - 05:16 AM

here's the combofix log:


ComboFix 11-07-03.01 - Arthu Dyer 04/07/2011 8:30.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1015.215 [GMT 1:00]
Running from: c:\users\Arthu Dyer\Desktop\comfix.exe.exe
Command switches used :: c:\users\Arthu Dyer\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\comfix.exe
c:\comfix.exe\023.dat
c:\comfix.exe\023v.dat
c:\comfix.exe\ADS.dat
c:\comfix.exe\AppData.folder.dat
c:\comfix.exe\appinit.bad
c:\comfix.exe\Arthu Dyer.user.cf
c:\comfix.exe\asp.str
c:\comfix.exe\Assoc.cmd
c:\comfix.exe\attr.dat
c:\comfix.exe\ATTRIB.cfxxe
c:\comfix.exe\autorun_inf.dat
c:\comfix.exe\autorun_infB.dat
c:\comfix.exe\av.cmd
c:\comfix.exe\av.vbs
c:\comfix.exe\AWF
c:\comfix.exe\AWF.cmd
c:\comfix.exe\badclsid
c:\comfix.exe\Boot-Rk.cmd
c:\comfix.exe\Boot.bat
c:\comfix.exe\BootDrv.vbs
c:\comfix.exe\borlander_file.dat
c:\comfix.exe\borlander_folder.dat
c:\comfix.exe\c.bat
c:\comfix.exe\c.mrk
c:\comfix.exe\Cache.folder.dat
c:\comfix.exe\Catch-sub.cmd
c:\comfix.exe\catch_E.dat
c:\comfix.exe\catch_k.dat
c:\comfix.exe\catchme.cfxxe
c:\comfix.exe\Catchme.tmp
c:\comfix.exe\CCS.bat
c:\comfix.exe\CF22848.cfxxe
c:\comfix.exe\cfdummy
c:\comfix.exe\Cfiles.dat
c:\comfix.exe\Cfolders.dat
c:\comfix.exe\cfrun
c:\comfix.exe\cfscriptDequarantine00
c:\comfix.exe\cfscriptDequarantineB00
c:\comfix.exe\cfscriptFilex6400
c:\comfix.exe\cfscriptFolderx6400
c:\comfix.exe\CHCP.bat
c:\comfix.exe\ClistB.dat
c:\comfix.exe\clsid.c
c:\comfix.exe\clsid.dat
c:\comfix.exe\clsid.hiv
c:\comfix.exe\Combobatch.bat
c:\comfix.exe\ComboFix-Download.cfxxe
c:\comfix.exe\ComboFix.txt
c:\comfix.exe\ConEnv.sed
c:\comfix.exe\Cookies.folder.dat
c:\comfix.exe\Create.cmd
c:\comfix.exe\Creg.dat
c:\comfix.exe\CregC.cmd
c:\comfix.exe\CregC.dat
c:\comfix.exe\CregC_.dat
c:\comfix.exe\CSCRIPT.cfxxe
c:\comfix.exe\CSet.cmd
c:\comfix.exe\d-del_A.dat
c:\comfix.exe\d-delA.dat
c:\comfix.exe\dd.cfxxe
c:\comfix.exe\DelClsid.bat
c:\comfix.exe\delclsid00
c:\comfix.exe\delclsid0A
c:\comfix.exe\DelClsid64.bat
c:\comfix.exe\Desktop.folder.dat
c:\comfix.exe\desktop.ini
c:\comfix.exe\DisclaimED.dat
c:\comfix.exe\dll_whitelist.dat
c:\comfix.exe\dnd.dat
c:\comfix.exe\Do.dat
c:\comfix.exe\DPF.str
c:\comfix.exe\Drive.folder.dat
c:\comfix.exe\DriveFile.dat
c:\comfix.exe\Drives.dat
c:\comfix.exe\DrvRun.vbs
c:\comfix.exe\dumphive.cfxxe
c:\comfix.exe\embedded.sed
c:\comfix.exe\en-GB\ATTRIB.cfxxe.mui
c:\comfix.exe\en-GB\CF22848.cfxxe.mui
c:\comfix.exe\en-GB\CMD.cfxxe.mui
c:\comfix.exe\en-GB\CSCRIPT.cfxxe.mui
c:\comfix.exe\en-GB\PING.cfxxe.mui
c:\comfix.exe\en-GB\REGT.cfxxe.mui
c:\comfix.exe\en-GB\ROUTE.cfxxe.mui
c:\comfix.exe\en-US\ATTRIB.cfxxe.mui
c:\comfix.exe\en-US\CF22848.cfxxe.mui
c:\comfix.exe\en-US\cmd.cfxxe.mui
c:\comfix.exe\en-US\CSCRIPT.cfxxe.mui
c:\comfix.exe\en-US\PING.cfxxe.mui
c:\comfix.exe\en-US\REGT.cfxxe.mui
c:\comfix.exe\en-US\ROUTE.cfxxe.mui
c:\comfix.exe\Env.sed
c:\comfix.exe\ERDNT.e_e
c:\comfix.exe\ERDNTDOS.LOC
c:\comfix.exe\ERDNTWIN.LOC
c:\comfix.exe\ErrTrap1
c:\comfix.exe\ERUNT.cfxxe
c:\comfix.exe\erunt.dat
c:\comfix.exe\ERUNT.LOC
c:\comfix.exe\Exe.reg
c:\comfix.exe\extract.cfxxe
c:\comfix.exe\f_system
c:\comfix.exe\Favorites.folder.dat
c:\comfix.exe\FD-SV.cmd
c:\comfix.exe\ffdefstr.dll
c:\comfix.exe\FileCFScript.dat
c:\comfix.exe\FileKill.cfxxe
c:\comfix.exe\files.pif
c:\comfix.exe\Fin.dat
c:\comfix.exe\FIND3M.bat
c:\comfix.exe\FIXLSP.bat
c:\comfix.exe\FKMGen.cmd
c:\comfix.exe\Fmove
c:\comfix.exe\ForeignWht
c:\comfix.exe\Gateway
c:\comfix.exe\GetHive.cmd
c:\comfix.exe\GOLDUN.DAT
c:\comfix.exe\grep.cfxxe
c:\comfix.exe\gsar.cfxxe
c:\comfix.exe\handle.cfxxe
c:\comfix.exe\HDPEInfo.cfxxe
c:\comfix.exe\hidec.cfxxe
c:\comfix.exe\history.bat
c:\comfix.exe\History.folder.dat
c:\comfix.exe\Homer
c:\comfix.exe\Homer.chk
c:\comfix.exe\iexplore.exe
c:\comfix.exe\image001.gif
c:\comfix.exe\Imefile.dat
c:\comfix.exe\katch.cmd
c:\comfix.exe\kmd.dat
c:\comfix.exe\Lang.bat
c:\comfix.exe\LatestVer
c:\comfix.exe\LegacyFull
c:\comfix.exe\LegacyNoSvc
c:\comfix.exe\List-B.bat
c:\comfix.exe\List-C.bat
c:\comfix.exe\lnkread.vbs
c:\comfix.exe\LocalAppData.folder.dat
c:\comfix.exe\LocalService.dat
c:\comfix.exe\LocalServiceNetworkRestricted.dat
c:\comfix.exe\LocalSettings.folder.dat
c:\comfix.exe\LocalSystemNetworkRestricted.dat
c:\comfix.exe\max_.dat
c:\comfix.exe\mbr.cfxxe
c:\comfix.exe\mbr.chk
c:\comfix.exe\md5sum.pif
c:\comfix.exe\Mirrors
c:\comfix.exe\MissingFiles.dat
c:\comfix.exe\MoveIt.bat
c:\comfix.exe\mtee.cfxxe
c:\comfix.exe\MtPt00
c:\comfix.exe\MUI
c:\comfix.exe\Music.folder.dat
c:\comfix.exe\MWindows.dat
c:\comfix.exe\mynul.dat
c:\comfix.exe\N_\1468
c:\comfix.exe\N_\1563
c:\comfix.exe\N_\17626
c:\comfix.exe\N_\21637
c:\comfix.exe\N_\23137
c:\comfix.exe\N_\24395
c:\comfix.exe\N_\2536
c:\comfix.exe\N_\25516
c:\comfix.exe\N_\25614
c:\comfix.exe\N_\28670
c:\comfix.exe\N_\29056
c:\comfix.exe\N_\29718
c:\comfix.exe\ncmd.com
c:\comfix.exe\ND_.bat
c:\comfix.exe\ND_64.bat
c:\comfix.exe\ndis_combofix.dat
c:\comfix.exe\NetHood.folder.dat
c:\comfix.exe\netsvc.bad.dat
c:\comfix.exe\netsvc.dat
c:\comfix.exe\NetworkService.dat
c:\comfix.exe\NirCmd.cfxxe
c:\comfix.exe\NircmdB.exe
c:\comfix.exe\NirCmdC.cfxxe
c:\comfix.exe\NIRKMD.cfxxe
c:\comfix.exe\NlsLanguageDefault
c:\comfix.exe\notifykeys.dat
c:\comfix.exe\notifykeysB.dat
c:\comfix.exe\NT-OS.cmd
c:\comfix.exe\NULL
c:\comfix.exe\OsId.txt
c:\comfix.exe\OSid.vbs
c:\comfix.exe\pausep.cfxxe
c:\comfix.exe\pend.txt
c:\comfix.exe\Personal.folder.dat
c:\comfix.exe\pev.cfxxe
c:\comfix.exe\pevb.cfxxe
c:\comfix.exe\Pictures.folder.dat
c:\comfix.exe\PING.cfxxe
c:\comfix.exe\Policies.dat
c:\comfix.exe\powp.dat
c:\comfix.exe\PreDIR
c:\comfix.exe\Prep.inf
c:\comfix.exe\PrintHood.folder.dat
c:\comfix.exe\Profiles.Folder.dat
c:\comfix.exe\Profiles.Folder.folder.dat
c:\comfix.exe\progfile.dat
c:\comfix.exe\Programs.folder.dat
c:\comfix.exe\Purity.dat
c:\comfix.exe\PV.cfxxe
c:\comfix.exe\pv.com
c:\comfix.exe\rar_sfx.cmd
c:\comfix.exe\RCLink.dat
c:\comfix.exe\RcVer00
c:\comfix.exe\Recent.folder.dat
c:\comfix.exe\REGDACL.sed
c:\comfix.exe\region.dat
c:\comfix.exe\RegScan.cmd
c:\comfix.exe\RegScan64.cmd
c:\comfix.exe\REGT.cfxxe
c:\comfix.exe\Resident.txt
c:\comfix.exe\restore_pt.dat
c:\comfix.exe\Rkey.cmd
c:\comfix.exe\rmbr.cfxxe
c:\comfix.exe\rogues.dat
c:\comfix.exe\ROUTE.cfxxe
c:\comfix.exe\run.sed
c:\comfix.exe\run2.sed
c:\comfix.exe\Rust.str
c:\comfix.exe\s0rt.cfxxe
c:\comfix.exe\safeboot.dat
c:\comfix.exe\safeboot.def.dat
c:\comfix.exe\sed.cfxxe
c:\comfix.exe\SendTo.folder.dat
c:\comfix.exe\SetEnvmt.bat
c:\comfix.exe\SetPath.bat
c:\comfix.exe\setpath.cfxxe
c:\comfix.exe\setpath_N.cmd
c:\comfix.exe\SF.exe
c:\comfix.exe\sfx.cmd
c:\comfix.exe\SnapShot.cmd
c:\comfix.exe\SRestore.cmd
c:\comfix.exe\srizbi.md5
c:\comfix.exe\Start_dat
c:\comfix.exe\StartMenu.folder.dat
c:\comfix.exe\StartUp.folder.dat
c:\comfix.exe\StartUpFileB.dat
c:\comfix.exe\SuppScan.cmd
c:\comfix.exe\Suspect_ntfy.dat
c:\comfix.exe\svc_wht.dat
c:\comfix.exe\SvcCovered
c:\comfix.exe\SvcDrv.vbs
c:\comfix.exe\SvcFull
c:\comfix.exe\svchost.dat
c:\comfix.exe\SvcTarget.dat
c:\comfix.exe\swreg.cfxxe
c:\comfix.exe\swsc.cfxxe
c:\comfix.exe\swxcacls.cfxxe
c:\comfix.exe\SysPath.dat
c:\comfix.exe\System.dump
c:\comfix.exe\System.dump00
c:\comfix.exe\System.dump01
c:\comfix.exe\system_ini.dat
c:\comfix.exe\tail.cfxxe
c:\comfix.exe\temp0100
c:\comfix.exe\Templates.folder.dat
c:\comfix.exe\toolbar.sed
c:\comfix.exe\unhand.dat
c:\comfix.exe\Unhandled.dat
c:\comfix.exe\Update-CF.cmd
c:\comfix.exe\v_wht.dat
c:\comfix.exe\VerCF.bat
c:\comfix.exe\version.txt
c:\comfix.exe\VikPev00
c:\comfix.exe\Vikpev01
c:\comfix.exe\VInfo
c:\comfix.exe\VInfo2
c:\comfix.exe\VINFO3
c:\comfix.exe\Vipev.dat
c:\comfix.exe\ViPev00
c:\comfix.exe\ViPev02
c:\comfix.exe\Vista.krl
c:\comfix.exe\Vista.mac
c:\comfix.exe\vistaMcode.dat
c:\comfix.exe\vistareg.dat
c:\comfix.exe\vRun_DLL
c:\comfix.exe\vun.dat
c:\comfix.exe\vundonames.dat
c:\comfix.exe\VwinTemp.dacl
c:\comfix.exe\w_sock.dll
c:\comfix.exe\w7Mcode.dat
c:\comfix.exe\whiteAll.dat
c:\comfix.exe\whitedir.dat
c:\comfix.exe\whitedirCreated.dat
c:\comfix.exe\Wmi_rem.vbs
c:\comfix.exe\WowErr.dat
c:\comfix.exe\xpmcode.dat
c:\comfix.exe\XPSBoot.reg
c:\comfix.exe\zDomain.dat
c:\comfix.exe\zhsvc.dat
c:\comfix.exe\zip.cfxxe
c:\comfix.exe\Zlob01
.
.
((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))
.
.
2011-07-04 09:35 . 2011-07-04 09:35 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-07-03 22:14 . 2011-07-03 22:14 -------- d-----w- c:\windows\Sun
2011-07-02 09:35 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFF14E03-7659-4990-9C74-5BE2492C19F1}\mpengine.dll
2011-07-01 17:36 . 2011-07-01 17:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291}
2011-06-30 20:08 . 2011-06-30 20:08 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355}
2011-06-29 22:03 . 2011-06-29 22:03 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A}
2011-06-29 10:02 . 2011-06-29 10:02 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472}
2011-06-29 06:01 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 22:01 . 2011-06-28 22:02 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37}
2011-06-27 18:44 . 2011-06-27 18:44 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8}
2011-06-27 06:44 . 2011-06-27 06:44 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E}
2011-06-26 18:43 . 2011-06-26 18:43 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8}
2011-06-25 21:14 . 2011-06-25 21:15 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC}
2011-06-24 22:19 . 2011-06-24 22:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579}
2011-06-24 10:18 . 2011-06-24 10:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247}
2011-06-23 22:18 . 2011-06-23 22:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50}
2011-06-22 22:12 . 2011-06-22 22:12 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED}
2011-06-21 22:34 . 2011-06-21 22:35 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F}
2011-06-20 16:31 . 2011-06-20 16:32 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D}
2011-06-19 21:00 . 2011-06-19 21:01 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}
2011-06-18 19:59 . 2011-06-18 19:59 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E}
2011-06-17 00:52 . 2011-06-17 00:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}
2011-06-16 08:46 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 08:46 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 08:46 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 08:46 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 08:46 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-16 08:46 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 08:46 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 08:46 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 08:46 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 08:45 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 08:45 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:28 . 2011-06-15 21:28 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393}
2011-06-14 20:37 . 2011-06-14 20:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}
2011-06-14 08:37 . 2011-06-14 08:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}
2011-06-13 19:52 . 2011-06-13 19:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}
2011-06-12 21:52 . 2011-06-12 21:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}
2011-06-11 18:18 . 2011-06-11 18:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}
2011-06-10 22:53 . 2011-06-10 22:54 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}
2011-06-09 20:04 . 2011-06-09 20:04 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178}
2011-06-08 15:26 . 2011-06-08 15:26 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}
2011-06-07 23:13 . 2011-06-07 23:13 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}
2011-06-07 21:19 . 2011-06-07 21:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\Tific
2011-06-07 21:19 . 2011-06-07 21:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Roaming\Tific
2011-06-06 21:50 . 2011-06-06 21:50 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}
2011-06-06 07:14 . 2011-06-06 07:14 -------- d-----w- c:\windows\Standalone System Sweeper
2011-06-05 22:08 . 2011-06-14 20:45 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\VirtualStore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 23:47 . 2010-06-17 00:37 2560 ----a-w- c:\windows\system32\drivers\mchInjDrv.sys
2011-06-07 15:55 . 2010-07-01 19:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 08:11 . 2008-11-12 23:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2008-11-12 23:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
"NDSTray.exe"="NDSTray.exe" [BU]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"VX1000"="c:\windows\vVX1000.exe" [2010-03-12 762736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Arthu Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Voice Recorder SyncServer.lnk - c:\windows\Installer\{A4DAC821-C790-45AC-841A-9D9E3FA7AFAC}\_EC789A19C6C439974EEDE9.exe [2011-3-31 4142]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^camtool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\camtool.lnk
backup=c:\windows\pss\camtool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 09:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-09-03 14:07 1576176 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2007-11-28 19:51 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl03e27013;MpKsl03e27013;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl03e27013.sys [x]
R1 MpKsl063c037e;MpKsl063c037e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF198CD4-5BB3-407C-A6D5-A508D0BC6222}\MpKsl063c037e.sys [x]
R1 MpKsl06528697;MpKsl06528697;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsl06528697.sys [x]
R1 MpKsl07b23d89;MpKsl07b23d89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKsl07b23d89.sys [x]
R1 MpKsl091327a3;MpKsl091327a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKsl091327a3.sys [x]
R1 MpKsl09507059;MpKsl09507059;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEA1523E-C8D3-4A2A-ACF4-6A02A75AA5B0}\MpKsl09507059.sys [x]
R1 MpKsl099ada60;MpKsl099ada60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl099ada60.sys [x]
R1 MpKsl0c728011;MpKsl0c728011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsl0c728011.sys [x]
R1 MpKsl0cb2c2a3;MpKsl0cb2c2a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKsl0cb2c2a3.sys [x]
R1 MpKsl0e7270b4;MpKsl0e7270b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C48689B-A4E9-4C0A-8C1D-F31DC3F2BC38}\MpKsl0e7270b4.sys [x]
R1 MpKsl107804b4;MpKsl107804b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A486441-FE1C-4F0C-8E98-1B087BE304D5}\MpKsl107804b4.sys [x]
R1 MpKsl14abc5f8;MpKsl14abc5f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKsl14abc5f8.sys [x]
R1 MpKsl17cf13b0;MpKsl17cf13b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl17cf13b0.sys [x]
R1 MpKsl18a9e2df;MpKsl18a9e2df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{680715CA-4919-4354-B3DD-EA2CAD5885E4}\MpKsl18a9e2df.sys [x]
R1 MpKsl1bdc8397;MpKsl1bdc8397;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE7DEAF5-3D4E-4649-AEFC-A22A67FE0A33}\MpKsl1bdc8397.sys [x]
R1 MpKsl1d79ab22;MpKsl1d79ab22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02888C56-C25A-402A-95C2-A7DA2AC722CC}\MpKsl1d79ab22.sys [x]
R1 MpKsl1ed16b1f;MpKsl1ed16b1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl1ed16b1f.sys [x]
R1 MpKsl1fba4434;MpKsl1fba4434;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl1fba4434.sys [x]
R1 MpKsl21ae8ea3;MpKsl21ae8ea3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl21ae8ea3.sys [x]
R1 MpKsl24d82522;MpKsl24d82522;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl24d82522.sys [x]
R1 MpKsl24ddcd6e;MpKsl24ddcd6e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsl24ddcd6e.sys [x]
R1 MpKsl2824c39d;MpKsl2824c39d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl2824c39d.sys [x]
R1 MpKsl29b43ef8;MpKsl29b43ef8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A5D2B2B-9721-4CEB-B039-A631E24D5F3E}\MpKsl29b43ef8.sys [x]
R1 MpKsl2a1101b0;MpKsl2a1101b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8B8C7A2-44CE-4108-A348-FEBAF55CA752}\MpKsl2a1101b0.sys [x]
R1 MpKsl2beb1fe3;MpKsl2beb1fe3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl2beb1fe3.sys [x]
R1 MpKsl2c4f11fe;MpKsl2c4f11fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EF0AE88-2A13-40CC-A38B-4F37BB9CAF9B}\MpKsl2c4f11fe.sys [x]
R1 MpKsl2db446e0;MpKsl2db446e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKsl2db446e0.sys [x]
R1 MpKsl2ec83d55;MpKsl2ec83d55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0505502B-9025-4D4D-A6A1-4A66EC7FCF8C}\MpKsl2ec83d55.sys [x]
R1 MpKsl2f40dd33;MpKsl2f40dd33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl2f40dd33.sys [x]
R1 MpKsl305b4f6d;MpKsl305b4f6d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE7DEAF5-3D4E-4649-AEFC-A22A67FE0A33}\MpKsl305b4f6d.sys [x]
R1 MpKsl31e17efa;MpKsl31e17efa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl31e17efa.sys [x]
R1 MpKsl3508c635;MpKsl3508c635;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKsl3508c635.sys [x]
R1 MpKsl3884238e;MpKsl3884238e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02888C56-C25A-402A-95C2-A7DA2AC722CC}\MpKsl3884238e.sys [x]
R1 MpKsl38cceace;MpKsl38cceace;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl38cceace.sys [x]
R1 MpKsl39353bbe;MpKsl39353bbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKsl39353bbe.sys [x]
R1 MpKsl3c31ed7c;MpKsl3c31ed7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl3c31ed7c.sys [x]
R1 MpKsl3cb23c11;MpKsl3cb23c11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl3cb23c11.sys [x]
R1 MpKsl3cde6aff;MpKsl3cde6aff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94439C4F-A75A-4A6B-BCAA-B001399B729C}\MpKsl3cde6aff.sys [x]
R1 MpKsl41387736;MpKsl41387736;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl41387736.sys [x]
R1 MpKsl41a583de;MpKsl41a583de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44A378DB-169A-47B7-8D0C-EDF7B154A9D1}\MpKsl41a583de.sys [x]
R1 MpKsl428da48f;MpKsl428da48f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl428da48f.sys [x]
R1 MpKsl44a1ff73;MpKsl44a1ff73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl44a1ff73.sys [x]
R1 MpKsl44abafdc;MpKsl44abafdc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl44abafdc.sys [x]
R1 MpKsl457082d6;MpKsl457082d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5251A21D-2308-4C7E-8E2E-F781504679CA}\MpKsl457082d6.sys [x]
R1 MpKsl46b232a1;MpKsl46b232a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl46b232a1.sys [x]
R1 MpKsl46bbcc83;MpKsl46bbcc83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsl46bbcc83.sys [x]
R1 MpKsl4996375b;MpKsl4996375b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874E0564-198B-4487-B8AF-0DF546285FEF}\MpKsl4996375b.sys [x]
R1 MpKsl4a41908b;MpKsl4a41908b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl4a41908b.sys [x]
R1 MpKsl4adeb986;MpKsl4adeb986;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl4adeb986.sys [x]
R1 MpKsl4b70d7d3;MpKsl4b70d7d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0A3BDCA-550E-48E8-9532-57D9D5D598B0}\MpKsl4b70d7d3.sys [x]
R1 MpKsl4dfa7bc2;MpKsl4dfa7bc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF198CD4-5BB3-407C-A6D5-A508D0BC6222}\MpKsl4dfa7bc2.sys [x]
R1 MpKsl4e9185e3;MpKsl4e9185e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl4e9185e3.sys [x]
R1 MpKsl50d36d89;MpKsl50d36d89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{313C8ACC-6132-4D11-B07A-3F5AF37DF9CC}\MpKsl50d36d89.sys [x]
R1 MpKsl515294d6;MpKsl515294d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsl515294d6.sys [x]
R1 MpKsl5217d7f4;MpKsl5217d7f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C47188F7-2B14-45BD-A966-873A187F4DEC}\MpKsl5217d7f4.sys [x]
R1 MpKsl56522701;MpKsl56522701;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2FE0D7E-E9ED-4426-A18C-F5DE8F286152}\MpKsl56522701.sys [x]
R1 MpKsl574f0eec;MpKsl574f0eec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl574f0eec.sys [x]
R1 MpKsl57efa75a;MpKsl57efa75a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30773904-0D82-412E-A516-DE1FDC5A5FCF}\MpKsl57efa75a.sys [x]
R1 MpKsl59307636;MpKsl59307636;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8B8C7A2-44CE-4108-A348-FEBAF55CA752}\MpKsl59307636.sys [x]
R1 MpKsl5abd1cc2;MpKsl5abd1cc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKsl5abd1cc2.sys [x]
R1 MpKsl5adf381e;MpKsl5adf381e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A112B53-667E-41BB-A5E4-39EE1F5C33FC}\MpKsl5adf381e.sys [x]
R1 MpKsl5c7790b6;MpKsl5c7790b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl5c7790b6.sys [x]
R1 MpKsl6171b442;MpKsl6171b442;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0D739F4-5A49-4BE8-85F1-BA94663C63ED}\MpKsl6171b442.sys [x]
R1 MpKsl664d3a25;MpKsl664d3a25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl664d3a25.sys [x]
R1 MpKsl666c7a55;MpKsl666c7a55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A63F0C7-AF38-48A5-8E2A-07E9C1825525}\MpKsl666c7a55.sys [x]
R1 MpKsl6adca09c;MpKsl6adca09c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKsl6adca09c.sys [x]
R1 MpKsl6c158716;MpKsl6c158716;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsl6c158716.sys [x]
R1 MpKsl6f73bbe6;MpKsl6f73bbe6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl6f73bbe6.sys [x]
R1 MpKsl713acbcf;MpKsl713acbcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl713acbcf.sys [x]
R1 MpKsl7193d566;MpKsl7193d566;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B2A362A-AEB3-4C46-A0E6-AB13669E6324}\MpKsl7193d566.sys [x]
R1 MpKsl741f5ba4;MpKsl741f5ba4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl741f5ba4.sys [x]
R1 MpKsl75dc9b60;MpKsl75dc9b60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl75dc9b60.sys [x]
R1 MpKsl768a39af;MpKsl768a39af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsl768a39af.sys [x]
R1 MpKsl77a40977;MpKsl77a40977;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{680715CA-4919-4354-B3DD-EA2CAD5885E4}\MpKsl77a40977.sys [x]
R1 MpKsl79545f7c;MpKsl79545f7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl79545f7c.sys [x]
R1 MpKsl7bb2675d;MpKsl7bb2675d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E432821E-0D71-4655-834A-5B537EEE7AAD}\MpKsl7bb2675d.sys [x]
R1 MpKsl7d1384e9;MpKsl7d1384e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl7d1384e9.sys [x]
R1 MpKsl807d0b5a;MpKsl807d0b5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1E7BA13-B1DD-4B99-96BD-EA919C6059A2}\MpKsl807d0b5a.sys [x]
R1 MpKsl827feebf;MpKsl827feebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D1A83EA-CB21-42C3-B5B0-34315D3357A1}\MpKsl827feebf.sys [x]
R1 MpKsl8415ff5e;MpKsl8415ff5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0A3BDCA-550E-48E8-9532-57D9D5D598B0}\MpKsl8415ff5e.sys [x]
R1 MpKsl8789ea5f;MpKsl8789ea5f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA2C442D-BAA7-403C-899B-9C1D3247BE55}\MpKsl8789ea5f.sys [x]
R1 MpKsl87c5528e;MpKsl87c5528e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl87c5528e.sys [x]
R1 MpKsl87fcf776;MpKsl87fcf776;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl87fcf776.sys [x]
R1 MpKsl895ea41c;MpKsl895ea41c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E52A6DC1-DB61-4C35-8BC0-164DFCB2EA08}\MpKsl895ea41c.sys [x]
R1 MpKsl8efafa5a;MpKsl8efafa5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FD24B85-0FB5-4F24-8A9A-B1932A2412E6}\MpKsl8efafa5a.sys [x]
R1 MpKsl91ed609c;MpKsl91ed609c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsl91ed609c.sys [x]
R1 MpKsl93144258;MpKsl93144258;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKsl93144258.sys [x]
R1 MpKsl9402c405;MpKsl9402c405;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F885A21-0149-4F24-B5B8-8D71B0A2DB1E}\MpKsl9402c405.sys [x]
R1 MpKsl94dfedeb;MpKsl94dfedeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsl94dfedeb.sys [x]
R1 MpKsl95cc16fc;MpKsl95cc16fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874E0564-198B-4487-B8AF-0DF546285FEF}\MpKsl95cc16fc.sys [x]
R1 MpKsl95d7a9e9;MpKsl95d7a9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F4A931F-D163-4AB0-92A3-59C27819327B}\MpKsl95d7a9e9.sys [x]
R1 MpKsl976ddc95;MpKsl976ddc95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsl976ddc95.sys [x]
R1 MpKsl98b47f5d;MpKsl98b47f5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{457D5952-F170-4227-86C8-7DF0BCF346AB}\MpKsl98b47f5d.sys [x]
R1 MpKsl9b666f2a;MpKsl9b666f2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E4DDEC5-FB0C-43B1-B3EA-3F78F743B563}\MpKsl9b666f2a.sys [x]
R1 MpKsl9f0c187b;MpKsl9f0c187b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl9f0c187b.sys [x]
R1 MpKsl9f173418;MpKsl9f173418;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl9f173418.sys [x]
R1 MpKsla04ae90f;MpKsla04ae90f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsla04ae90f.sys [x]
R1 MpKsla1662aee;MpKsla1662aee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{468AEF13-FC55-44C4-9A83-F97E6404B41B}\MpKsla1662aee.sys [x]
R1 MpKsla28e481f;MpKsla28e481f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsla28e481f.sys [x]
R1 MpKsla4470473;MpKsla4470473;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsla4470473.sys [x]
R1 MpKsla5488081;MpKsla5488081;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsla5488081.sys [x]
R1 MpKsla8c8eaff;MpKsla8c8eaff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsla8c8eaff.sys [x]
R1 MpKsla994e2ea;MpKsla994e2ea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F684C683-1B09-4DF1-B56E-FC33BFE043E3}\MpKsla994e2ea.sys [x]
R1 MpKsla9dc48c9;MpKsla9dc48c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsla9dc48c9.sys [x]
R1 MpKslaa12ed40;MpKslaa12ed40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKslaa12ed40.sys [x]
R1 MpKslab624f98;MpKslab624f98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKslab624f98.sys [x]
R1 MpKslacf71ee4;MpKslacf71ee4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKslacf71ee4.sys [x]
R1 MpKslae41b0bb;MpKslae41b0bb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKslae41b0bb.sys [x]
R1 MpKslb0572c78;MpKslb0572c78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKslb0572c78.sys [x]
R1 MpKslb442ac86;MpKslb442ac86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F885A21-0149-4F24-B5B8-8D71B0A2DB1E}\MpKslb442ac86.sys [x]
R1 MpKslb75f41b2;MpKslb75f41b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A63F0C7-AF38-48A5-8E2A-07E9C1825525}\MpKslb75f41b2.sys [x]
R1 MpKslb9ce8614;MpKslb9ce8614;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKslb9ce8614.sys [x]
R1 MpKslb9f94f18;MpKslb9f94f18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKslb9f94f18.sys [x]
R1 MpKslbb3eb4ad;MpKslbb3eb4ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDDA15F-1EC8-4DA2-8B6D-4AD2A984BBD3}\MpKslbb3eb4ad.sys [x]
R1 MpKslbdd8c472;MpKslbdd8c472;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKslbdd8c472.sys [x]
R1 MpKslc157ad7d;MpKslc157ad7d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKslc157ad7d.sys [x]
R1 MpKslc3334383;MpKslc3334383;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKslc3334383.sys [x]
R1 MpKslc3ae3ac1;MpKslc3ae3ac1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8238EE2C-C5B3-40BD-9510-8E37777D8080}\MpKslc3ae3ac1.sys [x]
R1 MpKslc4694066;MpKslc4694066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKslc4694066.sys [x]
R1 MpKslc732e207;MpKslc732e207;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKslc732e207.sys [x]
R1 MpKslcd86f80c;MpKslcd86f80c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKslcd86f80c.sys [x]
R1 MpKslce71e541;MpKslce71e541;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5251A21D-2308-4C7E-8E2E-F781504679CA}\MpKslce71e541.sys [x]
R1 MpKslce9f7f52;MpKslce9f7f52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{228FA935-2BA0-4487-9D56-E5E7CA1A8BF2}\MpKslce9f7f52.sys [x]
R1 MpKsld454d676;MpKsld454d676;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsld454d676.sys [x]
R1 MpKsld6d3a1a9;MpKsld6d3a1a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKsld6d3a1a9.sys [x]
R1 MpKsld748a313;MpKsld748a313;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEA1523E-C8D3-4A2A-ACF4-6A02A75AA5B0}\MpKsld748a313.sys [x]
R1 MpKsld7d8c42c;MpKsld7d8c42c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{313C8ACC-6132-4D11-B07A-3F5AF37DF9CC}\MpKsld7d8c42c.sys [x]
R1 MpKslda9372e8;MpKslda9372e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKslda9372e8.sys [x]
R1 MpKsldee6b099;MpKsldee6b099;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsldee6b099.sys [x]
R1 MpKsle03acc55;MpKsle03acc55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsle03acc55.sys [x]
R1 MpKsle453939f;MpKsle453939f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsle453939f.sys [x]
R1 MpKsle4ad32a7;MpKsle4ad32a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsle4ad32a7.sys [x]
R1 MpKsle4d9f192;MpKsle4d9f192;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsle4d9f192.sys [x]
R1 MpKsle69f0590;MpKsle69f0590;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsle69f0590.sys [x]
R1 MpKsled2e400f;MpKsled2e400f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{213E658B-13B0-4372-8E38-D691A4BA9BAA}\MpKsled2e400f.sys [x]
R1 MpKsled479e2a;MpKsled479e2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07BF9D48-F145-41A2-A2EC-64CFC0AB3ACE}\MpKsled479e2a.sys [x]
R1 MpKsledd21bdf;MpKsledd21bdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKsledd21bdf.sys [x]
R1 MpKslf3e8f996;MpKslf3e8f996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E432821E-0D71-4655-834A-5B537EEE7AAD}\MpKslf3e8f996.sys [x]
R1 MpKslf511033d;MpKslf511033d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50185E05-C6ED-41E9-A946-23185FD7A16A}\MpKslf511033d.sys [x]
R1 MpKslf58b521c;MpKslf58b521c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKslf58b521c.sys [x]
R1 MpKslf6fd4b72;MpKslf6fd4b72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKslf6fd4b72.sys [x]
R1 MpKslf731ec94;MpKslf731ec94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKslf731ec94.sys [x]
R1 MpKslfd810a48;MpKslfd810a48;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94439C4F-A75A-4A6B-BCAA-B001399B729C}\MpKslfd810a48.sys [x]
R1 MpKslfe2aa58c;MpKslfe2aa58c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD2F0A6B-356B-4CB2-A40B-C6D82821392C}\MpKslfe2aa58c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1cad5df84f9ff00;Google Update Service (gupdate1cad5df84f9ff00);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071116.001\IDSvix86.sys [2007-11-06 180272]
S1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\Drivers\mchInjDrv.sys [2011-07-03 2560]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-06 390528]
S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-13 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2010-12-15 120248]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-09-15 112688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 23:18]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 23:18]
.
2011-06-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Arthu Dyer.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
2011-07-04 c:\windows\Tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
2011-07-04 c:\windows\Tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?FORM=M00UUK&Publ=BING&Crea=BAWL_SS1HP_1X1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-04 10:36
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
[16777216] 0x81D0087D
[16777216] 0x0F02C083
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-04 11:11:45
ComboFix-quarantined-files.txt 2011-07-04 10:11
ComboFix2.txt 2011-07-04 06:26
ComboFix3.txt 2011-07-02 23:14
ComboFix4.txt 2011-07-02 00:15
.
Pre-Run: 2,287,632,384 bytes free
Post-Run: 1,689,292,800 bytes free
.
- - End Of File - - 61EF74FD5288D7EC9D3E9E3DC68F6F85


And here's the system look log

SystemLook 04.09.10 by jpshortstuff
Log created at 11:15 on 04/07/2011 by Arthu Dyer
Administrator - Elevation successful

========== dir ==========

c:\users\Arthu Dyer\AppData\Local - Parameters: "(none)"

---Files---
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini --a--c- 4608 bytes [00:23 08/06/2011] [17:25 20/06/2011]
GDIPFONTCACHEV1.DAT --a--c- 74352 bytes [20:39 05/06/2011] [20:39 05/06/2011]
IconCache.db --ah-c- 2072113 bytes [03:21 13/11/2008] [21:27 18/06/2011]

---Folders---
Adobe d----c- [11:48 23/08/2007]
Apple d----c- [23:04 03/09/2007]
Apple Computer d----c- [01:28 22/09/2007]
Application Data d--hs-- [11:45 23/08/2007]
Downloaded Installations d----c- [17:35 07/05/2009]
Google d----c- [13:29 23/08/2007]
History d--hs-- [11:45 23/08/2007]
Microsoft d----c- [11:45 23/08/2007]
Microsoft Games d----c- [12:19 23/08/2007]
Microsoft Help d----c- [12:00 23/08/2007]
Temp d----c- [11:45 23/08/2007]
Temporary Internet Files d--hs-- [11:45 23/08/2007]
Tific d----c- [21:19 07/06/2011]
Toshiba d----c- [11:48 23/08/2007]
VirtualStore d----c- [22:08 05/06/2011]
Windows Live d----c- [22:35 20/10/2010]
{095A699F-D510-40A1-B1A7-DE0A5892EF5D} d----c- [16:31 20/06/2011]
{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247} d----c- [10:18 24/06/2011]
{233D9C26-525F-44C1-B0BA-45F0D6B8591A} d----c- [00:52 17/06/2011]
{2A7A6530-A9C2-4022-8D90-A6362049099F} d----c- [22:34 21/06/2011]
{2BFFA91E-A287-4CF0-8034-83AEEA2B1579} d----c- [22:19 24/06/2011]
{3F6AC618-0C96-4529-B5F2-1B23C4130291} d----c- [17:36 01/07/2011]
{4A317B6C-15E5-4C03-8526-03BDE187DDBC} d----c- [21:14 25/06/2011]
{59835181-4CE7-45E7-B039-3166EE934393} d----c- [21:28 15/06/2011]
{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C} d----c- [20:37 14/06/2011]
{59F2207E-7872-4D84-A8B4-87F3BAA98472} d----c- [10:02 29/06/2011]
{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF} d----c- [19:52 13/06/2011]
{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED} d----c- [22:12 22/06/2011]
{5FFAA2C9-D699-42F9-8B63-CEFD337A978F} d----c- [15:26 08/06/2011]
{6CB05047-FB4D-47BB-A14A-E96100443178} d----c- [20:04 09/06/2011]
{8AF12DED-D6F1-4944-B410-FA278BC465BA} d----c- [23:13 07/06/2011]
{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399} d----c- [21:00 19/06/2011]
{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0} d----c- [08:37 14/06/2011]
{9C722DB9-B638-48BF-A742-14F1D0AAF14A} d----c- [22:03 29/06/2011]
{A48AE574-BED4-43B7-8CCF-41FF49390355} d----c- [20:08 30/06/2011]
{A7742DEC-93A2-4610-AC21-8CEC2E88FC23} d----c- [21:50 06/06/2011]
{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8} d----c- [18:43 26/06/2011]
{BD0C291E-E399-496B-B482-3B7A9C386DB5} d----c- [22:53 10/06/2011]
{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8} d----c- [18:44 27/06/2011]
{C784C3EA-AED8-46E1-87B0-FCFA08494F37} d----c- [22:01 28/06/2011]
{CA5A511F-9D2D-4FDA-80EA-94360300AE50} d----c- [22:18 23/06/2011]
{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF} d----c- [18:18 11/06/2011]
{DD400900-C588-472C-A2D6-AE762076EF5E} d----c- [06:44 27/06/2011]
{E2E051D0-B549-4830-B83C-C651053A0E5E} d----c- [19:59 18/06/2011]
{F9381C5A-DD94-4F14-A64C-75E883F2E454} d----c- [21:52 12/06/2011]

-= EOF =-

#18 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 PM

Posted 04 July 2011 - 06:28 PM

Please run OTL and we'll try some manual removal

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#19 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 05 July 2011 - 02:23 AM

OTL Report


OTL logfile created on: 05/07/2011 01:08:37 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Arthu Dyer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.63 Mb Total Physical Memory | 333.90 Mb Available Physical Memory | 32.91% Memory free
2.79 Gb Paging File | 0.68 Gb Available in Paging File | 24.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 2.67 Gb Free Space | 4.77% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.61 Gb Free Space | 96.97% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: ARTHURDYER-PC | User Name: Arthu Dyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Arthu Dyer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\hsplayer.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)


========== Modules (SafeList) ==========

MOD - C:\Users\Arthu Dyer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Spyware Doctor\smumhook.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\klg.dat (PC Tools)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (mchInjDrv) -- C:\Windows\System32\drivers\mchInjDrv.sys ()
DRV - (RapportCerberus_26762) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys (Trusteer Ltd.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IKSysSec) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071119.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071119.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSvix86.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?FORM=M00UUK&Publ=BING&Crea=BAWL_SS1HP_1X1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Virtools SA)

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:08:18 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:08:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/04 10:35:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 01:03:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Arthu Dyer\Desktop\OTL.exe
[2011/07/04 23:47:52 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{61B88EEB-E54B-4ACF-9D90-9704B30D2BC6}
[2011/07/04 11:13:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/04 11:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/03 23:14:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/01 23:27:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/01 23:27:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/01 23:27:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/01 23:25:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/01 23:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/01 23:06:35 | 004,130,081 | R--- | C] (Swearware) -- C:\Users\Arthu Dyer\Desktop\comfix.exe.exe
[2011/07/01 18:36:48 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291}
[2011/06/30 21:08:27 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355}
[2011/06/29 23:48:48 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Arthu Dyer\Desktop\aswMBR.exe
[2011/06/29 23:35:54 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Arthu Dyer\Desktop\TDSSKiller.exe
[2011/06/29 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A}
[2011/06/29 11:02:34 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472}
[2011/06/28 23:01:58 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37}
[2011/06/27 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8}
[2011/06/27 07:44:05 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E}
[2011/06/26 19:43:31 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8}
[2011/06/25 22:14:57 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC}
[2011/06/24 23:19:32 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579}
[2011/06/24 11:18:42 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247}
[2011/06/23 23:18:03 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50}
[2011/06/22 23:12:29 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED}
[2011/06/21 23:34:50 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F}
[2011/06/20 17:31:52 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D}
[2011/06/19 23:10:26 | 000,607,310 | R--- | C] (Swearware) -- C:\Users\Arthu Dyer\Desktop\dds.scr
[2011/06/19 22:00:56 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}
[2011/06/18 20:59:43 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E}
[2011/06/17 01:52:22 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}
[2011/06/15 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393}
[2011/06/14 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}
[2011/06/14 09:37:07 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}
[2011/06/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}
[2011/06/12 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}
[2011/06/11 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}
[2011/06/10 23:53:59 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}
[2011/06/09 21:04:31 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178}
[2011/06/08 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.Data
[2011/06/08 16:26:06 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}
[2011/06/08 00:13:28 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}
[2011/06/07 22:19:11 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\Tific
[2011/06/07 22:19:10 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Roaming\Tific
[2011/06/06 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}
[2011/06/06 08:14:04 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2011/06/05 23:08:32 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\VirtualStore
[2005/09/13 00:45:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2004/02/16 20:59:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[3 C:\Users\Arthu Dyer\Downloads\Documents\*.tmp files -> C:\Users\Arthu Dyer\Downloads\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/05 01:26:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 01:26:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job
[2011/07/05 01:25:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
[2011/07/05 01:03:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arthu Dyer\Desktop\OTL.exe
[2011/07/04 23:45:29 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Arthu Dyer.job
[2011/07/04 23:32:58 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 23:32:58 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 23:26:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 17:34:27 | 000,002,560 | ---- | M] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2011/07/04 17:32:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/04 10:35:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/04 05:26:29 | 004,130,081 | R--- | M] (Swearware) -- C:\Users\Arthu Dyer\Desktop\comfix.exe.exe
[2011/07/03 20:33:59 | 000,075,264 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\SystemLook.exe
[2011/06/30 21:50:31 | 000,080,384 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\MBRCheck (1).exe
[2011/06/30 20:56:28 | 000,000,512 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\MBR.dat
[2011/06/30 03:20:27 | 001,640,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/29 23:49:05 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Arthu Dyer\Desktop\aswMBR.exe
[2011/06/29 23:33:11 | 001,317,103 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\tdsskiller.zip
[2011/06/29 03:43:15 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/28 19:13:28 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Arthu Dyer\Desktop\TDSSKiller.exe
[2011/06/28 07:11:34 | 000,602,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/28 07:11:34 | 000,109,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/20 18:25:44 | 000,004,608 | ---- | M] () -- C:\Users\Arthu Dyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 23:09:42 | 000,607,310 | R--- | M] (Swearware) -- C:\Users\Arthu Dyer\Desktop\dds.scr
[2011/06/19 23:03:01 | 000,000,000 | ---- | M] () -- C:\Users\Arthu Dyer\defogger_reenable
[2011/06/08 23:33:57 | 000,025,114 | ---- | M] () -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.enl
[2011/06/08 16:55:36 | 000,002,627 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\Microsoft Office Word 2007.lnk
[2011/06/08 01:04:31 | 000,006,830 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\pUS901.plm
[2011/06/06 22:49:07 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[3 C:\Users\Arthu Dyer\Downloads\Documents\*.tmp files -> C:\Users\Arthu Dyer\Downloads\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/03 20:33:54 | 000,075,264 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\SystemLook.exe
[2011/07/01 23:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/01 23:27:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/01 23:27:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/01 23:27:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/01 23:27:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/30 21:50:30 | 000,080,384 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\MBRCheck (1).exe
[2011/06/30 20:56:27 | 000,000,512 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\MBR.dat
[2011/06/29 23:32:40 | 001,317,103 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\tdsskiller.zip
[2011/06/19 23:36:06 | 000,302,592 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\gmer.exe
[2011/06/19 23:03:01 | 000,000,000 | ---- | C] () -- C:\Users\Arthu Dyer\defogger_reenable
[2011/06/08 22:39:36 | 000,025,114 | ---- | C] () -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.enl
[2011/06/08 01:23:31 | 000,004,608 | ---- | C] () -- C:\Users\Arthu Dyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 22:49:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/22 03:28:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\np_plugin.dll
[2010/06/17 01:37:40 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2010/04/18 16:23:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/04/18 16:23:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/03/12 18:41:16 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/11/03 13:37:09 | 000,024,206 | ---- | C] () -- C:\Users\Arthu Dyer\AppData\Roaming\UserTile.png
[2009/09/24 07:34:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 07:34:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/08/16 03:06:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/15 04:04:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/10/22 15:20:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\CSDLGE1LIB.dll
[2007/09/18 23:12:57 | 000,032,345 | ---- | C] () -- C:\Windows\unvpeye.ini
[2007/05/30 17:53:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/30 17:52:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/05/30 09:40:56 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/30 09:38:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/30 09:38:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/30 09:38:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/30 09:38:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/30 09:38:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/30 09:38:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/30 09:31:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/30 09:29:39 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/30 09:29:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/30 09:29:39 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/30 09:29:39 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 001,640,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,602,790 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/13 17:19:12 | 008,701,824 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys
[2005/09/05 22:55:08 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/28 00:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2002/05/28 02:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll
[2001/06/24 10:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll

========== LOP Check ==========

[2011/03/23 05:25:20 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\BatteryCare
[2009/05/15 01:52:44 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/02/16 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Carl Zeiss
[2007/08/23 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\DesktopSMS
[2011/06/08 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\EndNote
[2009/11/03 12:41:15 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\GraphPad Software
[2007/10/30 23:24:04 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\LGSync
[2009/07/11 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\LimeWire
[2011/04/04 17:29:29 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\NCH Swift Sound
[2009/05/03 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Nokia
[2009/05/20 19:19:45 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Nseries
[2008/11/01 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\ourTunes
[2009/05/20 19:17:23 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\PC Suite
[2008/10/03 16:53:10 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Restorer
[2010/04/18 18:29:33 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\SPSSInc
[2011/06/07 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Tific
[2008/12/16 04:29:12 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Toshiba
[2010/02/16 14:20:50 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Trusteer
[2007/09/07 18:53:32 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Ulead Systems
[2011/06/30 03:06:36 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/05 01:25:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
[2011/07/05 01:26:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\Windows\System32\pieucgho.exe:changelist
@Alternate Data Stream - 162 bytes -> C:\Windows\System32\ajkvwpxt.exe:changelist
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EAB5D262
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1E0D6460
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:41E12674
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7290F122
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:72E546C1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:03392111
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


EXtras


OTL Extras logfile created on: 05/07/2011 01:08:37 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Arthu Dyer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.63 Mb Total Physical Memory | 333.90 Mb Available Physical Memory | 32.91% Memory free
2.79 Gb Paging File | 0.68 Gb Available in Paging File | 24.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 2.67 Gb Free Space | 4.77% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.61 Gb Free Space | 96.97% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: ARTHURDYER-PC | User Name: Arthu Dyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BC21FB5-C047-44AA-82F7-D7C7C2A78867}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D3D5CA8-36B9-4DA1-9A88-DE6EBA9C518F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22DE6B36-362D-4A31-A259-0C020E2DC916}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33C3B2D5-E699-4ADF-B1A9-1CBAF7739137}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3C37AE3B-8B58-4583-A353-3B39C555066A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46906832-E7F7-4D8A-9C5F-A9B1D786DF9A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EEB492D-E312-4070-9C4F-ECF65165668D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50D5F6EA-1A34-4302-A87B-3A7493CCDDEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{510DE5CB-3DB9-4C10-979F-71BB3790D5D1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{519A60E9-07C4-4EA7-8798-F1F32C5D4F94}" = rport=138 | protocol=17 | dir=out | app=system |
"{5695EABD-E3D6-43CD-866F-BC5B57EA2135}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{578CF27E-BD9C-4B4A-9307-5B2B4ACF30CD}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FD2381D-78BD-4069-B975-5753F1A38EA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63D0E5F7-ABF6-40D9-A623-6A42E83821A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FF345C2-291D-464E-ACBE-E8E749D32989}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E60A150-648C-4EE5-9325-618C883F71D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8ECF5AD6-5790-46C0-A9AE-5F38B6FE9425}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95888AF7-AFD9-4B15-BD89-B2E21DA4D344}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A9F4776-7751-434D-8E5C-514D12AB7EEE}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
"{A2BECC7E-0444-4BEB-9786-CDC2A4E94C9C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B6415123-5F27-4573-BDF7-55232F2FA543}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6778DE1-236F-436D-91ED-5F4DDE4456E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3DF61CD-DC17-42DA-B6CA-FDBF58AC7A78}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D45653AD-4175-42FB-87E6-146CA1A0F67D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D8EE4805-FEFC-44E8-97A6-97476C18D571}" = lport=139 | protocol=6 | dir=in | app=system |
"{DFD1AA45-9924-464A-811E-19932E80B229}" = lport=137 | protocol=17 | dir=in | app=system |
"{EE9437F7-E27C-453E-A753-40B429CC3AF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF1E3A73-E07E-43EA-94D4-0F8E6C1673C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E93B06-77CD-4A30-A23C-D7D7B4E8D525}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0509756B-A33A-4114-804D-B624224AC4DA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0E89AF21-84F9-455A-B820-992275255529}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10A3FEE8-35FF-47C4-B2CB-6DE703ED8F5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15028D5B-B117-47EE-A10B-DD7E6259A275}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1BC892CA-54CC-4B3A-9604-FF77625CD00A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1C96A3D4-8487-4439-A80D-071314815214}" = protocol=6 | dir=out | app=system |
"{1E0CBC09-B1E7-4497-AEDE-D6BF61CF8C7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{203C6C53-B25C-4A17-8AD0-073B59E7B511}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{21B83E0C-AC1C-47D7-80FE-98DBE98B51B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BFC3499-49A8-4E4D-90F4-290B60A92DCC}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{33010AA3-7DFC-464C-9956-858189D8B92B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3335F959-2A53-4414-9F42-928D3C565946}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{335D608B-C1B7-43E2-8C32-FF31D9908765}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{40E3F188-0198-4D73-A5FF-F21C8906D8D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{425A8CA0-4F7F-48E9-A015-0C6D01E12A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4D22B1E9-5F6E-4022-B4E8-52C7C86C87FA}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{543FFDDD-457C-4278-8532-487149B62EEC}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{5C1D4373-1A76-4BCD-922B-70F03F3F5D25}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5E845371-5A81-4D24-B64B-A8B93AD7B6B8}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{66C284D6-325A-447A-BE0C-D95BAC060B16}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{77605DAB-599C-4130-9DD4-0202CABFE36E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C825732-1C98-4CF4-A5AC-6C7BF8E271B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F3A364D-C05E-4475-B9A5-4530A9161B44}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{80623151-3949-4EBF-B58C-12B63343C214}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F7BED2A-2257-433C-A4A4-A4F9ECAA7832}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{912D4D3A-F60C-43F1-854E-7315EA21AA9C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{93F2762B-339D-4BE8-B7BE-6D06924DF42B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{96C8389D-D2AE-474F-BB2F-155C03D2AECB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{99560D08-2555-41F7-9D65-0E54B0C43528}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{9AF8AC33-D171-4113-BF19-0E9D5EF989E4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{A32FF5D6-F905-4FAE-AC7C-1C240E5B4644}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{A73481C1-B031-4A92-9020-F86F4187D57C}" = protocol=6 | dir=out | app=system |
"{B4002B22-3A3E-4577-AA0F-B561057C2A19}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{B483EB83-5D05-4615-BA7A-794A224F071E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B5D580E6-93F8-4FD7-8AD4-FCA22405BAB8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BDBBF98A-BEED-454C-A1BA-447CF70F6500}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{C500D925-B80C-4222-92C8-48CD44A1503E}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{C8F6216F-66D9-4D5D-B367-62B324589A09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CAF5A827-0C04-4914-ABA9-6881265ED1AA}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D0C9D86A-7D19-4716-AC53-599E9B915D6A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D47FE88E-0F09-4B55-9A35-71C76EDED7A3}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{DCC4F45E-B726-464B-972A-51277C1F8AE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCE57405-FBB4-4465-B599-BE52E9F0EB6F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDA151CB-F5D0-4559-B6DC-938F79FBD3C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0CCF487-81C8-4EC0-B7DF-7EC6EC4AFE43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E37E371B-2944-4BBE-A912-3E20D189261F}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{E5E6B9C0-B244-4E2E-80C6-4AAADC0149C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFC625B8-0F5F-4E77-9175-92963CA5F151}" = protocol=6 | dir=out | app=system |
"{F0FE592B-B580-44C2-A9DA-75CEBD073C23}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F344C3AB-9107-43B6-B022-18539944EA09}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F5B01E41-4A50-4929-ADCB-522447DA70FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{183B1DE0-6251-4B25-A1E0-D44060CAA8A3}C:\program files\ovi files\ovi files_agent.exe" = protocol=6 | dir=in | app=c:\program files\ovi files\ovi files_agent.exe |
"TCP Query User{7520D9EC-4904-4740-8123-2FB70EBF662A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{3B0C6D21-FECD-4879-BC09-F99C3A090C66}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{74FAA16E-4592-4863-8E99-48282C1C7061}C:\program files\ovi files\ovi files_agent.exe" = protocol=17 | dir=in | app=c:\program files\ovi files\ovi files_agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{153C4ADF-EA8E-4584-BA18-0094ADC0B605}" = Symantec Real Time Storage Protection Component
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3DF890E2-E079-473A-A041-7F9297DD04D0}" = ZEN 2009 Light Edition
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47A3FE80-528F-482B-8143-B3A4645557FC}" = Microsoft LifeCam
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58F14BA8-F5EE-45E3-B759-43488557E272}" = Windows Phone Support Tool
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4DAC821-C790-45AC-841A-9D9E3FA7AFAC}" = Voice Recorder Sync Server
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F721221F-ED4D-4262-88AA-F4FD475CD4D5}" = FastPictureViewer (32-bit) with Codecs
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"CopyTrans Suite" = CopyTrans Suite Remove Only
"EAX Unified" = EAX Unified
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"myphotobook" = myphotobook 3.1
"NortonPCCheckup" = Norton PC Checkup
"Rapport_msi" = Rapport
"Spyware Doctor" = Spyware Doctor 6.0
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#20 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 PM

Posted 05 July 2011 - 05:47 PM

Okay, rerun OTL as shown

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
[2011/07/04 23:47:52 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{61B88EEB-E54B-4ACF-9D90-9704B30D2BC6}
[2011/07/01 18:36:48 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291}
[2011/06/30 21:08:27 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355}
[2011/06/29 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A}
[2011/06/29 11:02:34 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472}
[2011/06/28 23:01:58 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37}
[2011/06/27 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8}
[2011/06/27 07:44:05 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E}
[2011/06/26 19:43:31 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8}
[2011/06/25 22:14:57 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC}
[2011/06/24 23:19:32 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579}
[2011/06/24 11:18:42 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247}
[2011/06/23 23:18:03 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50}
[2011/06/22 23:12:29 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED}
[2011/06/21 23:34:50 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F}
[2011/06/20 17:31:52 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D}
[2011/06/19 22:00:56 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}
[2011/06/18 20:59:43 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E}
[2011/06/17 01:52:22 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}
[2011/06/15 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393}
[2011/06/14 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}
[2011/06/14 09:37:07 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}
[2011/06/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}
[2011/06/12 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}
[2011/06/11 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}
[2011/06/10 23:53:59 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}
[2011/06/09 21:04:31 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178}
[2011/06/08 16:26:06 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}
[2011/06/08 00:13:28 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}
[2011/06/06 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}
@Alternate Data Stream - 162 bytes -> C:\Windows\System32\pieucgho.exe:changelist
@Alternate Data Stream - 162 bytes -> C:\Windows\System32\ajkvwpxt.exe:changelist
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EAB5D262
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1E0D6460
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:41E12674
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7290F122
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:72E546C1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:03392111
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please then rerun OTL as a scan and post the new log.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#21 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 05 July 2011 - 07:47 PM

1st log (Fix)


========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
C:\Users\Arthu Dyer\AppData\Local\{61B88EEB-E54B-4ACF-9D90-9704B30D2BC6} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA} folder moved successfully.
C:\Users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23} folder moved successfully.
ADS C:\Windows\System32\pieucgho.exe:changelist deleted successfully.
ADS C:\Windows\System32\ajkvwpxt.exe:changelist deleted successfully.
ADS C:\ProgramData\TEMP:EAB5D262 deleted successfully.
ADS C:\ProgramData\TEMP:9B0F9E15 deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:A724744F deleted successfully.
ADS C:\ProgramData\TEMP:1E0D6460 deleted successfully.
ADS C:\ProgramData\TEMP:41E12674 deleted successfully.
ADS C:\ProgramData\TEMP:7290F122 deleted successfully.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
ADS C:\ProgramData\TEMP:72E546C1 deleted successfully.
ADS C:\ProgramData\TEMP:03392111 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E!

OTL by OldTimer - Version 3.2.26.0 log created on 07062011_011210



2nd log (scan)


OTL logfile created on: 06/07/2011 01:12:55 - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Arthu Dyer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.63 Mb Total Physical Memory | 213.34 Mb Available Physical Memory | 21.03% Memory free
2.42 Gb Paging File | 0.36 Gb Available in Paging File | 14.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 3.68 Gb Free Space | 6.58% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: ARTHURDYER-PC | User Name: Arthu Dyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Arthu Dyer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)


========== Modules (SafeList) ==========

MOD - C:\Users\Arthu Dyer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation)
MOD - C:\Program Files\Spyware Doctor\smumhook.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\klg.dat (PC Tools)


========== Win32 Services (SafeList) ==========

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (mchInjDrv) -- C:\Windows\System32\drivers\mchInjDrv.sys ()
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_26762) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys (Trusteer Ltd.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IKSysSec) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071119.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071119.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSvix86.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?FORM=M00UUK&Publ=BING&Crea=BAWL_SS1HP_1X1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Virtools SA)

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:08:18 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:08:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/04 10:35:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 01:12:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/05 23:49:43 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{A3CAE6DF-7A8F-428A-8003-BE4EC87C4E80}
[2011/07/05 11:48:46 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{3167A185-1D23-4277-AC4A-010405DA2BDC}
[2011/07/05 01:03:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Arthu Dyer\Desktop\OTL.exe
[2011/07/04 11:13:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/04 11:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/03 23:14:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/01 23:27:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/01 23:27:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/01 23:27:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/01 23:25:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/01 23:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/01 23:06:35 | 004,130,081 | R--- | C] (Swearware) -- C:\Users\Arthu Dyer\Desktop\comfix.exe.exe
[2011/06/29 23:48:48 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Arthu Dyer\Desktop\aswMBR.exe
[2011/06/29 23:35:54 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Arthu Dyer\Desktop\TDSSKiller.exe
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/19 23:10:26 | 000,607,310 | R--- | C] (Swearware) -- C:\Users\Arthu Dyer\Desktop\dds.scr
[2011/06/08 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.Data
[2011/06/07 22:19:11 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\Tific
[2011/06/07 22:19:10 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Roaming\Tific
[2011/06/06 08:14:04 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2005/09/13 00:45:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2004/02/16 20:59:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[3 C:\Users\Arthu Dyer\Downloads\Documents\*.tmp files -> C:\Users\Arthu Dyer\Downloads\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 01:41:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job
[2011/07/06 01:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
[2011/07/06 01:26:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 01:13:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 01:13:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 23:26:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 23:15:37 | 000,002,560 | ---- | M] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2011/07/05 23:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/05 01:03:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arthu Dyer\Desktop\OTL.exe
[2011/07/04 23:45:29 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Arthu Dyer.job
[2011/07/04 10:35:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/04 05:26:29 | 004,130,081 | R--- | M] (Swearware) -- C:\Users\Arthu Dyer\Desktop\comfix.exe.exe
[2011/07/03 20:33:59 | 000,075,264 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\SystemLook.exe
[2011/06/30 21:50:31 | 000,080,384 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\MBRCheck (1).exe
[2011/06/30 20:56:28 | 000,000,512 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\MBR.dat
[2011/06/30 03:20:27 | 001,640,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/29 23:49:05 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Arthu Dyer\Desktop\aswMBR.exe
[2011/06/29 23:33:11 | 001,317,103 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\tdsskiller.zip
[2011/06/29 03:43:15 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/28 19:13:28 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Arthu Dyer\Desktop\TDSSKiller.exe
[2011/06/28 07:11:34 | 000,602,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/28 07:11:34 | 000,109,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/20 18:25:44 | 000,004,608 | ---- | M] () -- C:\Users\Arthu Dyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 23:09:42 | 000,607,310 | R--- | M] (Swearware) -- C:\Users\Arthu Dyer\Desktop\dds.scr
[2011/06/19 23:03:01 | 000,000,000 | ---- | M] () -- C:\Users\Arthu Dyer\defogger_reenable
[2011/06/08 23:33:57 | 000,025,114 | ---- | M] () -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.enl
[2011/06/08 16:55:36 | 000,002,627 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\Microsoft Office Word 2007.lnk
[2011/06/08 01:04:31 | 000,006,830 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\pUS901.plm
[2011/06/06 22:49:07 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[3 C:\Users\Arthu Dyer\Downloads\Documents\*.tmp files -> C:\Users\Arthu Dyer\Downloads\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/03 20:33:54 | 000,075,264 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\SystemLook.exe
[2011/07/01 23:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/01 23:27:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/01 23:27:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/01 23:27:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/01 23:27:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/30 21:50:30 | 000,080,384 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\MBRCheck (1).exe
[2011/06/30 20:56:27 | 000,000,512 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\MBR.dat
[2011/06/29 23:32:40 | 001,317,103 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\tdsskiller.zip
[2011/06/19 23:36:06 | 000,302,592 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\gmer.exe
[2011/06/19 23:03:01 | 000,000,000 | ---- | C] () -- C:\Users\Arthu Dyer\defogger_reenable
[2011/06/08 22:39:36 | 000,025,114 | ---- | C] () -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.enl
[2011/06/08 01:23:31 | 000,004,608 | ---- | C] () -- C:\Users\Arthu Dyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 22:49:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/22 03:28:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\np_plugin.dll
[2010/06/17 01:37:40 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2010/04/18 16:23:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/04/18 16:23:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/03/12 18:41:16 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/11/03 13:37:09 | 000,024,206 | ---- | C] () -- C:\Users\Arthu Dyer\AppData\Roaming\UserTile.png
[2009/09/24 07:34:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 07:34:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/08/16 03:06:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/15 04:04:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/10/22 15:20:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\CSDLGE1LIB.dll
[2007/09/18 23:12:57 | 000,032,345 | ---- | C] () -- C:\Windows\unvpeye.ini
[2007/05/30 17:53:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/30 17:52:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/05/30 09:40:56 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/30 09:38:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/30 09:38:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/30 09:38:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/30 09:38:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/30 09:38:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/30 09:38:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/30 09:31:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/30 09:29:39 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/30 09:29:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/30 09:29:39 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/30 09:29:39 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 001,640,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,602,790 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/13 17:19:12 | 008,701,824 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys
[2005/09/05 22:55:08 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/28 00:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2002/05/28 02:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll
[2001/06/24 10:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll

========== LOP Check ==========

[2011/03/23 05:25:20 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\BatteryCare
[2009/05/15 01:52:44 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/02/16 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Carl Zeiss
[2007/08/23 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\DesktopSMS
[2011/06/08 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\EndNote
[2009/11/03 12:41:15 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\GraphPad Software
[2007/10/30 23:24:04 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\LGSync
[2009/07/11 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\LimeWire
[2011/04/04 17:29:29 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\NCH Swift Sound
[2009/05/03 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Nokia
[2009/05/20 19:19:45 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Nseries
[2008/11/01 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\ourTunes
[2009/05/20 19:17:23 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\PC Suite
[2008/10/03 16:53:10 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Restorer
[2010/04/18 18:29:33 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\SPSSInc
[2011/06/07 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Tific
[2008/12/16 04:29:12 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Toshiba
[2010/02/16 14:20:50 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Trusteer
[2007/09/07 18:53:32 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Ulead Systems
[2011/06/30 03:06:36 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/06 01:45:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
[2011/07/06 01:41:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job

========== Purity Check ==========



< End of report >

#22 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 PM

Posted 05 July 2011 - 07:54 PM

Okay, that seems to have partly worked. One more run then

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/07/05 23:49:43 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{A3CAE6DF-7A8F-428A-8003-BE4EC87C4E80}
[2011/07/05 11:48:46 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{3167A185-1D23-4277-AC4A-010405DA2BDC}
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Again please scan with OTL and post the new log.

How is the PC doing now?
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#23 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 06 July 2011 - 02:33 AM

:OTL
[2011/07/05 23:49:43 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{A3CAE6DF-7A8F-428A-8003-BE4EC87C4E80}
[2011/07/05 11:48:46 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\{3167A185-1D23-4277-AC4A-010405DA2BDC}
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"




OTL logfile created on: 06/07/2011 02:10:36 - Run 3
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Arthu Dyer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.63 Mb Total Physical Memory | 123.07 Mb Available Physical Memory | 12.13% Memory free
2.42 Gb Paging File | 0.33 Gb Available in Paging File | 13.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 3.58 Gb Free Space | 6.40% Space Free | Partition Type: NTFS
Drive E: | 54.43 Gb Total Space | 54.34 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: ARTHURDYER-PC | User Name: Arthu Dyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Arthu Dyer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)


========== Modules (SafeList) ==========

MOD - C:\Users\Arthu Dyer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation)
MOD - C:\Program Files\Spyware Doctor\smumhook.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\klg.dat (PC Tools)


========== Win32 Services (SafeList) ==========

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (mchInjDrv) -- C:\Windows\System32\drivers\mchInjDrv.sys ()
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_26762) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys (Trusteer Ltd.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IKSysSec) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071119.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071119.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSvix86.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?FORM=M00UUK&Publ=BING&Crea=BAWL_SS1HP_1X1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Virtools SA)

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:08:18 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:08:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/04 10:35:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Arthu Dyer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 01:12:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/05 01:03:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Arthu Dyer\Desktop\OTL.exe
[2011/07/04 11:13:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/04 11:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/03 23:14:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/01 23:27:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/01 23:27:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/01 23:27:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/01 23:25:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/01 23:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/01 23:06:35 | 004,130,081 | R--- | C] (Swearware) -- C:\Users\Arthu Dyer\Desktop\comfix.exe.exe
[2011/06/29 23:48:48 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Arthu Dyer\Desktop\aswMBR.exe
[2011/06/29 23:35:54 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Arthu Dyer\Desktop\TDSSKiller.exe
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/19 23:10:26 | 000,607,310 | R--- | C] (Swearware) -- C:\Users\Arthu Dyer\Desktop\dds.scr
[2011/06/08 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.Data
[2011/06/07 22:19:11 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Local\Tific
[2011/06/07 22:19:10 | 000,000,000 | ---D | C] -- C:\Users\Arthu Dyer\AppData\Roaming\Tific
[2011/06/06 08:14:04 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2005/09/13 00:45:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2004/02/16 20:59:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[3 C:\Users\Arthu Dyer\Downloads\Documents\*.tmp files -> C:\Users\Arthu Dyer\Downloads\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 02:31:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job
[2011/07/06 02:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
[2011/07/06 02:26:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 01:13:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 01:13:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 23:26:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 23:15:37 | 000,002,560 | ---- | M] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2011/07/05 23:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/05 01:03:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arthu Dyer\Desktop\OTL.exe
[2011/07/04 23:45:29 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Arthu Dyer.job
[2011/07/04 10:35:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/04 05:26:29 | 004,130,081 | R--- | M] (Swearware) -- C:\Users\Arthu Dyer\Desktop\comfix.exe.exe
[2011/07/03 20:33:59 | 000,075,264 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\SystemLook.exe
[2011/06/30 21:50:31 | 000,080,384 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\MBRCheck (1).exe
[2011/06/30 20:56:28 | 000,000,512 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\MBR.dat
[2011/06/30 03:20:27 | 001,640,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/29 23:49:05 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Arthu Dyer\Desktop\aswMBR.exe
[2011/06/29 23:33:11 | 001,317,103 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\tdsskiller.zip
[2011/06/29 03:43:15 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/28 19:13:28 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Arthu Dyer\Desktop\TDSSKiller.exe
[2011/06/28 07:11:34 | 000,602,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/28 07:11:34 | 000,109,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/20 18:25:44 | 000,004,608 | ---- | M] () -- C:\Users\Arthu Dyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 23:09:42 | 000,607,310 | R--- | M] (Swearware) -- C:\Users\Arthu Dyer\Desktop\dds.scr
[2011/06/19 23:03:01 | 000,000,000 | ---- | M] () -- C:\Users\Arthu Dyer\defogger_reenable
[2011/06/08 23:33:57 | 000,025,114 | ---- | M] () -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.enl
[2011/06/08 16:55:36 | 000,002,627 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\Microsoft Office Word 2007.lnk
[2011/06/08 01:04:31 | 000,006,830 | ---- | M] () -- C:\Users\Arthu Dyer\Desktop\pUS901.plm
[2011/06/06 22:49:07 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[3 C:\Users\Arthu Dyer\Downloads\Documents\*.tmp files -> C:\Users\Arthu Dyer\Downloads\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/03 20:33:54 | 000,075,264 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\SystemLook.exe
[2011/07/01 23:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/01 23:27:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/01 23:27:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/01 23:27:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/01 23:27:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/30 21:50:30 | 000,080,384 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\MBRCheck (1).exe
[2011/06/30 20:56:27 | 000,000,512 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\MBR.dat
[2011/06/29 23:32:40 | 001,317,103 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\tdsskiller.zip
[2011/06/19 23:36:06 | 000,302,592 | ---- | C] () -- C:\Users\Arthu Dyer\Desktop\gmer.exe
[2011/06/19 23:03:01 | 000,000,000 | ---- | C] () -- C:\Users\Arthu Dyer\defogger_reenable
[2011/06/08 22:39:36 | 000,025,114 | ---- | C] () -- C:\Users\Arthu Dyer\Downloads\Documents\coursework biblio.enl
[2011/06/08 01:23:31 | 000,004,608 | ---- | C] () -- C:\Users\Arthu Dyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 22:49:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/22 03:28:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\np_plugin.dll
[2010/06/17 01:37:40 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2010/04/18 16:23:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/04/18 16:23:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/03/12 18:41:16 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/11/03 13:37:09 | 000,024,206 | ---- | C] () -- C:\Users\Arthu Dyer\AppData\Roaming\UserTile.png
[2009/09/24 07:34:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 07:34:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/08/16 03:06:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/15 04:04:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/10/22 15:20:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\CSDLGE1LIB.dll
[2007/09/18 23:12:57 | 000,032,345 | ---- | C] () -- C:\Windows\unvpeye.ini
[2007/05/30 17:53:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/30 17:52:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/05/30 09:40:56 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/30 09:38:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/30 09:38:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/30 09:38:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/30 09:38:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/30 09:38:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/30 09:38:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/30 09:31:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/30 09:29:39 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/30 09:29:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/30 09:29:39 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/30 09:29:39 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 001,640,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,602,790 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/13 17:19:12 | 008,701,824 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys
[2005/09/05 22:55:08 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/28 00:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2002/05/28 02:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll
[2001/06/24 10:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll

========== LOP Check ==========

[2011/03/23 05:25:20 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\BatteryCare
[2009/05/15 01:52:44 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/02/16 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Carl Zeiss
[2007/08/23 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\DesktopSMS
[2011/06/08 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\EndNote
[2009/11/03 12:41:15 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\GraphPad Software
[2007/10/30 23:24:04 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\LGSync
[2009/07/11 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\LimeWire
[2011/04/04 17:29:29 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\NCH Swift Sound
[2009/05/03 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Nokia
[2009/05/20 19:19:45 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Nseries
[2008/11/01 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\ourTunes
[2009/05/20 19:17:23 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\PC Suite
[2008/10/03 16:53:10 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Restorer
[2010/04/18 18:29:33 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\SPSSInc
[2011/06/07 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Tific
[2008/12/16 04:29:12 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Toshiba
[2010/02/16 14:20:50 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Trusteer
[2007/09/07 18:53:32 | 000,000,000 | ---D | M] -- C:\Users\Arthu Dyer\AppData\Roaming\Ulead Systems
[2011/06/30 03:06:36 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/06 02:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
[2011/07/06 02:31:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job

========== Purity Check ==========



< End of report >


the laptop seems good thanks but i still only have 2GB remaining on the C Drive and i've no idea why :S

#24 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 PM

Posted 06 July 2011 - 07:19 PM

C drive memory problems probably aren't being caused by malware. However, first we need to clean up here and then you should post a new topic in the Vista forum

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#25 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 PM

Posted 10 July 2011 - 05:18 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#26 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:31 PM

Posted 11 July 2011 - 08:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users