Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to shopping sites


  • This topic is locked This topic is locked
12 replies to this topic

#1 YosemiteSam

YosemiteSam

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 28 October 2009 - 10:20 AM

Hello.

Ok I've done my best to follow your posting guidelines to the letter. I did run into problems, I'll elaborate later...

I seem to have a bug that is re-directing my google searches to random shopping pages and some very suspicious sites [occasional AVG warnings]. I close these as soon as they start to re-direct.

I also have some unusual lagging in Firefox, scrolling is delayed and hovering over links etc seems to delay by a second or so. I'm a bit concerned that something nasty is happening.

I'm running XP MCE edition, I only use Firefox [it is updated automatically]. I never use IE.

I have used:
AVG 8.5 free edition
Spybot S&D
SUPER anti spy ware
Ad aware
and of course, Malwarebytes.

I have tried these in both normal and Safe Mode.

I run Zone-alarm firewall

I recently had two infections:
Search Tool
Windows System Defender

These were rooted out by Malwarebyte [748 infected files due to WSD!].

Ok I tried to use DDS.scr but it doesn't run on my machine. All I get is a HUGE text file that looks like random text. at the top you can make out:
'MZ   @  !L!This program cannot be run in DOS mode.'

So I sort of fell at the first hurdle, hence why I have not been able to add the report here for you. Sorry.

I have got Hijack This, so I have added that report for you, in place of the DDS one.

I have the RootRepeal report for you.
I have not performed a Kaspersy scan results as their on-line scanner is currently unavailable

I'm usually pretty lucky with Malware and haven't had anything this stubborn before. Would appreciate any help you can offer me.

Would also be hugely grateful to have advice on how to prevent these things happening. there are so many spyware/malware products that I'm never sure which I should be using and whether it's wise to run so many products. I thought Spybot S&D would protect me from these things but perhaps it's not all it was cracked up to be or is now a little lightweight to deal with today's threats?

Anyway, thanks in advance. Here's all that asked for data...



HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:40, on 28/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe
C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.asp...&tbid=70001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe"
O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11843 bytes

Attached Files

  • Attached File  ark.txt   8.74KB   10 downloads


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:49 AM

Posted 28 October 2009 - 05:38 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 28 October 2009 - 06:20 PM

Hi Sam :(

Really good to meet you and thanks for getting to me so fast.

Ok, here's all that OTL report for you...


OTL logfile created on: 28/10/2009 23:07:07 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.11 Mb Total Physical Memory | 670.90 Mb Available Physical Memory | 65.64% Memory free
2.86 Gb Paging File | 1.79 Gb Available in Paging File | 62.58% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 33.01 Gb Free Space | 35.43% Space Free | Partition Type: NTFS
Drive D: | 4.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMSLAPTOP
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/28 23:04:38 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
PRC - [2009/10/17 07:12:16 | 02,025,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/15 08:33:20 | 01,412,392 | ---- | M] (GFI Software Ltd.) -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
PRC - [2009/09/15 08:33:20 | 00,440,616 | ---- | M] (GFI Software Ltd.) -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2009/09/10 21:08:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/18 08:31:11 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/18 08:31:10 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/18 08:31:05 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/18 08:30:49 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/06/30 08:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/19 13:23:24 | 00,202,064 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/08/31 19:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/08/31 18:58:50 | 00,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/03/22 23:17:52 | 12,812,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/08/31 08:44:36 | 00,716,800 | ---- | M] () -- C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe
PRC - [2006/08/03 16:21:42 | 00,290,816 | ---- | M] () -- C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe
PRC - [2006/03/15 17:12:24 | 01,769,472 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
PRC - [2006/03/02 23:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/03/02 22:50:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/16 14:34:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/12/05 12:37:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2005/11/28 11:41:50 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/11/28 11:37:52 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 11:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/10/06 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/01/17 23:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AcrSch2Svc [Auto | Stopped])
SRV - [2009/10/22 15:49:45 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/09/15 08:33:20 | 01,412,392 | ---- | M] (GFI Software Ltd.) -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched [Auto | Running])
SRV - [2009/09/15 08:33:20 | 00,440,616 | ---- | M] (GFI Software Ltd.) -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt [Auto | Running])
SRV - [2009/08/18 08:30:49 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/14 00:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2008/03/24 18:13:37 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/03/24 15:20:29 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/02/16 14:34:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/11/28 11:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/11/28 11:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2005/11/28 11:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/01/17 23:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009/10/28 23:04:38 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\S-1-5-21-3891259901-2243897495-3093656685-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\S-1-5-21-3891259901-2243897495-3093656685-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {62b958b4-9962-4fc2-9983-01a9a42d6f2d}:0.4.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.57015
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: calculator@cmcculloh:2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/26 09:43:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 10:04:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 11:21:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/22 15:53:34 | 00,000,000 | ---D | M]

[2008/08/29 15:08:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Extensions
[2008/08/29 15:08:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/10 22:04:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\jgl69m59.SAM March09\extensions
[2009/10/28 09:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions
[2009/07/08 14:26:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2008/03/24 13:50:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/10/20 17:47:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/05/03 14:45:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{62b958b4-9962-4fc2-9983-01a9a42d6f2d}
[2009/10/15 10:39:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2009/10/16 13:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/15 06:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2008/10/25 12:16:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/09/14 19:01:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2009/07/08 16:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\calculator@cmcculloh
[2008/03/24 13:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/10/22 22:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\nguboxo7.default\extensions\piclens@cooliris.com
[2008/06/19 13:59:33 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Mozilla\FireFox\Profiles\nguboxo7.default\searchplugins\askcom.xml
[2008/05/28 21:28:32 | 00,001,340 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Mozilla\FireFox\Profiles\nguboxo7.default\searchplugins\bbc-news.xml
[2009/10/28 19:36:49 | 00,002,136 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Mozilla\FireFox\Profiles\nguboxo7.default\searchplugins\flickr-tags.xml
[2009/10/28 14:39:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 21:08:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/14 18:09:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/03/28 14:58:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/30 18:59:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/24 11:59:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/09/10 21:08:01 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 21:08:01 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/09/10 21:08:08 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/09/11 11:21:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/11 11:21:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/11 11:21:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/11 11:21:12 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/11 11:21:12 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/11 11:21:12 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/11 11:21:12 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/05 09:18:39 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
[2009/07/08 14:35:45 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/07/08 14:35:45 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/08 14:35:45 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2007/08/07 08:25:58 | 00,001,461 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009/07/08 14:35:45 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/08 14:35:45 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/07/08 14:35:45 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/10/22 09:23:21 | 00,001,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2009/07/08 14:35:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/08 14:35:45 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (345249 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11836 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MFP Server Agent] C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Server Application for MFP Server] C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 00 00 00 01 [binary data]
O7 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3891259901-2243897495-3093656685-1005\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/17 10:37:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/22 15:48:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/22 08:53:06 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\7947f
[2009/10/22 15:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/10/22 15:10:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/20 16:29:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/20 16:29:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\SUPERAntiSpyware.com
[2009/10/17 01:48:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\assembly
[2009/10/17 01:48:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Chilibase
[2009/10/15 00:47:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Evernote
[2009/10/23 18:27:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\myPod_Apps
[2009/10/17 01:45:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\VeranoSoft
[2009/10/22 15:11:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/10/17 01:48:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Redemption
[2009/10/17 01:47:59 | 00,000,000 | ---D | C] -- C:\Program Files\Axonic
[2009/10/15 00:47:13 | 00,000,000 | ---D | C] -- C:\Program Files\Evernote
[2009/10/23 18:15:45 | 00,000,000 | ---D | C] -- C:\Program Files\iPhone Explorer
[2009/10/17 20:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Attachment Remover
[2009/10/17 01:47:18 | 00,000,000 | ---D | C] -- C:\Program Files\Public Shareware
[2009/10/20 16:29:33 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/23 19:13:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/28 23:04:37 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2009/10/28 11:58:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/28 11:58:21 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/28 11:49:30 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/25 13:02:59 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Sam\Desktop\RootRepeal.exe
[2009/10/25 12:38:50 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/10/22 15:50:19 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files - Modified Within 14 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/28 23:06:03 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Clean System Memory.job
[2009/10/28 23:04:38 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2009/10/28 20:34:28 | 44,321,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/28 20:34:28 | 00,062,663 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/28 14:43:32 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\settings.dat
[2009/10/28 12:52:41 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/10/28 12:52:19 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/28 12:51:36 | 00,350,194 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/28 12:50:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/28 12:50:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/28 12:50:42 | 10,718,28992 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 12:49:39 | 02,669,840 | -H-- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\IconCache.db
[2009/10/28 12:11:59 | 00,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/28 12:11:59 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/28 12:11:59 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/28 12:04:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/25 13:03:00 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Sam\Desktop\RootRepeal.exe
[2009/10/25 12:54:26 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\dds.scr
[2009/10/25 12:38:50 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2009/10/23 19:13:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\HijackThis.lnk
[2009/10/23 18:15:47 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iPhone Explorer.lnk
[2009/10/23 00:32:33 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/23 00:04:32 | 00,038,473 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Comma Separated Values (Windows).ADR
[2009/10/22 09:23:09 | 00,345,249 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091022-104756.backup
[2009/10/22 09:23:09 | 00,345,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091028-131915.backup
[2009/10/22 09:23:09 | 00,345,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091028-131823.backup
[2009/10/22 09:23:09 | 00,345,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091022-120707.backup
[2009/10/22 09:23:09 | 00,345,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091022-105053.backup
[2009/10/22 09:23:09 | 00,345,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091022-104914.backup
[2009/10/22 09:23:09 | 00,345,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091022-104849.backup
[2009/10/22 09:23:09 | 00,345,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/20 17:25:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/20 14:40:42 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 17:48:00 | 00,101,316 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/17 13:30:56 | 00,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/10/17 12:40:27 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/16 15:39:43 | 00,001,074 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\RADC.lnk
[2009/10/15 00:47:27 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Evernote.lnk

========== Files - No Company Name ==========
[2009/10/28 14:43:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\settings.dat
[2009/10/28 12:50:42 | 10,718,28992 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/25 12:54:25 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\dds.scr
[2009/10/23 19:13:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\HijackThis.lnk
[2009/10/23 18:15:47 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iPhone Explorer.lnk
[2009/10/22 15:51:19 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/18 17:48:00 | 00,101,316 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/17 13:30:56 | 00,000,262 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/10/17 12:40:26 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/17 01:47:18 | 00,000,329 | ---- | C] () -- C:\WINDOWS\Public ContactAfterReply.ini
[2009/10/16 15:39:43 | 00,001,074 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\RADC.lnk
[2009/10/15 00:47:27 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Evernote.lnk
[2009/08/21 15:07:21 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/02 23:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/01/09 01:11:54 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/09 01:11:54 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/17 08:22:41 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/30 14:01:37 | 00,000,239 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2008/07/24 18:27:53 | 00,038,473 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\Comma Separated Values (Windows).ADR
[2008/04/06 15:55:46 | 02,246,760 | ---- | C] () -- C:\Program Files\NETCFv2.wm.armv4i.cab
[2008/04/06 15:55:46 | 00,000,154 | ---- | C] () -- C:\Program Files\Compact Framework 2.0.INI
[2008/03/30 21:01:16 | 00,024,417 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\Comma Separated Values (DOS).ADR
[2008/03/24 15:45:22 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\$_hpcst$.hpc
[2008/03/24 15:21:26 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2008/03/24 15:02:01 | 00,000,083 | R--- | C] () -- C:\WINDOWS\hpw1280k.ini
[2008/03/24 14:59:56 | 00,012,939 | ---- | C] () -- C:\WINDOWS\hpdj1280.ini
[2008/03/24 14:58:43 | 00,000,344 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/03/24 14:58:42 | 00,001,061 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/03/24 14:58:35 | 00,196,608 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll
[2008/03/24 14:46:54 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\mfpcoins.dll
[2008/03/24 14:46:53 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\MFPBot.dll
[2008/03/24 14:46:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\InstallMFPPS.dll
[2008/03/24 14:46:53 | 00,000,235 | ---- | C] () -- C:\WINDOWS\System32\Config.ini
[2008/03/24 13:23:32 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/03/24 12:28:13 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/03/24 10:51:53 | 00,001,292 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\FASTWiz.html
[2008/03/24 10:23:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Sam\Application Data\desktop.ini
[2008/03/24 10:23:06 | 02,669,840 | -H-- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\IconCache.db
[2008/03/24 10:23:06 | 00,013,104 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/03/17 19:18:27 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/17 19:18:27 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/17 19:18:26 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/17 19:18:24 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/17 19:18:21 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/17 12:55:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/17 12:50:14 | 00,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/03/17 12:36:29 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/17 12:08:54 | 00,001,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/17 12:05:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/17 12:05:02 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/17 12:05:02 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/17 12:05:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/17 12:05:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/17 12:05:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/17 12:05:02 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/17 11:58:09 | 00,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/17 11:58:09 | 00,002,036 | R--- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/17 11:49:36 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/17 11:49:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/17 11:49:36 | 00,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/17 11:49:36 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/17 10:27:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/03/17 09:21:01 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/03/17 09:21:01 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/17 09:20:17 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/17 09:20:14 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/01/26 17:03:32 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 18:56:50 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/29 03:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2008/03/24 12:12:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/03/24 10:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2008/03/24 17:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2009/10/22 15:48:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/11 11:25:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 14:34:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/22 15:48:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/22 09:23:18 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\7947f
[2009/08/17 18:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/03/24 15:21:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/03/24 10:23:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2008/03/24 13:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/09/13 15:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/03/24 18:53:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/19 20:27:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/10/22 15:11:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/03/24 10:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intel
[2008/03/24 17:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2009/09/03 14:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/03/24 17:41:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2008/03/24 17:41:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/10/23 00:04:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sam\Application Data
[2009/08/17 22:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Acronis
[2008/03/24 15:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Autodesk
[2008/03/24 18:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Canon
[2008/03/24 20:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\FileMaker
[2008/03/24 15:32:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Flickr
[2008/03/24 10:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Intel
[2008/11/07 12:12:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\InterVideo
[2009/10/12 19:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\IObit
[2009/01/11 21:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\My Games
[2009/02/02 13:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\OpenOffice.org2
[2009/03/27 09:57:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Phlogre
[2008/03/24 21:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Reasonable Software House Ltd
[2008/03/24 17:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\toshiba
[2009/10/01 15:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\U3
[2008/03/25 10:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Uniblue
[2009/04/24 17:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Windows Search
[2009/10/17 12:47:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sam I am not\Application Data
[2008/03/24 10:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam I am not\Application Data\Intel
[2008/03/24 17:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam I am not\Application Data\toshiba
[2009/10/28 12:04:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/20 17:25:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/10/28 23:06:03 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Clean System Memory.job
[2004/08/10 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/10/01 08:31:56 | 00,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2009/10/28 12:50:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/17 13:30:56 | 00,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >
[2000/12/05 08:39:48 | 00,149,504 | ---- | M] () -- C:\UNWISE.EXE

< %systemroot%\system32\drivers\*.sys >
[2008/04/13 18:46:18 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\1394bus.sys
[2008/04/13 18:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/10 13:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008/04/13 16:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/03/24 10:24:05 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys
[2008/08/14 10:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 18:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/13 18:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 18:31:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 18:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2008/04/13 18:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2008/04/13 18:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:29:30 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 21:29:30 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 21:29:30 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 21:29:32 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 21:29:32 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 21:29:32 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 21:29:32 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 21:29:32 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 21:29:32 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 21:29:32 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 21:29:28 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 21:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 21:29:28 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 21:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 21:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 21:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 21:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 21:29:32 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 21:29:32 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 21:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 21:29:32 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 21:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 18:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004/08/10 13:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 18:51:30 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004/08/10 13:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 13:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2009/08/18 08:31:11 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2009/08/18 08:31:11 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2009/05/08 08:14:27 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2008/04/13 18:36:32 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\battc.sys
[2004/08/10 13:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2005/06/11 04:42:00 | 00,005,504 | ---- | M] (Quanta Computer Corp) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys
[2008/04/13 18:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 18:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 18:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 18:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 11:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 18:46:31 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 18:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2004/08/10 13:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2004/08/10 13:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 19:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/04/13 18:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2005/12/29 21:20:38 | 00,561,664 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys
[2004/08/10 13:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 19:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2008/04/13 18:36:37 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cmbatt.sys
[2008/04/13 18:36:37 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\compbatt.sys
[2004/08/10 13:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 18:31:32 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008/04/13 18:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 18:40:44 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS
[2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS
[2008/04/13 18:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 18:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/10 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 18:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 18:45:14 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 18:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS
[2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS
[2004/08/10 13:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 18:38:29 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2004/08/10 13:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2005/09/15 01:24:08 | 00,179,200 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys
[2001/08/17 13:46:40 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\enum1394.sys
[2008/04/13 19:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 18:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 18:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 18:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 18:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/10 13:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004/08/10 13:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2004/08/10 13:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 18:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2005/01/07 17:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys
[2008/04/13 18:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 18:45:26 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 18:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 18:45:22 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2006/01/17 16:30:58 | 00,015,744 | R--- | M] (SMSC) -- C:\WINDOWS\system32\drivers\hidsmsc.sys
[2008/04/13 18:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2004/08/03 21:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 21:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 21:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2005/11/08 22:11:00 | 00,202,240 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys
[2005/11/08 22:11:00 | 00,723,712 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys
[2005/11/08 22:12:00 | 00,997,376 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys
[2008/04/13 18:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 19:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2005/11/03 22:50:58 | 01,353,820 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys
[2008/04/13 18:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 18:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 18:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/10 13:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 18:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 18:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 19:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 18:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys
[2008/04/13 18:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 18:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys
[2008/04/13 18:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2008/04/13 18:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 19:16:36 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 11:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2009/09/23 12:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2009/09/10 13:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 13:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2004/08/10 13:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2005/10/05 22:57:00 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 18:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2006/06/02 11:01:38 | 00,010,063 | ---- | M] (None) -- C:\WINDOWS\system32\drivers\mfpcomp.sys
[2006/07/24 17:54:08 | 00,053,152 | ---- | M] (None) -- C:\WINDOWS\system32\drivers\mfpec.sys
[2006/08/03 16:52:46 | 00,009,472 | ---- | M] (None) -- C:\WINDOWS\system32\drivers\mfpvbus.sys
[2004/08/10 03:45:04 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mhndrv.sys
[2004/08/10 13:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 19:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 18:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 13:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 18:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 18:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys
[2008/04/13 18:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 11:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 18:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 18:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 18:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 18:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 18:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 18:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2004/08/03 21:41:40 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 21:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 21:29:38 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 19:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 18:43:55 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2004/10/14 00:40:00 | 00,003,200 | ---- | M] (Quanta Corp) -- C:\WINDOWS\system32\drivers\nb4int15.sys
[2008/04/13 19:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 18:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 18:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 19:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 18:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 18:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 19:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2003/01/29 21:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys
[2008/04/13 18:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/10 13:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 18:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 18:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 19:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 21:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004/08/10 13:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2006/02/16 18:34:00 | 03,642,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2004/08/10 13:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/10 13:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 18:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/10 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/10 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 18:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2008/04/13 18:46:18 | 00,061,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2004/08/10 13:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 18:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 18:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 18:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/10 13:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 18:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 18:40:29 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 18:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys
[2007/08/21 08:12:59 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys
[2008/04/13 19:19:41 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 18:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 18:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2004/08/10 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2005/03/29 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2006/01/12 16:21:18 | 00,031,872 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys
[2005/05/05 14:27:38 | 00,007,936 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qmofiltr.sys
[2004/08/10 13:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 19:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 18:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 19:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/10 13:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/10 13:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 19:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/10 13:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 18:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/14 00:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 21:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 18:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 18:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004/08/10 13:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/10 13:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 14:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 18:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 18:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004/08/10 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2005/11/28 12:09:26 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys
[2004/08/03 21:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 18:40:30 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 18:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 18:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 19:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 18:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 18:40:48 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 18:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 18:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 18:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2004/08/03 21:41:42 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 21:41:44 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 21:41:46 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 21:41:46 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 18:36:34 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2004/08/10 13:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 18:46:07 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/13 18:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 18:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2008/12/11 10:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2008/04/13 18:45:15 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 18:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 18:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2006/03/02 22:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys
[2008/04/13 19:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 18:40:50 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 11:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 11:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 19:00:05 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/14 00:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2009/08/17 18:03:23 | 00,902,592 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tdrpm228.sys
[2008/04/14 00:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/14 00:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2005/11/30 17:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys
[2009/08/17 18:03:16 | 00,044,704 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys
[2009/08/17 18:03:16 | 00,540,000 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys
[2003/04/07 21:52:00 | 00,021,120 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosbtsd2.sys
[2004/08/30 16:27:30 | 00,048,640 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosdbt.sys
[2004/08/10 13:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2005/07/11 18:58:56 | 00,003,712 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\toshidpt.sys
[2005/11/24 13:37:36 | 00,047,104 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosporte.sys
[2006/02/02 23:16:08 | 00,108,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfbd.sys
[2005/12/14 17:07:24 | 00,037,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys
[2005/08/01 16:45:08 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys
[2005/09/09 14:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfec.sys
[2006/02/08 17:33:34 | 00,062,848 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfhid.sys
[2002/02/07 16:24:20 | 00,025,420 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrflan.sys
[2005/01/06 13:42:42 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys
[2002/08/01 21:53:22 | 00,160,672 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfpcc.sys
[2005/11/11 15:09:52 | 00,052,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys
[2006/01/31 18:35:28 | 00,039,808 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys
[2003/07/01 12:52:30 | 00,016,320 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tostrans.sys
[2004/08/10 13:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 18:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 18:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 18:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2008/04/13 18:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 18:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 18:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 18:45:40 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 18:45:41 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2004/08/10 13:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 18:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 18:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 18:45:43 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 18:45:36 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 18:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 18:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 18:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 18:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 18:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/10 13:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 18:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 18:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 18:44:40 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 18:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2005/12/05 08:55:30 | 01,428,096 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys
[2008/04/13 18:43:55 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 21:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 21:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 21:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 21:29:42 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 18:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 21:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 21:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 19:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2008/04/13 18:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys
[2004/08/10 13:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 19:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/10 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2006/09/28 17:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 18:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys
[2005/11/28 10:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\system32\drivers\x10hid.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 28/10/2009 23:07:07 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.11 Mb Total Physical Memory | 670.90 Mb Available Physical Memory | 65.64% Memory free
2.86 Gb Paging File | 1.79 Gb Available in Paging File | 62.58% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 33.01 Gb Free Space | 35.43% Space Free | Partition Type: NTFS
Drive D: | 4.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMSLAPTOP
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [sendtotoys1add] -- C:\Program Files\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\Send To Toys\SendToRemove.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:LocalSubNet:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:LocalSubNet:Enabled:MFP Bot Utility
"13878:UDP" = 13878:UDP:LocalSubNet:Enabled:MFP Agent
"14135:UDP" = 14135:UDP:LocalSubNet:Enabled:MFP Driver
"14135:TCP" = 14135:TCP:LocalSubNet:Enabled:MFP Driver
"13107:UDP" = 13107:UDP:LocalSubNet:Enabled:Print Server Utility
"69:UDP" = 69:UDP:LocalSubNet:Enabled:Print Server Utility
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:LocalSubNet:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:LocalSubNet:Enabled:MFP Bot Utility
"13878:UDP" = 13878:UDP:LocalSubNet:Enabled:MFP Agent
"14135:UDP" = 14135:UDP:LocalSubNet:Enabled:MFP Driver
"14135:TCP" = 14135:TCP:LocalSubNet:Enabled:MFP Driver
"13107:UDP" = 13107:UDP:LocalSubNet:Enabled:Print Server Utility
"69:UDP" = 69:UDP:LocalSubNet:Enabled:Print Server Utility
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14CE3072-78E3-4937-802A-2A7B8104A343}" = Categorize Plus
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{44087BB4-73BC-4341-B40D-0A2D31262751}" = Toshiba Hotkey Utility
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{65FA5E6D-B3D7-46D9-9571-CBBA1968346B}" = FileMaker Pro 7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B80CF4-A87C-40AF-AF78-8CE20DFF4A18}" = Congo
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.963
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94AEAB3C-36E5-4CB7-BEE3-2B7C3C78E9E6}" = Belkin All-in-One Print Server
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE703614-FF3E-41F9-9796-00C79B0D1003}" = Phantom Frog
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D2786645-4357-44F3-8DA9-69EB152F09B1}" = Crazy Machines II Gold
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBDC9F3E-4B97-420E-A5A9-602256B93D0E}" = Reasonable NoClone 2007 Enterprise
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE074561-3C0A-4B6A-B4A5-09CD69E1DDF0}" = HP Deskjet 1280
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AhnDaGo Software Base Converter" = AhnDaGo Software Base Converter
"Any DWG DXF Converter_is1" = Any DWG DXF Converter 2008
"AutoBLOCK 2007" = AutoBLOCK 2007
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVG8Uninstall" = AVG 8.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner (remove only)
"CleanMem" = CleanMem
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"CSI-3 Dimensions of Murder" = CSI-3 Dimensions of Murder 1.0
"Custom Colors_is1" = Custom Colors
"Defraggler" = Defraggler
"DPP" = Canon Utilities Digital Photo Professional 3.5
"EOS Utility" = Canon Utilities EOS Utility
"Expression Off-Line 3.1" = Expression Off-Line 3.1
"Flickr Uploadr" = Flickr Uploadr 2.5.0.14
"Genius ColorPage-HR6 USB" = ColorPage-Vivid III USB V2
"GFI Backup 2009 - Home Edition" = GFI Backup 2009 - Home Edition
"HijackThis" = HijackThis 2.0.2
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"IrfanView" = IrfanView (remove only)
"JGUI A.SMS Messaging" = JGUI A.SMS Messaging
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Outlook Attachment Remover_is1" = Outlook Attachment Remover 2.0
"OUTLOOKR" = Microsoft Office Outlook 2007 Trial
"PAID4.0" = PAID
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Public Contact After Reply_is1" = Public Contact After Reply
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Send To Toys_is1" = Send To Toys v2.5
"Showport" = ShowPort
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007
"VirtuaMouse One-Hand_is1" = VirtuaMouse One-Hand 1.0
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware™
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/10/2009 15:26:25 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 15:26:26 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 17:11:50 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 17:11:50 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 17:17:38 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 17:17:38 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 18:59:50 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 18:59:50 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 19:09:38 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 28/10/2009 19:09:38 | Computer Name = SAMSLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 15/07/2009 06:39:12 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 151416
seconds with 2640 seconds of active time. This session ended with a crash.

Error - 22/07/2009 04:03:06 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 48925
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 21/08/2009 08:34:25 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4707
seconds with 900 seconds of active time. This session ended with a crash.

Error - 27/08/2009 04:23:24 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 258960
seconds with 19500 seconds of active time. This session ended with a crash.

Error - 08/09/2009 19:13:41 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10744
seconds with 7860 seconds of active time. This session ended with a crash.

Error - 16/09/2009 04:13:56 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52171
seconds with 900 seconds of active time. This session ended with a crash.

Error - 23/09/2009 08:37:20 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 79146
seconds with 4800 seconds of active time. This session ended with a crash.

Error - 06/10/2009 13:13:42 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1032
seconds with 60 seconds of active time. This session ended with a crash.

Error - 16/10/2009 21:59:53 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 497
seconds with 480 seconds of active time. This session ended with a crash.

Error - 20/10/2009 06:15:44 | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 91411
seconds with 6060 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/10/2009 08:35:24 | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol
Driver service which failed to start because of the following error: %%31

Error - 28/10/2009 08:35:24 | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 28/10/2009 08:35:24 | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 28/10/2009 08:35:24 | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 28/10/2009 08:35:24 | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip
Tcpip6
vsdatant

Error - 28/10/2009 08:35:25 | Computer Name = SAMSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 28/10/2009 08:49:43 | Computer Name = SAMSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28/10/2009 08:51:18 | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Belkin All-In-One Print Server Enhanced Controller service failed
to start due to the following error: %%1058

Error - 28/10/2009 08:51:18 | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Genius ColorPage USB Scanner service failed to start due to the
following error: %%1058

Error - 28/10/2009 08:51:18 | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Acronis Scheduler2 Service service failed to start due to the
following error: %%2


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:49 AM

Posted 29 October 2009 - 07:32 AM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

===================


Delete any copy of combofix that you may have downloaded previously.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 29 October 2009 - 07:06 PM

Hi Sam

Ok... that was 'interesting' and a little hairy at times....

I removed the Java and updated as you asked. During that install Firefox decided to update itself. Unsure if this was an intended part of the process I was going through, I allowed it. Java didn't seem to complain about this. Not entirely convinced that it all worked out ok, but as Zone alarm is now asking for numerous requests from java, I'm assuming it did.

I downloaded and ran Combo-fix.exe.
It told me to:
  • Turn off AVG
  • Turn off Windows System Defender
Well, I could do the first by de-activating the resident shield on AVG.
I was totally at sea about WSD- not sure if I've got this wrong but isn't that a virus? :(

Anyway, I decided to continue. Halfway through, Combo-fix stated that a rootkit was present and it needed to reboot the system. I clicked ok. It did nothing. For ages. And ages. and some more ages. So I bravely/foolishly hit the shut down button and told it to restart. It did. Phew. :(

It did some clever things and eventually spat out this report....

ComboFix 09-10-28.08 - Sam 29/10/2009 23:30.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.614 [GMT 0:00]
Running from: c:\documents and settings\Sam\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Windows System Defender *On-access scanning enabled* (Updated) {BD5AC306-9036-412E-AA92-517CF53893F6}
FW: Windows System Defender *enabled* {11132F66-D317-4C87-99C1-629A57960854}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\kb913800.exe
c:\windows\system32\Config.ini
c:\windows\system32\UACbswtyvohbrobyjeql.db

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :)
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-25 12:38 . 2009-10-25 12:38 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-10-23 19:13 . 2009-10-23 19:13 -------- d-----w- c:\program files\Trend Micro
2009-10-23 18:27 . 2009-10-23 18:27 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\myPod_Apps
2009-10-23 18:15 . 2009-10-23 18:18 -------- d-----w- c:\program files\iPhone Explorer
2009-10-22 15:50 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-22 15:48 . 2009-10-22 15:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 15:11 . 2009-10-22 15:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-22 15:11 . 2009-10-22 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-22 15:10 . 2009-10-22 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-22 08:53 . 2009-10-22 09:23 -------- d-sh--w- c:\documents and settings\All Users\Application Data\7947f
2009-10-20 16:29 . 2009-10-20 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-20 16:29 . 2009-10-20 16:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-20 16:29 . 2009-10-20 16:29 -------- d-----w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2009-10-18 17:48 . 2009-10-18 17:48 101316 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-17 20:12 . 2009-10-17 20:12 -------- d-----w- c:\program files\Outlook Attachment Remover
2009-10-17 12:47 . 2009-10-17 12:47 -------- d-----w- c:\documents and settings\Sam I am not\Application Data\Malwarebytes
2009-10-17 12:40 . 2009-10-17 12:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-17 01:48 . 2009-10-17 02:35 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Chilibase
2009-10-17 01:48 . 2009-10-17 01:48 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\assembly
2009-10-17 01:48 . 2009-10-17 01:48 -------- d-----w- c:\program files\Common Files\Redemption
2009-10-17 01:47 . 2009-10-17 01:47 -------- d-----w- c:\program files\Axonic
2009-10-17 01:47 . 2009-10-17 01:47 -------- d-----w- c:\program files\Public Shareware
2009-10-17 01:45 . 2009-10-17 01:45 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\VeranoSoft
2009-10-15 00:47 . 2009-10-15 00:47 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Evernote
2009-10-15 00:47 . 2009-10-15 00:47 -------- d-----w- c:\program files\Evernote
2009-10-14 22:31 . 2009-10-17 22:56 -------- d-----w- C:\WePrint
2009-10-14 17:34 . 2009-10-14 17:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-14 17:34 . 2009-10-14 17:34 -------- d-----w- c:\windows\system32\AGEIA
2009-10-13 18:59 . 2007-12-02 12:28 53248 ----a-w- c:\windows\system\PhysXLoader.dll
2009-10-13 18:52 . 2009-10-13 18:53 -------- d--h--w- c:\windows\msdownld.tmp
2009-10-13 18:52 . 2009-10-13 21:50 -------- d-----w- c:\windows\Logs
2009-10-13 18:24 . 2009-10-13 22:43 -------- d-----w- c:\program files\Crazy Machines II Gold
2009-10-13 18:23 . 2007-07-19 23:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-10-13 18:23 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-10-13 18:23 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-10-13 18:23 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-10-13 18:23 . 2007-10-22 02:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-10-13 18:23 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-10-13 18:23 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-10-13 18:23 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-10-13 18:23 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-10-13 18:22 . 2009-10-13 18:22 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-13 18:22 . 2009-10-13 18:22 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-13 18:22 . 2009-10-13 18:22 -------- d-----w- c:\program files\OpenAL
2009-10-13 17:43 . 2009-10-13 17:43 -------- d-----w- c:\program files\iPod
2009-10-13 17:43 . 2009-10-13 17:44 -------- d-----w- c:\program files\iTunes
2009-10-12 23:52 . 2009-06-10 22:22 32768 ----a-w- c:\windows\system32\CleanMem.exe
2009-10-12 23:51 . 2009-10-12 23:51 -------- d-----w- c:\windows\CleanMem
2009-10-12 23:51 . 2009-10-12 23:51 -------- d-----w- c:\program files\CleanMem
2009-10-12 23:39 . 2007-02-09 15:46 90112 ----a-w- c:\windows\SendToClip.exe
2009-10-12 23:39 . 2009-10-12 23:39 -------- d-----w- c:\program files\Send To Toys
2009-10-12 19:38 . 2009-10-12 19:38 -------- d-----w- c:\program files\GFI
2009-10-12 19:10 . 2009-10-12 19:20 -------- d-----w- c:\documents and settings\Sam\Application Data\IObit
2009-10-12 19:10 . 2009-10-12 19:10 -------- d-----w- c:\program files\IObit
2009-10-12 18:01 . 2009-10-12 18:01 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 22:48 . 2009-10-29 22:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 22:48 . 2006-03-17 10:58 -------- d-----w- c:\program files\Java
2009-10-22 15:47 . 2008-03-24 18:42 -------- d-----w- c:\program files\Lavasoft
2009-10-22 15:17 . 2006-03-17 12:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-22 09:46 . 2008-03-24 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 17:07 . 2008-03-25 12:08 -------- d-----w- c:\documents and settings\Sam\Application Data\AdobeUM
2009-10-20 16:29 . 2009-08-31 17:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 15:23 . 2008-03-24 21:40 -------- d-----w- c:\program files\Reasonable NoClone 2007 Enterprise
2009-10-17 14:07 . 2008-03-24 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 00:47 . 2006-03-17 11:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 17:43 . 2008-03-24 20:56 -------- d-----w- c:\program files\Common Files\Apple
2009-10-13 10:03 . 2006-03-17 12:26 132320 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 00:20 . 2009-08-17 18:02 -------- d-----w- c:\program files\Common Files\Acronis
2009-10-13 00:17 . 2008-03-24 15:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-12 19:43 . 2008-03-24 10:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-10-12 19:43 . 2006-03-17 12:04 -------- d-----w- c:\program files\X10 Hardware
2009-10-12 18:33 . 2009-04-24 17:43 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-01 15:55 . 2008-04-12 06:47 -------- d-----w- c:\documents and settings\Sam\Application Data\U3
2009-09-25 05:37 . 2006-03-17 09:20 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2009-06-08 11:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-20 12:23 . 2009-09-14 18:10 -------- d-----w- c:\documents and settings\Sam\Application Data\Skype
2009-09-20 12:22 . 2009-09-14 18:12 -------- d-----w- c:\documents and settings\Sam\Application Data\skypePM
2009-09-20 02:01 . 2008-03-24 15:28 -------- d-----w- c:\program files\IrfanView
2009-09-15 17:35 . 2009-09-15 17:35 246720 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-14 18:12 . 2009-09-14 18:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 18:09 . 2009-09-14 18:09 -------- d-----r- c:\program files\Skype
2009-09-14 18:09 . 2009-09-14 18:09 -------- d-----w- c:\program files\Common Files\Skype
2009-09-14 18:09 . 2009-09-14 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-11 14:35 . 2008-03-24 20:59 -------- d-----w- c:\documents and settings\Sam\Application Data\Apple Computer
2009-09-11 14:18 . 2006-03-17 09:20 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 11:27 . 2009-09-11 11:27 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-11 11:25 . 2009-09-11 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 11:21 . 2009-09-11 11:21 -------- d-----w- c:\program files\Bonjour
2009-09-11 11:21 . 2009-09-11 11:20 -------- d-----w- c:\program files\QuickTime
2009-09-11 00:17 . 2009-07-20 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 00:08 . 2009-07-20 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 13:54 . 2009-07-20 20:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-07-20 20:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2006-03-17 09:19 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 16:44 . 2009-10-13 18:54 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-10-13 18:54 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-10-13 18:54 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-10-13 18:54 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-10-13 18:54 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-10-13 18:54 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-10-13 18:54 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-10-13 18:54 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-31 17:51 . 2009-08-31 17:51 -------- d-----w- c:\program files\IKEA HomePlanner
2009-08-28 18:42 . 2009-07-09 14:06 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 18:42 . 2008-10-14 17:29 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2006-03-17 09:20 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 08:31 . 2009-02-12 00:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 08:31 . 2008-08-04 19:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 08:31 . 2008-03-24 13:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 18:03 . 2009-08-17 18:03 902592 ----a-w- c:\windows\system32\drivers\tdrpm228.sys
2009-08-17 18:03 . 2009-08-17 18:03 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-17 18:03 . 2009-08-17 18:03 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-14 12:36 . 2009-08-14 12:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-06 19:24 . 2008-12-07 12:43 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 19:24 . 2008-12-07 12:43 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 19:24 . 2008-12-07 12:43 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 19:24 . 2008-12-07 12:43 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 19:24 . 2008-12-07 12:43 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 19:24 . 2008-12-07 12:42 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 19:23 . 2008-12-07 12:42 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 19:23 . 2008-12-07 12:43 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-03-17 09:20 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2006-03-17 09:20 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-04-06 15:55 . 2008-04-06 15:55 154 ----a-w- c:\program files\Compact Framework 2.0.INI
2007-02-14 01:54 . 2008-04-06 15:55 2246760 ----a-w- c:\program files\NETCFv2.wm.armv4i.cab
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-15 1769472]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Server Application for MFP Server"="c:\program files\Belkin\All-in-One Print Server\ServoApp.exe" [2006-08-03 290816]
"MFP Server Agent"="c:\program files\Belkin\All-in-One Print Server\MFPAgent.exe" [2006-08-31 716800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-16 7557120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-29 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-7-23 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 08:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KYESCAN.lnk]
backup=c:\windows\pss\KYESCAN.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/10/2009 15:50 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/08/2008 19:03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/03/2009 14:46 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 20:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 20:24 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/02/2009 00:18 297752]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [12/10/2009 19:38 440616]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [12/10/2009 19:38 1412392]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [24/03/2008 14:46 9472]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [17/03/2006 12:04 7040]
S2 ALIWEHCD;Belkin All-In-One Print Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [24/03/2008 14:46 53152]
S2 BulkUsb;Genius ColorPage USB Scanner;c:\windows\system32\drivers\usbscan.sys [30/07/2008 14:01 15104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1170768]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 20:24 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:49]

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-10-29 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-10-12 22:22]

2008-10-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]

2009-10-17 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-07-20 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\nguboxo7.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - component: c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\nguboxo7.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\nguboxo7.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\nguboxo7.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 23:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-10-29 23:46
ComboFix-quarantined-files.txt 2009-10-29 23:46

Pre-Run: 35,312,558,080 bytes free
Post-Run: 35,280,015,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B2283A9DDA50BF3572316DA25FE095B4


What's next, Sam the man?

#6 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 29 October 2009 - 07:43 PM

Hi Sam

Thought I should update you:

I've just run a few random Google searches using Firefox. [I tried 'Google redirects' which I know from before redirected about 1 in 3 links] I must have opened fifty or so new tabs and not one of them redirected.

Also, Firefox seems a little less sluggish and those 'lags' seem to have gone away.

Hopefully this isn't premature rejoicing but it's looking good so far thanks to your help...

Looking forward to you next mission for me.

Thanks.

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:49 AM

Posted 30 October 2009 - 07:11 AM

Looking good! :(

Let's just run a full scan with malwarebytes now and pick up any remnants left over.


Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 02 November 2009 - 06:14 AM

Hi Sam

Ok, I ran MBAM and it came up clean. Hoping that's all good news. :(

Here's the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3063
Windows 5.1.2600 Service Pack 3

31/10/2009 02:35:19
mbam-log-2009-10-31 (02-35-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 261672
Time elapsed: 1 hour(s), 29 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:49 AM

Posted 02 November 2009 - 08:16 AM

Indeed it is! :(
As long as everything seems to working properly on your end I think you're good to go.


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 02 November 2009 - 09:15 AM

Hi there Sam

Thanks for getting back to me so quickly as usual.

Ok can I just check something:

I did the run command as you said. Things seemed to be happening but then I got two warnings from Combo Fix:
  • The warning that I was running WSD and AVG anti-virus
  • A warning that the version I was running wasn't good and that it needed re-downloading
I got a bit confused because it seemed to be trying to run, not uninstalling as I had hoped it would.

I closed the warnings with the X top right.
I ran the combofix /U command again

I was informed that Combofix wasn't found.

I'm guessing then that it did uninstall and all is ok, but I wanted to check this with you, please.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:49 AM

Posted 02 November 2009 - 07:16 PM

Well, it sounds like you got there. :(

Just make sure that combo-fix.exe is no longer found on your desktop and also check to be sure that the C:\Qoobox folder is deleted.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 03 November 2009 - 06:11 AM

Sam

You're an absolute diamond, thank you! :(

Thanks too for the check-list of advisable security items. I had all but SpywareBlaster. I have it now and it's running happily.

I decided to ditch AVG in favour of Avast!. I ran a boot check using it and it turned up this: atapi.sys in System32 and quarantined it.

Well I'm very pleased I came across this great site.

I reckon that's us done then...

Thanks again for your efficient, accurate and friendly help. I Really wouldn't have got here without you.
:(

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:49 AM

Posted 03 November 2009 - 08:13 AM

I'm glad I could help you out! :(

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users