Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various programs not working


  • This topic is locked This topic is locked
10 replies to this topic

#1 sampace

sampace

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 11 July 2009 - 08:08 AM

Hi,
I had malware blocking me getting on certain websites (malwarebytes.com) and i found that i needed to rename the malwarebytes scan (mbam.exe) to get it to run. Got it to run and scan in safe mode and can now get on the malwarebytes website, so i thought i'd gotten rid of it, but i still have these following issues:
StopZilla fails on loading
Appcrash on trying the load Spybot Search and Destroy (but can run the update service and tea-timer)
MalwareBytes crashes scanning C:\Windows\System32\config\

hope someone here can help,

thanks.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Sam at 13:01:31.79 on 11/07/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2942.1339 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\dlcfcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\oodag.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\O2\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\myscan.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
C:\Windows\Explorer.EXE
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Sam\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk
uDefault_Page_URL = hxxp://www.google.co.uk
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
uSearchAssistant = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchURL = about:blank
mSearchAssistant = about:blank
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Google Update] "c:\users\sam\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\privoxy.lnk - c:\program files\privoxy\privoxy.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\npupyzys.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - HiddenExtension: Sotfone Tracker: No Registry Reference - c:\program files\mozilla firefox\extensions\sotfone-tracker@sotfone.ru
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-10 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-15 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-7 108552]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2008-7-14 25896]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-3-3 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-7-14 290304]

=============== Created Last 30 ================

2009-07-11 12:24 <DIR> --d----- c:\program files\Safer Networking
2009-07-11 11:51 <DIR> --d----- c:\program files\Privoxy
2009-07-11 11:46 <DIR> --d----- c:\program files\Ad Muncher
2009-07-11 10:07 <DIR> --d----- c:\program files\JavaFX
2009-07-11 10:05 <DIR> --d----- c:\program files\Sun
2009-07-11 01:57 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-10 23:47 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-10 23:47 <DIR> --d----- c:\programdata\Lavasoft
2009-07-10 23:47 <DIR> --d----- c:\program files\Lavasoft
2009-07-10 23:35 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 23:35 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 18:46 <DIR> --d----- c:\users\sam\appdata\roaming\Malwarebytes
2009-07-10 18:30 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 18:30 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-10 18:30 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-10 18:30 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-10 18:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 01:28 <DIR> --d----- c:\program files\STOPzilla!
2009-07-10 01:28 <DIR> --d----- c:\programdata\STOPzilla!
2009-07-10 01:28 <DIR> --d----- c:\program files\common files\iS3
2009-07-10 01:28 <DIR> --d----- c:\progra~2\STOPzilla!
2009-07-09 21:27 <DIR> a-d----- c:\programdata\TEMP
2009-07-09 21:26 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-07-09 21:26 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-16 19:27 <DIR> --d----- c:\users\sam\.smplayer

==================== Find3M ====================

2009-07-11 10:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-03 09:02 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 09:02 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-30 09:37 51,200 a------- c:\windows\inf\infpub.dat
2009-05-30 09:37 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-30 09:37 86,016 a------- c:\windows\inf\infstor.dat
2009-05-30 09:27 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-05-21 08:22 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-12 14:13 61,328 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-04-24 17:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-23 13:15 828,416 a------- c:\windows\system32\wininet.dll
2009-04-23 13:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 13:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-21 12:39 2,034,688 a------- c:\windows\system32\win32k.sys
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:03:50.99 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:37 AM

Posted 19 July 2009 - 03:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:37 AM

Posted 26 July 2009 - 06:59 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:37 AM

Posted 08 August 2009 - 12:16 PM

Topic reopened at starter's request.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 sampace

sampace
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 09 August 2009 - 03:13 AM

Sorry for the delay in reply, i've been away and unable to respond.

The issues are all still the same as outlined in my original post. But here is the updated files.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Sam at 12:38:30.59 on 08/08/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2942.1246 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\dlcfcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\oodag.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sam\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk
uDefault_Page_URL = hxxp://www.google.co.uk
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
uSearchAssistant = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchURL = about:blank
mSearchAssistant = about:blank
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\npupyzys.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\users\sam\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Sotfone Tracker: No Registry Reference - c:\program files\mozilla firefox\extensions\sotfone-tracker@sotfone.ru
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-10 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-15 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-7 108552]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-3-3 187904]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-10 38160]

=============== Created Last 30 ================

2009-08-08 10:54 <DIR> --d----- c:\users\sam\appdata\roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
2009-08-08 10:54 <DIR> --d----- c:\program files\Seesmic Desktop
2009-08-07 23:01 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-07-29 18:01 828,416 a------- c:\windows\system32\wininet.dll
2009-07-29 18:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-29 17:56 <DIR> --d----- c:\users\sam\appdata\roaming\Spotify
2009-07-29 17:56 <DIR> --d----- c:\program files\Spotify
2009-07-26 23:11 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-18 16:25 <DIR> --d----- c:\users\sam\appdata\roaming\AVG8
2009-07-14 21:32 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 21:32 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 21:32 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 21:32 23,552 a------- c:\windows\system32\lpk.dll
2009-07-14 21:32 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 17:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 17:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-07-14 17:15 178,432 a------- c:\windows\system32\xlive.dll.cat
2009-07-12 11:52 98 a------- c:\windows\WirelessFTP.INI
2009-07-11 19:08 167,180 a---h--- c:\windows\system32\mlfcache.dat
2009-07-11 18:15 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-11 18:15 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-11 18:14 <DIR> --d----- c:\program files\iPod
2009-07-11 18:14 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 18:14 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 12:24 <DIR> --d----- c:\program files\Safer Networking
2009-07-11 10:07 <DIR> --d----- c:\program files\JavaFX
2009-07-11 10:05 <DIR> --d----- c:\program files\Sun
2009-07-11 01:57 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-10 23:47 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-10 23:47 <DIR> --d----- c:\programdata\Lavasoft
2009-07-10 23:47 <DIR> --d----- c:\program files\Lavasoft
2009-07-10 23:35 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 23:35 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 18:46 <DIR> --d----- c:\users\sam\appdata\roaming\Malwarebytes
2009-07-10 18:30 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 18:30 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-10 18:30 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-10 18:30 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-10 18:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 01:28 <DIR> --d----- c:\program files\STOPzilla!
2009-07-10 01:28 <DIR> --d----- c:\programdata\STOPzilla!
2009-07-10 01:28 <DIR> --d----- c:\program files\common files\iS3
2009-07-10 01:28 <DIR> --d----- c:\progra~2\STOPzilla!
2009-07-09 21:27 <DIR> a-d----- c:\programdata\TEMP
2009-07-09 21:26 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-07-09 21:26 <DIR> --d----- c:\program files\SpywareBlaster

==================== Find3M ====================

2009-07-18 16:24 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 18:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-11 18:06 86,016 a------- c:\windows\inf\infstor.dat
2009-07-11 18:06 51,200 a------- c:\windows\inf\infpub.dat
2009-07-11 10:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-03 09:02 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-30 09:27 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-08-08 12:39 262,144 a--sh--- c:\windows\serviceprofiles\networkservice\ntuser.dat

============= FINISH: 12:42:54.95 ===============



thank you.

Attached Files



#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:37 AM

Posted 10 August 2009 - 01:50 PM

Hello sam,
I'll be helping you to hunt for, and help you remove found malwares.
You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for member sampace only. If you are a casual viewer, do NOT try this on your system!
If you are not sampace and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Given that this is a Vista system, on most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along.=

Show all files:
  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.
Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=
You must turn OFF Spybot's Tea Timer (it is active and will block any fixes we try}. See the next article below to turn it off.
You also need to verify that Ad-Aware AdWatch is not auto-started.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Right-Click on your MBAM MalwareBytes' Anti-Malware and select Run as Administrator to start it.

If and only if it does not start or run (give it a minute or two), then proceed forward to next task (below)

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.
Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

=

Next, Download RootRepeal:
http://rootrepeal.googlepages.com/RootRepeal.zip
  • Extract the archive to a folder you create such as C:\RootRepeal
  • RIGHT-click RootRepeal.exe and select Run as Administrator to launch the program
  • Click the "Files" tab (located at the bottom of the RootRepeal screen)
    Look at the Select Drives window.
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
    If there are other drives listed besides C: drive, make sure all have a checkmark and click OK.
  • Click the "Scan" button
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.
Next, RE-Enable your AntiVirus and AntiSpyware applications.

Next, Download OTL by OldTimer to your desktop: >> from here <<
  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.
Next, Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

=

Then copy/paste the following into your post (in order):
  • the MBAM scan log
  • the contents of OTL.txt;
  • the contents of Extras.txt
  • the contents of checkup.txt
  • and RootRepeal file scan log
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 sampace

sampace
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 12 August 2009 - 01:23 PM

Hi, thanks for the help.

I couldn't get MalwareBytes to run, so don't have the mbam log.

OTL.txt :

OTL logfile created on: 11/08/2009 20:37:30 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Sam\Documents\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 83.33% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.54 Gb Total Space | 74.33 Gb Free Space | 63.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 113.88 Gb Total Space | 35.61 Gb Free Space | 31.27% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAM-LAPTOP
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/02/18 11:39:22 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2007/07/27 22:24:46 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/07/27 22:24:46 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2009/04/10 23:27:38 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/21 03:23:59 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/09 15:02:08 | 01,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/07/10 10:24:10 | 00,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2007/12/15 15:29:06 | 00,184,320 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2008/01/17 16:27:52 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/25 13:33:50 | 00,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/01/22 14:25:26 | 00,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/06/01 09:52:10 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
PRC - [2006/09/08 14:54:30 | 00,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2007/09/28 17:03:46 | 00,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/07/11 10:05:05 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/12/29 10:06:02 | 00,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/03 09:02:22 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/12/25 14:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/01 22:15:50 | 00,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcfcoms.exe
PRC - [2006/09/08 15:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2009/05/21 08:22:13 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/09/08 15:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2007/12/03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe
PRC - [2007/02/12 16:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/06/07 16:19:40 | 00,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe
PRC - [2008/01/21 17:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/11/21 18:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2008/01/17 16:27:34 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/09/28 17:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/12/03 17:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/10/17 22:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2009/07/18 16:24:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/28 23:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/07/03 09:02:36 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2007/06/01 09:52:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/01/21 03:23:58 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2009/04/10 23:28:16 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/07/28 23:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2007/12/25 14:06:52 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/04/10 23:28:10 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/21 03:25:56 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/03 09:02:37 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/03 09:02:29 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/03 15:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/04/10 23:28:10 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/07/03 15:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/07/28 23:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/08/11 20:35:33 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/07/27 22:24:46 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2009/07/18 16:24:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/07/03 09:02:22 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/12/25 14:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto | Running])
SRV - [2006/11/01 22:15:50 | 00,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcfcoms.exe -- (dlcf_device [Auto | Running])
SRV - [2009/04/10 23:28:26 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/11/13 20:16:26 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/02/18 11:39:22 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2008/03/03 18:38:31 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/02/18 11:38:44 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2009/07/03 15:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2007/12/03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2009/02/18 11:38:44 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/12/13 19:10:56 | 00,447,784 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe -- (O&O Defrag [Auto | Running])
SRV - [2007/02/12 16:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2007/06/07 16:19:40 | 00,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2 [Auto | Running])
SRV - [2007/07/27 05:39:32 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2009/05/28 14:18:18 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver [Auto | Stopped])
SRV - [2008/01/21 17:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2007/11/21 18:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2008/01/17 16:27:34 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV - [2007/09/28 17:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2007/12/03 17:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto | Running])
SRV - [2008/01/21 03:23:59 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 03:25:56 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2007/10/17 22:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/21 03:23:45 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/21 03:23:50 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/21 03:23:50 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/21 03:23:51 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/21 03:23:26 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2007/11/27 09:39:40 | 00,164,400 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2008/01/21 03:23:48 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/21 03:23:49 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/07/27 22:36:40 | 02,929,664 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2006/10/30 10:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV - [2009/07/18 16:24:21 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/03 09:02:37 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/21 08:22:13 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 03:23:26 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/02/01 11:46:08 | 00,187,904 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService [On_Demand | Running])
DRV - [1998/07/10 04:31:00 | 00,007,328 | ---- | M] () -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D [Auto | Stopped])
DRV - [2008/01/21 03:23:49 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 03:23:46 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/22 10:01:48 | 00,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2008/07/19 16:58:50 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2008/01/21 03:23:51 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/11/01 00:51:26 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/11/01 00:47:54 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2008/01/21 03:23:47 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2009/07/03 15:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/01/21 03:23:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/21 03:23:50 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/21 03:23:47 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])
DRV - [2006/06/18 21:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/01/21 03:23:51 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/21 03:23:51 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/01/21 03:23:45 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/21 03:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/01/15 10:34:58 | 00,048,472 | ---- | M] (O2Micro ) -- C:\Windows\System32\DRIVERS\o2media.sys -- (O2MDRDR [On_Demand | Running])
DRV - [2006/09/27 22:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/04/09 16:13:00 | 00,008,192 | ---- | M] (TOSHIBA) -- C:\Windows\System32\DRIVERS\QIOMem.sys -- (QIOMem [On_Demand | Running])
DRV - [2008/01/21 03:23:49 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/01/21 03:25:17 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/12/26 10:20:32 | 00,290,304 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\DRIVERS\RTL8187B.sys -- (RTL8187B [On_Demand | Running])
DRV - [2007/04/23 10:50:50 | 00,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\DRIVERS\rtlprot.sys -- (RtlProt [System | Running])
DRV - [2007/04/03 13:57:42 | 00,083,336 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116bus.sys -- (s116bus [On_Demand | Stopped])
DRV - [2007/04/03 13:57:48 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116mdfl.sys -- (s116mdfl [On_Demand | Stopped])
DRV - [2007/04/03 13:57:48 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116mdm.sys -- (s116mdm [On_Demand | Stopped])
DRV - [2007/04/03 13:57:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116mgmt.sys -- (s116mgmt [On_Demand | Stopped])
DRV - [2007/04/03 13:57:52 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116nd5.sys -- (s116nd5 [On_Demand | Stopped])
DRV - [2007/04/03 13:57:52 | 00,098,696 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116obex.sys -- (s116obex [On_Demand | Stopped])
DRV - [2007/04/03 13:57:54 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116unic.sys -- (s116unic [On_Demand | Stopped])
DRV - [2006/03/18 03:24:59 | 00,026,844 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2001/06/21 21:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2008/01/21 03:23:51 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2001/06/21 21:39:02 | 00,020,032 | R--- | M] (Rainbow Technologies Inc.) -- C:\Windows\System32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])
DRV - [2005/08/17 08:45:00 | 00,058,352 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2005/08/17 08:46:20 | 00,008,272 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2005/08/17 08:46:26 | 00,093,872 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2009/05/12 14:13:12 | 00,061,328 | R--- | M] (iS3 Inc.) -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5 [Boot | Running])
DRV - [2006/10/18 12:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2006/10/10 20:33:00 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\DRIVERS\tosporte.sys -- (tosporte [On_Demand | Running])
DRV - [2007/12/26 15:11:30 | 00,131,584 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\DRIVERS\tosrfbd.sys -- (tosrfbd [On_Demand | Running])
DRV - [2007/11/29 10:45:44 | 00,036,608 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\Drivers\tosrfbnp.sys -- (tosrfbnp [On_Demand | Running])
DRV - [2007/10/02 12:43:22 | 00,064,128 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\Drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
DRV - [2006/10/23 17:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Running])
DRV - [2007/11/29 17:47:36 | 00,074,240 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid [On_Demand | Running])
DRV - [2005/01/07 06:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\tosrfnds.sys -- (tosrfnds [On_Demand | Running])
DRV - [2007/10/18 15:25:00 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\DRIVERS\tosrfusb.sys -- (Tosrfusb [On_Demand | Running])
DRV - [2008/01/21 16:42:24 | 00,285,184 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32 [Boot | Running])
DRV - [2007/11/09 14:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV - [2008/01/21 03:23:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/21 03:23:47 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2007/12/17 11:45:20 | 00,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2008/01/21 03:23:26 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/21 03:23:48 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/11/01 00:47:08 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/10/17 22:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
DRV - [2007/12/06 10:51:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.2
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:0.5.9
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20081111
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.5
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/03 09:05:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 12:12:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 12:12:34 | 00,000,000 | ---D | M]

[2008/07/14 20:44:17 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions
[2008/07/14 20:44:17 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/11 19:19:33 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions
[2009/02/08 23:00:59 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008/10/25 01:14:58 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2009/02/08 23:00:52 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/11/21 21:27:05 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/02/06 19:41:22 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2009/01/19 19:45:51 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/08 23:00:44 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/12/26 10:44:18 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2008/10/25 01:14:57 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\npupyzys.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008/07/14 21:24:52 | 00,001,504 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\FireFox\Profiles\npupyzys.default\searchplugins\imdb.xml
[2008/07/15 00:57:09 | 00,000,276 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\FireFox\Profiles\npupyzys.default\searchplugins\search.xml
[2008/07/15 23:34:57 | 00,001,779 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\FireFox\Profiles\npupyzys.default\searchplugins\torrentz-search.xml
[2009/08/11 19:29:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 12:12:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/11 10:05:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2008/07/15 00:57:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\sotfone-tracker@sotfone.ru
[2009/08/04 12:12:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 12:12:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/02/27 17:57:38 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/07/11 10:05:05 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/04 12:12:31 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/11 18:10:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/11 18:10:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/11 18:10:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/11 18:10:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/11 18:10:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/11 18:10:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/11 18:10:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/03 13:04:33 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/07/03 13:04:33 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/03 13:04:33 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/07/03 13:04:34 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/03 13:04:34 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/07/03 13:04:34 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/03 13:04:34 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/03 13:04:34 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (306485 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10553 more lines...
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLCFCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DestroyTwitter.lnk = C:\Program Files\DestroyTwitter\DestroyTwitter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\C:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/08/11 20:13:06 | 00,000,000 | ---- | C] () -- C:\Users\Sam\Desktop\settings.dat
[2009/08/11 20:12:44 | 00,470,528 | ---- | C] ( ) -- C:\Users\Sam\Desktop\RootRepeal.exe
[2009/08/11 19:56:46 | 24,554,4996 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/08/10 19:16:56 | 00,010,719 | ---- | C] () -- C:\Users\Sam\Desktop\Book1.xlsx
[2009/08/09 10:49:50 | 00,000,853 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DestroyTwitter.lnk
[2009/08/09 10:48:45 | 00,000,000 | ---D | C] -- C:\Users\Sam\Documents\DestroyToday
[2009/08/09 10:47:44 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1
[2009/08/09 10:47:34 | 00,000,817 | ---- | C] () -- C:\Users\Public\Desktop\DestroyTwitter.lnk
[2009/08/09 10:47:32 | 00,000,000 | ---D | C] -- C:\Program Files\DestroyTwitter
[2009/08/08 10:57:58 | 00,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Chloe's files
[2009/08/08 10:54:49 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/08/08 10:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/08/07 23:01:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/08/04 15:36:39 | 00,000,000 | R--D | C] -- C:\Users\Sam\Documents\Scanned Documents
[2009/08/04 15:36:37 | 00,000,000 | ---D | C] -- C:\Users\Sam\Documents\Fax
[2009/07/29 18:01:24 | 03,599,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/29 18:01:20 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/29 18:01:18 | 01,167,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/29 18:01:17 | 00,828,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/29 18:01:17 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/29 18:01:15 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/29 17:56:58 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Spotify
[2009/07/29 17:56:58 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Spotify
[2009/07/29 17:56:56 | 00,000,793 | ---- | C] () -- C:\Users\Sam\Desktop\Spotify.lnk
[2009/07/29 17:56:52 | 00,000,000 | ---D | C] -- C:\Program Files\Spotify
[2009/07/27 17:46:38 | 00,000,162 | -H-- | C] () -- C:\Users\Sam\Desktop\~$ployment (1).docx
[2009/07/27 17:40:59 | 00,000,162 | -H-- | C] () -- C:\Users\Sam\Desktop\~$vering letter.doc
[2009/07/26 23:11:14 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/07/18 16:25:47 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\AVG8
[2009/07/14 21:32:38 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/14 21:32:37 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/14 21:32:37 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/14 21:32:37 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/14 21:32:37 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/14 17:17:04 | 15,308,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2009/07/14 17:17:04 | 13,642,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2009/07/14 17:15:00 | 00,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/12 11:52:04 | 00,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009/05/30 00:50:37 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/31 20:19:58 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/10/19 23:33:22 | 00,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/22 16:03:36 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2008/09/20 19:24:11 | 00,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008/09/07 13:19:32 | 00,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/09/07 12:29:24 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/08/19 20:51:54 | 00,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI
[2008/08/06 08:28:55 | 00,000,413 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/05 00:10:26 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/05 00:10:03 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/05 00:10:02 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/05 00:10:01 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/05 00:09:57 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/05 00:09:57 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/07/31 00:35:00 | 00,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008/07/19 16:58:51 | 00,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2008/07/19 16:58:48 | 00,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2008/07/14 12:48:34 | 00,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/07/14 12:27:34 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2008/03/04 07:26:30 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/03/03 18:07:56 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/03/03 18:07:56 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/03/03 18:07:56 | 00,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/03/03 18:07:56 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/03/03 17:58:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/28 18:01:42 | 00,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 18:01:06 | 00,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 17:53:02 | 06,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 17:53:02 | 00,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 17:53:02 | 00,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 17:52:28 | 00,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 17:46:32 | 00,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 11:23:31 | 00,000,660 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 11:23:31 | 00,000,292 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/28 10:31:44 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcfcoin.dll
[2006/10/20 13:42:24 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlcfinsr.dll
[2006/10/20 13:42:18 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcfcur.dll
[2006/10/20 13:41:46 | 00,131,072 | ---- | C] () -- C:\Windows\System32\dlcfjswr.dll
[2006/10/20 13:37:22 | 00,221,184 | ---- | C] () -- C:\Windows\System32\dlcfinsb.dll
[2006/10/20 13:37:16 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcfcub.dll
[2006/10/20 13:37:00 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcfcu.dll
[2006/10/20 13:36:54 | 00,159,744 | ---- | C] () -- C:\Windows\System32\dlcfins.dll
[2006/10/20 13:35:36 | 00,434,176 | ---- | C] () -- C:\Windows\System32\dlcfutil.dll
[2006/10/11 18:01:40 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcfpmui.dll
[2006/10/11 17:59:56 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcfserv.dll
[2006/10/11 17:54:10 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcfcomm.dll
[2006/10/11 17:52:34 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcflmpm.dll
[2006/10/11 17:51:16 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcfiesc.dll
[2006/10/11 17:48:58 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcfpplc.dll
[2006/10/11 17:48:14 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcfcomc.dll
[2006/10/11 17:47:42 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcfprox.dll
[2006/10/11 17:41:42 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcfinpa.dll
[2006/10/11 17:41:04 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcfusb1.dll
[2006/10/11 17:37:14 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcfhbn3.dll
[2006/09/06 05:27:08 | 00,069,632 | ---- | C] () -- C:\Windows\System32\dlcfcfg.dll
[2005/08/18 06:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcfvs.dll
[2005/07/22 22:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Files - Modified Within 30 Days ==========

[2009/08/11 20:13:06 | 00,000,000 | ---- | M] () -- C:\Users\Sam\Desktop\settings.dat
[2009/08/11 20:10:52 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/11 20:02:22 | 39,735,262 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/11 20:02:22 | 00,060,374 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/11 19:59:22 | 00,000,853 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DestroyTwitter.lnk
[2009/08/11 19:57:40 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/11 19:57:40 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/11 19:57:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/11 19:57:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/11 19:56:48 | 30,853,61152 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/11 19:56:46 | 24,554,4996 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/11 19:56:46 | 00,139,193 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2009/08/11 19:44:04 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292554269-3089399838-3337987015-1000UA.job
[2009/08/11 19:28:54 | 00,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292554269-3089399838-3337987015-1000Core.job
[2009/08/10 20:35:48 | 00,094,208 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 19:16:58 | 00,010,719 | ---- | M] () -- C:\Users\Sam\Desktop\Book1.xlsx
[2009/08/09 22:04:36 | 02,677,318 | -H-- | M] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2009/08/09 10:47:34 | 00,000,817 | ---- | M] () -- C:\Users\Public\Desktop\DestroyTwitter.lnk
[2009/08/09 10:42:19 | 00,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
[2009/08/02 18:47:55 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/07/30 15:45:38 | 00,470,528 | ---- | M] ( ) -- C:\Users\Sam\Desktop\RootRepeal.exe
[2009/07/29 17:56:56 | 00,000,793 | ---- | M] () -- C:\Users\Sam\Desktop\Spotify.lnk
[2009/07/27 17:46:38 | 00,000,162 | -H-- | M] () -- C:\Users\Sam\Desktop\~$ployment (1).docx
[2009/07/27 17:40:59 | 00,000,162 | -H-- | M] () -- C:\Users\Sam\Desktop\~$vering letter.doc
[2009/07/20 23:10:10 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/20 23:10:10 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/20 23:10:10 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/18 17:01:48 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/18 16:24:21 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/18 16:18:24 | 01,710,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/18 12:35:05 | 00,828,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/18 12:34:58 | 01,167,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/18 12:33:22 | 03,599,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/18 12:32:53 | 06,079,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/18 10:20:11 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/14 17:17:04 | 15,308,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2009/07/14 17:17:04 | 13,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2009/07/14 17:15:00 | 00,178,432 | ---- | M] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2009/08/09 10:47:44 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming
[2008/07/28 20:10:23 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ahead
[2009/03/20 21:30:44 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Any Video Converter
[2009/08/09 10:47:44 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1
[2008/07/14 12:50:44 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ATI
[2009/08/08 10:54:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2008/08/19 22:42:57 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\CyberLink
[2008/11/27 19:55:18 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Digsby
[2009/08/03 11:53:06 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\dvdcss
[2009/01/31 20:32:24 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Samsung
[2008/07/18 01:10:45 | 00,000,000 | RH-D | M] -- C:\Users\Sam\AppData\Roaming\SecuROM
[2008/07/18 01:11:19 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SPORE Creature Creator
[2008/07/19 11:23:38 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive
[2009/08/08 09:15:10 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify
[2008/07/14 20:47:05 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TOSHIBA
[2009/08/11 19:47:39 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent
[2009/07/10 23:48:18 | 00,000,458 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/08/11 19:28:54 | 00,000,846 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-292554269-3089399838-3337987015-1000Core.job
[2009/08/11 19:44:04 | 00,000,898 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-292554269-3089399838-3337987015-1000UA.job
[2009/08/11 19:57:37 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/09 22:04:45 | 00,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

Extras.txt:

OTL Extras logfile created on: 11/08/2009 20:37:30 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Sam\Documents\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 83.33% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.54 Gb Total Space | 74.33 Gb Free Space | 63.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 113.88 Gb Total Space | 35.61 Gb Free Space | 31.27% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAM-LAPTOP
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-292554269-3089399838-3337987015-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D746F01-E9EC-4B77-98A7-A49897E2A023}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{117B63BA-A47A-4F1C-99E3-246FBD7BA988}" = lport=445 | protocol=6 | dir=in | app=system |
"{1AF0ADEC-D18F-4BD1-A2BF-16A57B3236FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1B883AE7-F995-44A7-8474-148C197A1A24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1ED40A45-7FE6-4EBB-BF22-052F6582EF2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B9A2812-66A6-42EC-8C49-AE20CEACED42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2E424044-8BBA-4176-907D-9A88F835B6DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{34DCC2A3-EEEB-4FF3-853D-F41034C0795C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{34EB357A-E50A-49D7-AE2A-D2EAD149F265}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3CA66277-BC8B-4940-8C34-7F43CBB65F99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4978CA5C-F76C-4831-BA9B-DE1A6D0E8AD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4AC57BE1-6915-4C87-BAB2-20305EE3B156}" = rport=137 | protocol=17 | dir=out | app=system |
"{573CDAB2-8947-4E9A-A2BB-3C95A6F78EF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{5A994AFB-2CA2-4189-8703-215057FEA5E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C7A99E8-A98D-4CAC-9D74-9ED5EA92AFE5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6319B406-5A60-465F-91FD-11E83D85A053}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{68AE2D55-5C62-4785-86FD-C7791DB1D0F0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{74C0A48B-A1A4-4532-AE8A-787B514EA609}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7BC26820-C1A4-4754-8CAB-C32AF158B03F}" = rport=138 | protocol=17 | dir=out | app=system |
"{8328589C-6008-4D71-AB2A-4AB6EA92B6B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{868E0520-9B94-481E-983A-857C89BBD0EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C78FF89-03DA-4BA1-97A7-5FAD2C6F19F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F50837D-E80A-4047-8D82-2B5E0C88661F}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FC98024-074D-497F-A1CC-C0FC3C42186F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C6114788-02BB-43C1-931A-71623980F0BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DD657E4E-EDD9-4F38-BDB7-4177AA32C977}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD879D45-872B-46D1-AC5E-54AC6A7C00E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E4EE8E45-BCC0-4CBE-894B-B7B80CC82077}" = lport=139 | protocol=6 | dir=in | app=system |
"{F7A00D7D-8B5F-4D2D-B08C-70299923D9E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009B9751-CD08-4D42-A76D-80512CFC7538}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{0357FB90-F36C-48E8-88A7-CEBDBB23ADC4}" = protocol=6 | dir=in | app=c:\program files\o2\bin\wificfg.exe |
"{0362E6EF-89AD-4A8F-A21A-4CF78D823E78}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{0A7CC922-0112-4E89-A86A-D7EE14242007}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0CE7860F-B14C-451A-8ADA-BD9668E5F4AF}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{14A3DA94-0DC5-4FEE-8D4E-A975DF665370}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{16B23730-F344-4317-AC3C-9382DBACF52F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19B2F052-D737-44A8-85AD-65576E8EC309}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\update.exe |
"{1E036455-BB34-4F49-8B3A-3A2DD29C6008}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{202ABF04-68B0-43A1-A59C-3C12E3541EB3}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{28F03DD0-D64F-40B6-89D9-D4358DD4F892}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{2E5096A7-784E-4648-B8F3-6C547B982FE8}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{4A03DFEE-C39C-46FE-A9EE-81CCC431F775}" = protocol=6 | dir=out | app=system |
"{4CFD1558-E63D-4415-8B90-AB1C6CEEB0DA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4EA31994-E9A3-4251-9898-6B15548EF88D}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{57B25547-0FFB-453F-A43F-6D0BC50244C9}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{5877B49C-1FDC-46A5-9D4D-2047BE0245B9}" = protocol=6 | dir=in | app=c:\users\sam\appdata\local\google\chrome\application\chrome.exe |
"{5ACCC5C4-55C7-4D56-BD11-11C2D684E05F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C4BC171-1504-4FF7-9E0E-D600002884DD}" = protocol=6 | dir=in | app=c:\program files\common files\supportsoft\bin\ssrc.exe |
"{6263D765-B041-425A-AA99-D367D3C0D0E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{65C48051-EA8E-4B98-BE64-032A14E9C308}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{66DDB26D-6284-41C8-93FD-B86A25075532}" = protocol=17 | dir=in | app=c:\program files\common files\supportsoft\bin\ssrc.exe |
"{6C32AC56-A076-489B-9897-AEF63E79055A}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{6F5BBE4A-DF3F-4B6E-A61C-5F254C64A058}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7157C87F-9F40-4581-A5FD-91215770F6CB}" = protocol=17 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{75AF8BCF-5D75-4BA0-9273-C69DFDBF0507}" = protocol=6 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{8181DD9F-62B9-4B9B-AE00-B5872E09B475}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{81C40F1C-9DB7-474A-8E2C-B6EEC318BAF0}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{884154C8-AEA5-4A57-9E73-5CD10C583667}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{89493923-D94E-41B7-83D9-387B3F189D00}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe |
"{8A348D28-BAE4-4F38-94C6-718BFF1C06B0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{8BCC3463-BCB2-41EE-9F51-ADF18FCC4B7B}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{8ED8519A-D4FC-4123-957C-D235B10D678E}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe |
"{9059129B-3096-4EFC-B3E2-89BAAC3F5AFD}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9469523F-768D-42DD-A9DF-DD3FBBE80904}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware se professional\ad-aware.exe |
"{9586BA06-40FC-4A72-8CC9-AFEE17C50188}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{9B102ED2-3F8B-42F7-9A0E-1D39FB473E32}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{9F2273FE-75A2-46CD-862C-6A2BE8D64D48}" = protocol=17 | dir=in | app=c:\program files\o2\bin\wificfg.exe |
"{A253EFC1-4314-4C38-86AF-09AD5D9E19A6}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware se professional\ad-aware.exe |
"{A4949507-870A-4CAB-90E3-DA2F934A44C8}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A5C1E5FB-C55C-4456-9C1A-021AC94B7BF2}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe |
"{A6DDD196-A04E-455A-9951-7A38BD6D33E1}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{A9299AAC-FBF9-4A64-9595-028A62089EC3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB42FCEF-33B9-4BDD-A5B4-5E3C40CED1DC}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{AF51C9A8-EE27-4415-B97F-F1B4CCDD14CB}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\update.exe |
"{AFA4679E-A53E-4FEE-9688-10ED809B045A}" = protocol=17 | dir=in | app=c:\users\sam\appdata\local\google\chrome\application\chrome.exe |
"{B0BDCF06-F8DF-478A-A329-13E416F88529}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C0FC1F02-20CD-4D5E-B199-E78F82F13237}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C5D0AE5C-C5AE-42BA-9FAD-3EBC26CF1DF5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C8B7E572-3379-4975-AB83-722D79C80823}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe |
"{CF14690E-5693-404D-AD2A-F32D96550DC2}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{D1FE38A4-F44C-4AAF-AD13-A51F9A2E7907}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D4211225-7D94-4D4C-BA73-98D4495EB979}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7CBAA88-AECF-49EE-A9A1-77F1E520C618}" = protocol=17 | dir=in | app=c:\program files\o2\agent\bin\bcont.exe |
"{D9E30674-480D-4E28-AE0B-39FF9771D9FD}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{DB0D159F-F97D-4F18-9F09-24B8C7CCF08E}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{E4985156-2C77-4AA0-9874-6268A9225696}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E780E509-E77B-4343-A742-B49BD6C3C0AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7CEF267-57D2-4C05-9AF5-124BBE19C493}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{E9762EE3-BB1A-4CE3-830A-1EAD7D2EED3F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{EBB4D5E1-78B6-4C69-A4C3-D00DC1FF4762}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC54379B-65D9-46D2-BE9F-3949D057FE4C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ECEB82E5-8A97-4ED9-B7EE-71554DF1A23F}" = protocol=6 | dir=in | app=c:\program files\o2\agent\bin\bcont.exe |
"{F6BEBA00-23A8-4788-81A9-30CC38B269CF}" = protocol=6 | dir=in | app=c:\program files\o2\agent\bin\bcont_nm.exe |
"{F9B28E25-1A60-4195-88AF-BF567CF3B55C}" = protocol=17 | dir=in | app=c:\program files\o2\agent\bin\bcont_nm.exe |
"TCP Query User{BB885734-4BE2-47CC-9158-901EF42AC3C2}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{BFDEF694-8675-46B7-9937-9ED5E9CA4368}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{CF0A0483-8440-436F-90D6-64FD434E0E3F}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{2FC52780-4B56-4C4A-AC86-99F66D6146FE}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7BAC2F40-5CD6-4CE7-9A6F-C87360174E7C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D885374C-9602-4D22-AEC2-9DFCAA6F656C}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{02DD09E1-3365-75C2-BFD0-43412EEFB45E}" = CCC Help Finnish
"{033649DD-2651-D029-5663-29E61094E7E8}" = Catalyst Control Center Core Implementation
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A084990-69FE-6D33-4BD0-AD6FD8AE57E8}" = CCC Help Japanese
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{11E2CEB4-09B4-1392-392D-4FAA23B88AF8}" = CCC Help Italian
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1365D613-47EA-38F7-BD83-0F1A8E6AFAAE}" = CCC Help Polish
"{13724A20-DD11-CD8A-AA15-234594862F13}" = DestroyTwitter
"{160D6F45-15AF-10A2-DC61-FB4FE5CBE9BA}" = Skins
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18796D6B-60D7-2771-D145-90A366A9A78D}" = CCC Help German
"{1ABBBBA0-A790-3C9D-F806-A14140BCDFBF}" = ccc-utility
"{1F26C039-E655-91CB-E3AD-82A272BCD8B6}" = CCC Help English
"{2015087B-31D9-8661-5A9C-B1EA6D3C22C0}" = CCC Help Turkish
"{202B6750-A01B-A7BD-7D0B-ADE001239C04}" = CCC Help Hungarian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2547290E-8DDF-7479-4E73-9CFE99989F08}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{28E9B542-E70C-8C81-D5A9-D4410FDDA1D8}" = Catalyst Control Center Localization Korean
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B95D414-26A8-8DD6-567E-E58B2C0CAF69}" = CCC Help Czech
"{2EB5618E-E9CB-436A-841E-E68767E63A01}" = STOPzilla
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{3347DE17-A1EE-16C6-A7B0-F474FB3B985A}" = Catalyst Control Center Localization Dutch
"{353A838E-85B5-F8E7-FABA-EA2055DD4418}" = ccc-core-static
"{35691D1C-EBA1-D1BF-53D0-00BD59713DF5}" = Catalyst Control Center Localization Finnish
"{36F7B270-B9EF-E9AB-87AE-67FE6EBD232B}" = CCC Help Danish
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38767763-328D-7529-7E25-909C15ED2A87}" = Catalyst Control Center Localization Russian
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA3B438-18DB-97BE-FB52-AEF329CF85E5}" = Catalyst Control Center Localization Hungarian
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46516ED6-47E6-31C1-F3A7-1D280FBA6438}" = Catalyst Control Center Localization Portuguese
"{46EB4EC8-F43A-D6D9-97EB-A23B625BD8C9}" = CCC Help Korean
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX™ 1.2 SDK
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F3D958A-ADBF-98D0-5F7C-25B61B9FC941}" = Catalyst Control Center Graphics Previews Vista
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{60D1F96A-1858-6EFC-1303-425BA95DB80E}" = Catalyst Control Center Localization Japanese
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61CA53F0-C162-DD83-64CA-3746A5ECA94A}" = Catalyst Control Center Localization Danish
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6717AD52-855E-BA83-C733-151C5D9EAFF5}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}" = Maya 2008 Documentation (en_US)
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7613C81D-378E-BECD-0FFC-8C4345FAD40C}" = ATI Catalyst Install Manager
"{76F0B78F-8E7F-1FD5-5A16-4D7DE94871B1}" = Catalyst Control Center Localization Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B5F16F1-6929-74B3-6265-62DBD5AC997F}" = Catalyst Control Center Localization Turkish
"{7CC30050-DAEC-8076-8DC9-30012A0B5EC9}" = CCC Help Greek
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE70EF8-F70C-E35C-CC76-AD0B85827C08}" = Catalyst Control Center Graphics Full Existing
"{8CF50625-4147-9026-6BF2-8AB7CE8ABE93}" = Catalyst Control Center Localization Polish
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{949D54CF-E476-30C5-42A8-69C75C51A875}" = CCC Help Swedish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97E9C12B-1319-B6AF-39E4-E8204C887564}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A58DF0E3-4A0C-2BCE-0761-A04A38302E61}" = CCC Help Thai
"{A8432E22-FDAD-02FE-6FD5-E1395C186FBB}" = Catalyst Control Center Localization Italian
"{A871F719-F328-8A59-951E-C57E165DA65A}" = Catalyst Control Center Localization French
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD8178D1-B2E2-43E7-63E4-1320DD2E0F27}" = Catalyst Control Center Localization Chinese Standard
"{B063AFC7-F4E1-8164-6FA9-DC72C7A5DC22}" = Catalyst Control Center Localization Swedish
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6A7D977-9617-6175-8B4C-F365B1C0E75E}" = Catalyst Control Center Graphics Full New
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BDD9AC08-2895-DE6A-2539-F026FC3A7905}" = CCC Help Portuguese
"{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C606A7D5-6F16-8D93-CB93-3CD545F0FD90}" = Catalyst Control Center Localization Spanish
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CBA24065-7561-3A01-B624-620C4B5532E7}" = CCC Help French
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D79B4F31-E69A-04C3-C5C9-9CB8DD0F2331}" = CCC Help Russian
"{D819A5E4-30CB-0D5E-2034-B16A9342F0DB}" = Catalyst Control Center Localization Greek
"{D915CDB9-E57D-FF82-251B-83776E954615}" = Catalyst Control Center Localization Thai
"{D962B2EA-1848-3A51-CB4A-45C82D4FF543}" = Catalyst Control Center Localization German
"{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}" = Maya 2008
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC91AE54-9AA2-2CB2-180A-36B16069FB47}" = Catalyst Control Center Localization Czech
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DED6CDFB-5C63-DA19-8CD1-1EE016717139}" = CCC Help Chinese Traditional
"{E1266AC2-A3B5-1FBC-4776-16AF83C22E26}" = CCC Help Dutch
"{E56E2DFF-9B53-E03A-4913-57F35764C659}" = Catalyst Control Center Localization Norwegian
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B5F5E7-51B6-D334-D953-35B847A81AC7}" = CCC Help Spanish
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Any Video Converter_is1" = Any Video Converter 2.7.1
"app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1" = DestroyTwitter
"AVG8Uninstall" = AVG Free 8.5
"avi2divx_is1" = avi2divx
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digsby" = Digsby
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.8.3
"DVDx_is1" = DVDx
"FLV Player" = FLV Player 2.0 (build 25)
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.0 (Full)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"Rainbow Sentinel Driver" = Sentinel System Driver
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TVAnts 1.0" = TVAnts 1.0
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/08/2009 13:21:03 | Computer Name = Sam-Laptop | Source = Defrag | ID = 131082
Description = Analysis of volume C: (NTFS) encountered the following error: 0xC0000011

Error - 08/08/2009 13:21:03 | Computer Name = Sam-Laptop | Source = Defrag | ID = 131082
Description = Analysis of volume E: (NTFS) encountered the following error: 0xC0000011

Error - 08/08/2009 13:21:03 | Computer Name = Sam-Laptop | Source = Defrag | ID = 131082
Description = Analysis of volume NTFS (NTFS) encountered the following error: 0xC0000011

Error - 08/08/2009 13:22:58 | Computer Name = Sam-Laptop | Source = SPP | ID = 16387
Description =

Error - 08/08/2009 13:22:58 | Computer Name = Sam-Laptop | Source = System Restore | ID = 8193
Description =

Error - 08/08/2009 13:22:58 | Computer Name = Sam-Laptop | Source = System Restore | ID = 8210
Description =

Error - 08/08/2009 13:32:01 | Computer Name = Sam-Laptop | Source = VSS | ID = 13
Description =

Error - 08/08/2009 13:32:01 | Computer Name = Sam-Laptop | Source = VSS | ID = 12289
Description =

Error - 08/08/2009 13:32:01 | Computer Name = Sam-Laptop | Source = VSS | ID = 13
Description =

Error - 08/08/2009 13:32:01 | Computer Name = Sam-Laptop | Source = VSS | ID = 12289
Description =

[ System Events ]
Error - 07/01/2009 18:13:35 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 07/01/2009 18:14:06 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 07/01/2009 18:14:36 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 07/01/2009 18:15:06 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 07/01/2009 18:26:23 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 08/01/2009 05:36:46 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 08/01/2009 05:37:16 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 08/01/2009 05:37:47 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 08/01/2009 05:38:23 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 08/01/2009 05:38:55 | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Checkup.txt:

Results of screen317's Security Check version 0.98.7
Windows Vista Service Pack 2
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 8.5


Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SpywareBlaster 4.2
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 14
Java™ SE Development Kit 6 Update 14
JavaFX™ 1.2 SDK
Java DB 10.4.2.1
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!


``````````````````````````````
DNS Vulnerability Check:

GREAT! (Very random)

`````````End of Log```````````

RootRepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 20:33
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Avenger\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5bf0dbf1-67c9-11de-9604-00037aa81516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5bf0dbf5-67c9-11de-9604-00037aa81516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5bf0dc24-67c9-11de-9604-00037aa81516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e9f70483-5e99-11de-b956-00037aa81516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e9f70487-5e99-11de-b956-00037aa81516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXfcjsxsxgiqekiurfhaimfdhhogndsljm.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXjtfdibfixxuqjqcucgnicsipdemvdtcx.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\MSIVXmbsxqotctcftykpixhelobtveovspeaw.sys
Status: Invisible to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\6404bc9cb3e4e1c5b38e2b30c572adc4cfa78ac96aea8997b1e713f62b18ca50.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f8209ee440679adcdab198fe5262dd5ff95c1d654f488816d0f33c8a45d5e8d8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\5effcbd6bfe308cd94c31922a126a132ef26282a495f9fc0963000a8e158d866.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ponent-sku-business_31bf3856ad364e35_6.0.6002.18005_none_7bbfcb6ec330d88f\SE0179~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ponent-sku-business_31bf3856ad364e35_6.0.6002.18005_none_7bbfcb6ec330d88f\SED483~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ponent-sku-business_31bf3856ad364e35_6.0.6002.18005_none_7bbfcb6ec330d88f\SE5813~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ponent-sku-business_31bf3856ad364e35_6.0.6002.18005_none_7bbfcb6ec330d88f\SEA954~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: c:\program files\nero\nero8\nero backitup\biu444f.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu66fc.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: c:\users\sam\appdata\local\temp\etilqs_bhas0difxsyi6wxtdkfh
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-Business\SE0179~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-Business\SE5813~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-Business\SEA954~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-Business\SED483~1.XRM
Status: Locked to the Windows API!

Path: \\?\C:\Windows\System32\oodag\4302293AC342BF3A4773FAE3C46E1897\01CA1ABFFE89299E\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: C:\Windows\System32\oodag\4302293AC342BF3A4773FAE3C46E1897\01CA1ABFFE89299E\3_1.rpd
Status: Invisible to the Windows API!

Path: C:\Windows\System32\oodag\4302293AC342BF3A4773FAE3C46E1897\01CA1ABFFE89299E\4AA0928713DC961CB85BF1B1A74DDFB4.id
Status: Invisible to the Windows API!

Path: C:\Windows\System32\oodag\4302293AC342BF3A4773FAE3C46E1897\01CA1ABFFE89299E\Job.Job
Status: Invisible to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.256.crwl
Status: Allocation size mismatch (API: 496, Raw: 8)

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.256.gthr
Status: Allocation size mismatch (API: 4096, Raw: 336)

Path: c:\users\sam\appdata\local\google\chrome\user data\default\current session
Status: Allocation size mismatch (API: 131072, Raw: 0)

Path: c:\users\sam\appdata\local\google\chrome\user data\default\current tabs
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Users\Sam\AppData\Local\Microsoft\Windows Live Mail\Googlemail a19\Inbox\3D0746~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Sam\AppData\Local\Microsoft\Windows Live Mail\Googlemail a19\[Google Mail]\All Mail\212C00~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Sam\AppData\Local\Microsoft\Windows Live Mail\Googlemail a19\[Google Mail]\All Mail\23C948~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Sam\AppData\Local\Microsoft\Windows Live Mail\Googlemail a19\[Google Mail]\All Mail\53D345~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.


Thanks again,

Sam

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:37 AM

Posted 12 August 2009 - 02:54 PM

Just in case, make sure you are logged in with the Sam login-account.

You must turn OFF Spybot's Tea Timer (it is active and will block any fixes we try}. See the next article below to turn it off.
You also need to verify that Ad-Aware AdWatch is not auto-started.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
http://www.bleepingcomputer.com/forums/ind...howtopic=114351

Make sure you have no open work or programs. Let these run by themselves.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of tools.
Close/save your open work documents, if any, and close your open programs.

Download The Avenger by Swandog46 from >> here<< .
  • Unzip/extract it to a folder on your desktop.

  • RIGHT-click on avenger.exe and select Run as Administrator to start The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in between the **** stars lines **** below to the clibpboard by highlighting it and then pressing Ctrl+C.
    ********************************************************
    Files to delete:
    C:\Windows\System32\MSIVXfcjsxsxgiqekiurfhaimfdhhogndsljm.dll
    C:\Windows\System32\drivers\MSIVXmbsxqotctcftykpixhelobtveovspeaw.sys
    C:\Windows\System32\MSIVXjtfdibfixxuqjqcucgnicsipdemvdtcx.dll

    Drivers to delete:
    MSIVX

    ********************************************************
  • In the avenger window, click the Paste Script from Clipboard icon, Posted Image button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.
Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.
If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.
and then reboot the system again.

=

Delete any prior copy of Combofix now, if you had one from before !

This next will depend on your being logged in to the Sam account AND renaming a download to Combo-fix.exe onto the Desktop

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator

At the command-prompt window, type in the following to begin Combofix

C:\Users\Sam\Desktop\Combo-Fix.exe



and press Enter key
  • A window may open with a warning. Type "1" (and Enter) to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once without asking me first.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.
=

Copy and paste back here a copy of C:\Avenger.txt
and C:\Combofix.txt
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 sampace

sampace
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 12 August 2009 - 05:29 PM

Thanks for the quick reply. Here are my logs...


Avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "MSIVXserv.sys" found!
ImagePath: \systemroot\system32\drivers\MSIVXmbsxqotctcftykpixhelobtveovspeaw.sys
Start Type: 1 (System)

Rootkit scan completed.

File "C:\Windows\System32\MSIVXfcjsxsxgiqekiurfhaimfdhhogndsljm.dll" deleted successfully.
File "C:\Windows\System32\drivers\MSIVXmbsxqotctcftykpixhelobtveovspeaw.sys" deleted successfully.
File "C:\Windows\System32\MSIVXjtfdibfixxuqjqcucgnicsipdemvdtcx.dll" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\MSIVX" not found!
Deletion of driver "MSIVX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


Combo-Fix log:

ComboFix 09-08-10.06 - Sam 12/08/2009 23:18.2.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2942.1901 [GMT 1:00]
Running from: c:\users\Sam\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG\AVG8\avgse.dll
.
---- Previous Run -------
.
c:\windows\Installer\16e65d7.msp
c:\windows\system32\MSIVXcount
c:\windows\system32\OGACheckControl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSIVXserv.sys
-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 22:24 . 2009-08-12 22:24 -------- d-----w- c:\users\Sam\AppData\Local\temp
2009-08-12 22:24 . 2009-08-12 22:24 -------- d-----w- c:\users\Lady Chloe\AppData\Local\temp
2009-08-12 22:24 . 2009-08-12 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 21:16 . 2009-08-12 21:16 -------- d-----w- c:\programdata\SITEguard
2009-08-09 20:27 . 2009-08-09 20:27 -------- d-----w- c:\users\Lady Chloe\AppData\Local\Last.fm
2009-08-09 09:47 . 2009-08-09 09:47 -------- d-----w- c:\users\Sam\AppData\Roaming\app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1
2009-08-09 09:47 . 2009-08-09 09:47 -------- d-----w- c:\program files\DestroyTwitter
2009-08-08 09:54 . 2009-08-08 09:54 -------- d-----w- c:\users\Sam\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
2009-08-08 09:54 . 2009-08-08 09:53 38208 ----a-w- c:\users\Sam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-08 09:54 . 2009-08-08 09:53 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-08 09:54 . 2009-08-08 09:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-07 22:01 . 2009-08-07 22:02 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-29 17:01 . 2009-07-18 11:35 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-29 17:01 . 2009-07-18 16:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-29 16:56 . 2009-08-08 08:15 -------- d-----w- c:\users\Sam\AppData\Roaming\Spotify
2009-07-29 16:56 . 2009-07-29 16:57 -------- d-----w- c:\users\Sam\AppData\Local\Spotify
2009-07-29 16:56 . 2009-07-29 16:56 -------- d-----w- c:\program files\Spotify
2009-07-26 22:11 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-18 15:25 . 2009-07-18 15:25 -------- d-----w- c:\users\Sam\AppData\Roaming\AVG8
2009-07-14 20:32 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 20:32 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 20:32 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 20:32 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 20:32 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 16:17 . 2009-07-14 16:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 16:17 . 2009-07-14 16:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 22:23 . 2008-09-29 19:48 -------- d-----w- c:\programdata\Kontiki
2009-08-12 22:16 . 2009-07-10 00:28 -------- d-----w- c:\programdata\STOPzilla!
2009-08-12 21:17 . 2008-07-16 20:14 -------- d-----w- c:\programdata\avg8
2009-08-11 21:08 . 2008-07-14 23:09 -------- d-----w- c:\users\Sam\AppData\Roaming\uTorrent
2009-08-11 19:10 . 2009-07-10 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 20:59 . 2009-07-07 20:57 -------- d-----w- c:\users\Sam\AppData\Roaming\vlc
2009-08-03 10:53 . 2008-07-29 21:15 -------- d-----w- c:\users\Sam\AppData\Roaming\dvdcss
2009-08-03 08:18 . 2008-08-20 21:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-02 21:59 . 2008-03-03 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-26 15:50 . 2008-10-20 22:08 -------- d-----w- c:\program files\dl_Cats
2009-07-18 15:24 . 2008-12-15 20:26 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-18 13:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-18 13:53 . 2008-03-03 17:43 -------- d-----w- c:\programdata\Microsoft Help
2009-07-15 00:44 . 2008-08-05 21:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 00:34 . 2009-07-09 20:26 -------- d-----w- c:\program files\SpywareBlaster
2009-07-11 18:08 . 2009-07-11 18:08 167180 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-11 17:38 . 2008-08-05 21:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-11 17:15 . 2009-07-11 17:14 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 17:15 . 2008-07-15 23:25 -------- d-----w- c:\program files\iTunes
2009-07-11 17:14 . 2009-07-11 17:14 -------- d-----w- c:\program files\iPod
2009-07-11 17:14 . 2008-07-15 23:19 -------- d-----w- c:\program files\Common Files\Apple
2009-07-11 17:14 . 2008-07-15 23:22 -------- d-----w- c:\programdata\Apple Computer
2009-07-11 17:11 . 2008-07-15 23:24 -------- d-----w- c:\program files\Bonjour
2009-07-11 17:10 . 2009-07-11 17:09 -------- d-----w- c:\program files\QuickTime
2009-07-11 17:02 . 2009-07-11 17:02 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-11 11:24 . 2009-07-11 11:24 -------- d-----w- c:\program files\Safer Networking
2009-07-11 09:07 . 2009-07-11 09:07 -------- d-----w- c:\program files\JavaFX
2009-07-11 09:05 . 2009-07-11 09:05 -------- d-----w- c:\program files\Sun
2009-07-11 09:05 . 2009-01-25 17:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-11 09:05 . 2008-03-03 16:57 -------- d-----w- c:\program files\Java
2009-07-03 08:02 . 2008-12-15 20:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-03 08:02 . 2008-07-21 20:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 10:27 . 2009-07-10 17:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-07-10 17:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 18:07 . 2009-06-11 18:07 1878984 ----a-w- c:\users\Lady Chloe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-30 08:27 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-30 00:16 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-28 13:16 . 2009-05-28 13:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 13:15 . 2009-05-28 13:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 13:14 . 2009-05-28 13:14 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-05-21 07:22 . 2009-02-07 09:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"DLCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-03 1948440]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-11 148888]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::7d,e5,17,cf,01,e1,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-292554269-3089399838-3337987015-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1E036455-BB34-4F49-8B3A-3A2DD29C6008}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D4211225-7D94-4D4C-BA73-98D4495EB979}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB0D159F-F97D-4F18-9F09-24B8C7CCF08E}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{6C32AC56-A076-489B-9897-AEF63E79055A}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{8BCC3463-BCB2-41EE-9F51-ADF18FCC4B7B}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{0362E6EF-89AD-4A8F-A21A-4CF78D823E78}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{A5C1E5FB-C55C-4456-9C1A-021AC94B7BF2}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{C8B7E572-3379-4975-AB83-722D79C80823}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{8ED8519A-D4FC-4123-957C-D235B10D678E}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{89493923-D94E-41B7-83D9-387B3F189D00}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{9B102ED2-3F8B-42F7-9A0E-1D39FB473E32}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{A6DDD196-A04E-455A-9951-7A38BD6D33E1}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"TCP Query User{BB885734-4BE2-47CC-9158-901EF42AC3C2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{7BAC2F40-5CD6-4CE7-9A6F-C87360174E7C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C0FC1F02-20CD-4D5E-B199-E78F82F13237}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8181DD9F-62B9-4B9B-AE00-B5872E09B475}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{0357FB90-F36C-48E8-88A7-CEBDBB23ADC4}"= UDP:c:\program files\O2\bin\wificfg.exe:sprtcmd.exe
"{9F2273FE-75A2-46CD-862C-6A2BE8D64D48}"= TCP:c:\program files\O2\bin\wificfg.exe:sprtcmd.exe
"{ECEB82E5-8A97-4ED9-B7EE-71554DF1A23F}"= UDP:c:\program files\O2\agent\bin\bcont.exe:bcont.exe
"{D7CBAA88-AECF-49EE-A9A1-77F1E520C618}"= TCP:c:\program files\O2\agent\bin\bcont.exe:bcont.exe
"{5C4BC171-1504-4FF7-9E0E-D600002884DD}"= UDP:c:\program files\Common Files\SupportSoft\bin\ssrc.exe:ssrc.exe
"{66DDB26D-6284-41C8-93FD-B86A25075532}"= TCP:c:\program files\Common Files\SupportSoft\bin\ssrc.exe:ssrc.exe
"{F6BEBA00-23A8-4788-81A9-30CC38B269CF}"= UDP:c:\program files\O2\agent\bin\bcont_nm.exe:bcont_nm.exe
"{F9B28E25-1A60-4195-88AF-BF567CF3B55C}"= TCP:c:\program files\O2\agent\bin\bcont_nm.exe:bcont_nm.exe
"TCP Query User{BFDEF694-8675-46B7-9937-9ED5E9CA4368}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{2FC52780-4B56-4C4A-AC86-99F66D6146FE}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{A4949507-870A-4CAB-90E3-DA2F934A44C8}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{28F03DD0-D64F-40B6-89D9-D4358DD4F892}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{75AF8BCF-5D75-4BA0-9273-C69DFDBF0507}"= UDP:c:\windows\System32\dlcfcoms.exe:Dell 725 Server
"{7157C87F-9F40-4581-A5FD-91215770F6CB}"= TCP:c:\windows\System32\dlcfcoms.exe:Dell 725 Server
"TCP Query User{CF0A0483-8440-436F-90D6-64FD434E0E3F}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{D885374C-9602-4D22-AEC2-9DFCAA6F656C}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"{202ABF04-68B0-43A1-A59C-3C12E3541EB3}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{D9E30674-480D-4E28-AE0B-39FF9771D9FD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C5D0AE5C-C5AE-42BA-9FAD-3EBC26CF1DF5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EBB4D5E1-78B6-4C69-A4C3-D00DC1FF4762}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{CF14690E-5693-404D-AD2A-F32D96550DC2}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{E7CEF267-57D2-4C05-9AF5-124BBE19C493}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{9469523F-768D-42DD-A9DF-DD3FBBE80904}"= UDP:c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe:Ad-Aware SE Professional
"{A253EFC1-4314-4C38-86AF-09AD5D9E19A6}"= TCP:c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe:Ad-Aware SE Professional
"{0CE7860F-B14C-451A-8ADA-BD9668E5F4AF}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{9586BA06-40FC-4A72-8CC9-AFEE17C50188}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{19B2F052-D737-44A8-85AD-65576E8EC309}"= UDP:c:\program files\Spybot - Search & Destroy\Update.exe:Update
"{AF51C9A8-EE27-4415-B97F-F1B4CCDD14CB}"= TCP:c:\program files\Spybot - Search & Destroy\Update.exe:Update
"{5877B49C-1FDC-46A5-9D4D-2047BE0245B9}"= UDP:c:\users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe:Google Chrome
"{AFA4679E-A53E-4FEE-9688-10ED809B045A}"= TCP:c:\users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe:Google Chrome
"{A9299AAC-FBF9-4A64-9595-028A62089EC3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6F5BBE4A-DF3F-4B6E-A61C-5F254C64A058}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{16B23730-F344-4317-AC3C-9382DBACF52F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EC54379B-65D9-46D2-BE9F-3949D057FE4C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AB42FCEF-33B9-4BDD-A5B4-5E3C40CED1DC}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{14A3DA94-0DC5-4FEE-8D4E-A975DF665370}"= TCP:c:\program files\Spotify\spotify.exe:Spotify

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/07/2009 23:47 64160]
R0 szkg5;szkg;c:\windows\System32\drivers\SZKG.sys [12/05/2009 14:13 61328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15/12/2008 21:26 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/02/2009 10:21 108552]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [14/07/2008 12:48 25896]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25/12/2007 14:07 40960]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 17:03 126976]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\System32\drivers\CHDART.sys [03/03/2008 17:48 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/01/2008 10:34 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [09/04/2007 16:13 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [14/07/2008 12:36 290304]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [10/07/2009 18:30 38160]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15/12/2008 21:26 907032]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/12/2008 21:26 298776]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 15:49 1029456]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/08/2008 22:45 1153368]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_AD-AWARE_SERVICE
*NewlyCreated* - SBSDWSCSERVICE
*NewlyCreated* - SZSERVER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-292554269-3089399838-3337987015-1000Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-28 00:05]

2009-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-292554269-3089399838-3337987015-1000UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-28 00:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk
uDefault_Search_URL = about:blank
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchURL = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\npupyzys.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\users\Sam\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 23:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-292554269-3089399838-3337987015-1000\Software\SecuROM\License information*]
"datasecu"=hex:8c,44,92,23,32,c2,4d,c4,b7,00,ef,c7,44,4b,51,1b,6e,4b,81,0e,7f,
67,04,df,62,02,99,5e,64,eb,2a,bf,df,f4,ae,a1,a9,f1,a3,c4,c7,18,56,c6,5d,cd,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="227EC6A33A4BCEBB7BA1CA555CE11439D2FD1E75B69E925A5EA65A4160BB94D8342BF082A6E35F0BD754F82A2ADAC32FE83181C28A6C458752F583B22D34483C9A24D7CB81B15616AD8A442BE42EEF094E0F96E7936DEF0B054DCC199EB47E3EAD83CD20062011E4064B3CCDCCC4FE315C2AC4D02C28A35640ED15F45480FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6171C11EC38DE3DC038D530D6EB3452DA32BF78817B8BF6E4C1C9CDC8F33D4DBDA897485AB6BB9F1E653E06492F3189C5E6C559E532685FA3ACE19F2037096F0328B6768871E399D17A332F55A9532D6FF7F02201702AA9138433C6721DB0353A3B632438A3B3FB2EE5328AD2B025CC9748B41F119846139B31213BF61EE91A93EF12973BF9C19F4D7C604A4EC5BDB9DE11840E7A24F50D087312678B4531CB23283B8805B5EB90AAE56693F37F7BFECCDE5B24C39DB9BB87DA712DAE34452C619C5825AFAB518CA99DF1829588FE59CA14378617A2517B2ECD2CDE841F2A522BD6E90DF745560A8E7232A1A91FAD37A8631951456845D6F286B64655CDA50AC0B6F3D53E80A12D0209DC774A95B1BE97D686133EB5DD913211879E8C9CC3CF47ECFE08086EA2D393D9A9F53451F548AE4C094E9A642920A9529817BA7CD257450315A27E33068C33AFD589CA4E2D60E7F0AE7A15667A2CFD7D675492F0678729D1C6146D0A439B362BA28F1398CCC6224D89830DBCE793B69CF96F6D9258F9C18828C2C5BE0FF7563E535AB6540CF01F372E47047FCA67BD0F54F2468DBFFCC4AACE881E3368CC31B331AE84366B0685DEB79823DA42EC640501603DA17D15C88E59B02D5C0E79C72409C76E8AA8E45FC1C140B28C2F1FDC84102917A43476CCDDE4FC524305138081ABD4092D4A1C1C36EF77A368392A3EE81338B97DCA8CAF9817238C8614DF230FEC740F9299710DE3666D88D6C8EF855D21E8B3A86E76B411954B00D5C75C5D63A6BFDF40A45B6A4950C697518D051165D50932B68C8586EE8D1278F6F136C1EBB540F950BA89CB36DA972BE7793524D6CD5F0BCCD741B0ACAD0AE04424D2C568F8720771F1D9B24FB6EEC33EC1FB66D9ADA3B4A0C8632398AA364AA939C9416BD5C94EE423627E0E9948038AE10DE2EE9A7FCC801A5BB2D43B12E9A8CB64F2DC35AC3F81EBE9F7BE3F98311A96CB8965BF9592CCCACA18599B8818573BA47CF984F269322D6FC78262C5B74AE2D1ADE3CBF869791D0AEF708B7BD25E2DBDE050B2EC85740C217DCC472C270F8C6D86E4F132598E1BA1B8B9CD403A7A0A158CC6365B6C5B72658BE73219306F1EA03034E83C8EA80D5058A6AB9E147E7CC84B1206F49B0C0C5448EFEBD02B876520A876E98758770388177E"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-12 23:27
ComboFix-quarantined-files.txt 2009-08-12 22:26

Pre-Run: 80,482,103,296 bytes free
Post-Run: 80,280,694,784 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,10
292 --- E O F --- 2009-08-10 17:08


thanks again.

Sam

#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:37 AM

Posted 13 August 2009 - 06:43 AM

Hello Sam,
The rootkit has been quashed. This does need follow-up, so do these next.

Reminder: Given that this is a Vista system, on most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along.

Right click the Spybot Icon in the system tray (notification area).
  • If you have the new version, click once on Resident Protection and make sure it is Unchecked.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident

    If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    Exit Spybot S&D when done and reboot the system so the changes are in effect.
=
Temporarily disable your AVG8
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Just your antvirus

=
Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.

    Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator
    At the command-prompt window, type in the following to begin Sysclean scan

    C:\DCE\sysclean.com


    and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

Re-enable your AVG8 antivirus

Next, a new run of OTL
Locate the OTL.exe on your Destop

Double-click OTL.exe Posted Image to start it.

Look at the upper left of window. Press the pink color Quick Scan button.
Have patience while it runs.
It will produce a new log. Save it.

Copy and paste back here a copy of the Sysclean log and
the new OTL.txt
Tell me, How is your system now
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:37 AM

Posted 08 September 2009 - 10:13 AM

This thread is closed due to lack of response. If you still have issues & need this re-opened, send a PM to me or a moderator.
This applies only to the original poster.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users