Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Find what is downloading secondary infection like Trojan.brisV and hogging bandwidth


  • This topic is locked This topic is locked
10 replies to this topic

#1 rotahed

rotahed

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 05 January 2010 - 11:01 PM

Hi All

My fathers laptop has some issues. When the network cable or wireless is connected to the net the computer hogs all the bandwidth and appears to be downloading or uploading something. I have run spyware doctor, spybot S&D, Malwarebytes, Ad-aware, AVG in normal and safe mode. It has fixed the majority of the issues but it has not fixed the bandwidth hogging. Here is a list of some of the things the scanners found and cleaned.

Adware.zangosearch
Trojan.brisV
spyware.mywebtattoo
virtumonde

Any help would be greatly appreciated

PS as per the guide I did a rootrepeal scan and it got and error and closed not sure what it was though.

cheers
Christian

Below is the dds report


DDS (Ver_09-12-01.01) - NTFSx86
Run by Barry at 12:09:49.26 on Wed 06/01/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2037.708 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\vsnp2std.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\ATWTUSB.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MyInk\My Ink Resident.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Barry\AppData\Local\Temp\FF87.tmp\edS.exe
C:\Users\Barry\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2247187
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMar1.dll
mURLSearchHooks: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMar1.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMar1.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMar1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [atwtusb] atwtusb.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\barry\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\myinkr~1.lnk - c:\program files\myink\My Ink Resident.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUplden-au.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://khrissa.spaces.live.com/PhotoUpload/VistaMsnPUplden-au.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: avgrsstx.dll
LSA: Notification Packages = scecli psqlpwd
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\barry\appdata\roaming\mozilla\firefox\profiles\k1c5ins8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\barry\appdata\roaming\mozilla\firefox\profiles\k1c5ins8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\FFExternalAlert.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-5 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-4 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-4 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-4 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-4 285392]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-5 112592]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-4 1153368]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-5-3 7168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-23 21504]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-5 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-5 1141712]

=============== Created Last 30 ================

2010-01-06 00:49:57 0 d-----w- c:\program files\Trend Micro
2010-01-05 03:33:27 183999642 ----a-w- c:\windows\MEMORY.DMP
2010-01-05 02:38:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-05 02:16:05 0 d-----w- c:\programdata\Lavasoft
2010-01-05 02:16:05 0 d-----w- c:\program files\Lavasoft
2010-01-05 02:01:06 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-05 02:00:09 0 d-----w- c:\users\barry\appdata\roaming\PC Tools
2010-01-05 02:00:09 0 d-----w- c:\programdata\PC Tools
2010-01-05 02:00:09 0 d-----w- c:\program files\Spyware Doctor
2010-01-05 02:00:09 0 d-----w- c:\program files\common files\PC Tools
2010-01-05 01:59:54 0 d---a-w- c:\programdata\TEMP
2010-01-04 05:18:01 0 d--h--w- C:\$AVG
2010-01-04 05:17:49 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-04 05:15:56 0 d-----w- c:\programdata\avg9
2010-01-04 03:10:39 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-04 03:10:39 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 00:57:31 0 d-----w- c:\users\barry\appdata\roaming\Malwarebytes
2010-01-04 00:57:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 00:57:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 00:57:26 0 d-----w- c:\programdata\Malwarebytes
2010-01-04 00:57:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 10:13:10 0 ----a-w- c:\windows\system32\16827.exe
2010-01-01 09:53:09 0 ----a-w- c:\windows\system32\23281.exe
2010-01-01 09:33:08 0 ----a-w- c:\windows\system32\28145.exe
2010-01-01 09:13:07 0 ----a-w- c:\windows\system32\5705.exe
2010-01-01 08:53:06 0 ----a-w- c:\windows\system32\24464.exe
2010-01-01 08:33:05 0 ----a-w- c:\windows\system32\26962.exe
2010-01-01 08:13:04 0 ----a-w- c:\windows\system32\29358.exe
2010-01-01 07:53:03 0 ----a-w- c:\windows\system32\11478.exe
2010-01-01 07:33:01 0 ----a-w- c:\windows\system32\15724.exe
2010-01-01 07:13:00 0 ----a-w- c:\windows\system32\19169.exe
2010-01-01 06:52:59 0 ----a-w- c:\windows\system32\26500.exe
2009-12-31 06:20:13 0 ----a-w- c:\windows\system32\6334.exe
2009-12-31 05:47:11 0 ----a-w- c:\windows\system32\18467.exe
2009-12-31 05:24:41 773120 ----a-w- c:\windows\system32\drivers\qibrkx.sys
2009-12-31 05:22:47 1 ----a-w- C:\s
2009-12-31 05:22:40 22016 ----a-w- C:\oxbhp.exe
2009-12-30 02:21:45 0 d-----w- c:\program files\Windows Portable Devices
2009-12-30 02:20:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-30 02:17:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-30 02:00:55 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-30 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-30 02:00:53 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-30 01:58:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-30 01:54:39 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-30 01:54:38 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-30 01:54:38 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-28 18:30:39 0 d-----w- c:\windows\system32\eu-ES
2009-12-28 18:30:39 0 d-----w- c:\windows\system32\ca-ES
2009-12-28 18:30:30 0 d-----w- c:\windows\system32\vi-VN
2009-12-28 14:53:13 0 d-----w- c:\windows\system32\EventProviders
2009-12-21 17:43:56 8704 ----a-w- c:\users\barry\Oder no 2122009DLPC.xls
2009-12-10 04:23:13 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 04:23:08 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 04:23:08 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 04:34:56 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 04:34:47 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 04:34:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 04:34:04 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 08:41:29 0 d-----w- c:\program files\iPod
2009-12-08 08:40:36 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-01-04 05:17:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-04 05:17:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-30 02:21:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-30 02:21:27 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-30 02:21:26 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-30 02:21:26 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-28 18:16:31 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-10 00:28:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 00:28:10 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 00:28:10 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 00:26:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 01:20:12 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-02 10:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 15:36:02 1152444 ----a-w- c:\windows\UDB.zip
2009-10-27 10:54:22 38 ----a-w- c:\users\barry\jagex_runescape_preferences.dat
2009-10-27 09:35:06 63 ----a-w- c:\users\barry\jagex_runescape_preferences2.dat
2008-09-28 02:18:54 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:10:39.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 AM

Posted 06 January 2010 - 08:19 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 rotahed

rotahed
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 06 January 2010 - 09:14 PM

Hi Sam

Thanks for your help so far

I did a mbam scan and it found nothing. However as it finished avg came up with a a warning

oxbhp.exe


trojan horse backdoor.generic 12.WHD


Also here are the logs for the OTL.txt followed by extras.txt



OTL logfile created on: 7/01/2010 11:55:22 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Barry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.24 Gb Total Space | 25.70 Gb Free Space | 24.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.41 Gb Free Space | 74.76% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QUARKSPACE
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/07 11:48:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Barry\Desktop\OTL.exe
PRC - [2010/01/05 12:33:34 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/05 12:33:33 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/04 15:17:10 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/04 15:17:10 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/04 15:17:09 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/04 15:17:09 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/04 15:16:02 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/04 15:16:00 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/20 08:48:16 | 00,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 16:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 16:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/09 20:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 19:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/09 14:40:56 | 00,304,128 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\swriter.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/05 20:41:45 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/09/28 00:13:04 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/14 10:40:44 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/08/14 10:40:36 | 01,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/02/27 11:07:26 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
PRC - [2008/02/27 11:07:14 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdnserv.exe
PRC - [2008/02/11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/02/11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/02/11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/01/19 17:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 17:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 17:33:12 | 00,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/08/15 06:31:50 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/07 10:05:46 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/04/26 18:22:36 | 04,803,584 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/04/10 16:40:28 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/04/05 22:03:22 | 00,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/03/22 11:46:54 | 00,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/02/26 14:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/22 04:28:36 | 00,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/02/22 04:10:00 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/01/23 01:59:08 | 00,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/12/19 23:16:44 | 00,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/12/03 16:51:38 | 00,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/12/03 16:34:56 | 00,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/11/15 15:02:36 | 01,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/11/15 14:19:42 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2006/11/15 13:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/09/15 13:21:54 | 00,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe
PRC - [2006/08/24 09:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/08/17 16:53:14 | 00,036,864 | ---- | M] () -- C:\Program Files\MyInk\My Ink Resident.exe
PRC - [2006/05/26 11:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/07 11:48:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Barry\Desktop\OTL.exe
MOD - [2010/01/04 15:17:50 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 16:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/01/05 12:33:33 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/04 15:16:00 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/25 11:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/25 23:17:01 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/25 00:00:32 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/27 11:07:26 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 11:07:14 | 00,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2008/01/19 17:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/02/26 14:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/22 04:28:36 | 00,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/02/22 04:10:00 | 00,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/15 13:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/02 22:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 07:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/24 09:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/26 11:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2247187
IE - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\S-1-5-21-2242916438-2647509237-4186725932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\S-1-5-21-2242916438-2647509237-4186725932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\S-1-5-21-2242916438-2647509237-4186725932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Mario Forever Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {707db484-2428-402d-afb5-d85b387544c7}:2.4.0.4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/04 15:15:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 10:38:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 10:38:00 | 00,000,000 | ---D | M]

[2008/09/07 13:25:50 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Mozilla\Extensions
[2010/01/07 10:30:30 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\extensions
[2009/12/12 00:40:16 | 00,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}
[2008/12/14 20:11:52 | 00,000,682 | ---- | M] () -- C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\searchplugins\ask.xml
[2009/09/01 12:05:46 | 00,000,888 | ---- | M] () -- C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\searchplugins\conduit.xml
[2010/01/07 10:38:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/03 16:58:24 | 00,864,768 | ---- | M] (UPEK Inc.) -- C:\Program Files\Mozilla Firefox\components\pbgk1_8.dll
[2007/12/05 19:43:07 | 00,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2009/12/22 13:30:24 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/22 13:30:24 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 13:30:24 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 13:30:24 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (371260 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12799 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\ATWTUSB.EXE ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000..\Run: [TOSCDSPD] File not found
O4 - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2242916438-2647509237-4186725932-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resou...NPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://khrissa.spaces.live.com/PhotoUpload...nPUplden-au.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03d8ac7c-a252-11dc-950b-00a0d17bbe1e}\Shell\AutoRun\command - "" = F:\AutoTransfer.exe -- File not found
O33 - MountPoints2\{31db23a2-cf22-11de-ad92-00a0d17bbe1e}\Shell - "" = AutoRun
O33 - MountPoints2\{31db23a2-cf22-11de-ad92-00a0d17bbe1e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{937e8674-336d-11dd-a611-00a0d17bbe1e}\Shell\AutoRun\command - "" = ·Ë
O33 - MountPoints2\{937e8674-336d-11dd-a611-00a0d17bbe1e}\Shell\explore\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{937e8674-336d-11dd-a611-00a0d17bbe1e}\Shell\open\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{a769ae7a-f59c-11de-9777-00a0d17bbe1e}\Shell\AutoRun\command - "" = H:\install.exe -- File not found
O33 - MountPoints2\{dccd750d-c391-11de-845f-00a0d17bbe1e}\Shell\AutoRun\command - "" = RECYCLER\usbassist.exe
O33 - MountPoints2\{dccd750d-c391-11de-845f-00a0d17bbe1e}\Shell\opEN\CoMmanD - "" = RECYCLER\usbassist.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/28 12:07:11 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2010/01/07 11:50:08 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Barry\Desktop\OTL.exe
[2010/01/07 11:12:51 | 03,696,032 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Barry\Desktop\mbam-rules.exe
[2010/01/07 11:07:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 11:07:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 11:07:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/07 10:42:18 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Barry\Desktop\mbam-setup(2).exe
[2010/01/07 10:40:17 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Barry\Desktop\mbam-setup.exe
[2010/01/07 10:31:29 | 07,912,808 | ---- | C] (Mozilla) -- C:\Users\Barry\Desktop\Firefox Setup 3.5.7.exe
[2010/01/07 09:02:29 | 00,000,000 | ---D | C] -- C:\Users\Barry\Desktop\TCPView
[2010/01/07 08:50:21 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Barry\Desktop\procexp.exe
[2010/01/07 08:44:10 | 00,000,000 | ---D | C] -- C:\Users\Barry\AppData\Roaming\TeamViewer
[2010/01/07 08:44:03 | 00,000,000 | ---D | C] -- C:\Users\Barry\temp
[2010/01/06 12:04:58 | 00,472,064 | ---- | C] ( ) -- C:\Users\Barry\Desktop\RootRepeal.exe
[2010/01/06 10:49:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/05 14:39:29 | 00,000,000 | ---D | C] -- C:\Users\Barry\Desktop\spyware doctor v7.x.x.xxx serial
[2010/01/05 12:16:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/01/05 12:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/05 12:01:06 | 00,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/05 12:00:38 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/01/05 12:00:38 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/01/05 12:00:38 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/01/05 12:00:32 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/01/05 12:00:32 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/01/05 12:00:27 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/01/05 12:00:27 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/01/05 12:00:21 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/01/05 12:00:09 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/05 12:00:09 | 00,000,000 | ---D | C] -- C:\Users\Barry\AppData\Roaming\PC Tools
[2010/01/05 12:00:09 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/05 12:00:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/05 11:59:54 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/05 11:56:27 | 34,628,928 | ---- | C] (PC Tools ) -- C:\Users\Barry\Desktop\sdsetup.exe
[2010/01/05 11:56:06 | 91,338,304 | ---- | C] (Lavasoft ) -- C:\Users\Barry\Desktop\Ad-AwareInstallation.exe
[2010/01/04 15:18:01 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/04 15:17:49 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/04 15:16:53 | 00,000,000 | ---D | C] -- C:\Users\Barry\Desktop\ProcessExplorer
[2010/01/04 15:15:56 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/04 13:10:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/04 13:10:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/04 13:09:49 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Barry\Desktop\spybotsd162.exe
[2010/01/04 12:44:00 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Barry\Desktop\avg_free_stb_all_9_40_cnet(2).exe
[2010/01/04 10:57:31 | 00,000,000 | ---D | C] -- C:\Users\Barry\AppData\Roaming\Malwarebytes
[2010/01/04 10:57:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/31 15:24:46 | 00,000,000 | ---D | C] -- C:\Users\Barry\AppData\Local\mjiscw
[2009/12/30 12:21:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/12/29 04:30:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/12/29 04:30:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/12/29 04:30:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/12/29 00:53:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/12/26 10:28:01 | 00,000,000 | ---D | C] -- C:\Users\Barry\Desktop\Photos
[2009/12/26 10:24:04 | 00,000,000 | ---D | C] -- C:\Users\Barry\Desktop\BARRY
[2009/09/10 20:50:14 | 01,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2009/09/10 20:50:14 | 00,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2009/09/10 20:50:14 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2009/09/10 20:50:14 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
[2009/09/10 20:50:14 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2009/09/10 20:50:13 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2009/09/10 20:50:13 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2009/09/10 20:50:13 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2009/09/10 20:50:12 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2009/09/10 20:50:11 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2009/09/10 20:50:11 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
[2006/11/16 17:19:50 | 00,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2006/11/16 15:57:44 | 00,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/07 11:57:41 | 00,773,120 | ---- | M] () -- C:\Windows\System32\drivers\qibrkx.sys
[2010/01/07 11:54:39 | 07,602,176 | -HS- | M] () -- C:\Users\Barry\ntuser.dat
[2010/01/07 11:48:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Barry\Desktop\OTL.exe
[2010/01/07 11:15:10 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/07 11:13:59 | 00,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/07 11:13:59 | 00,641,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/07 11:13:59 | 00,122,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/07 11:10:12 | 03,696,032 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Barry\Desktop\mbam-rules.exe
[2010/01/07 11:07:39 | 00,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 10:42:10 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Barry\Desktop\mbam-setup(2).exe
[2010/01/07 10:40:25 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Barry\Desktop\mbam-setup.exe
[2010/01/07 10:35:59 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 10:35:59 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 10:32:11 | 07,912,808 | ---- | M] (Mozilla) -- C:\Users\Barry\Desktop\Firefox Setup 3.5.7.exe
[2010/01/07 10:09:32 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/07 09:00:03 | 00,212,862 | ---- | M] () -- C:\Users\Barry\Desktop\TCPView.zip
[2010/01/07 08:48:39 | 01,615,732 | ---- | M] () -- C:\Users\Barry\Desktop\ProcessExplorer.zip
[2010/01/07 08:46:40 | 47,512,541 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/07 08:46:01 | 00,135,014 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/07 08:38:11 | 00,000,291 | ---- | M] () -- C:\Windows\win.ini
[2010/01/07 08:38:04 | 00,003,653 | ---- | M] () -- C:\Windows\aiptbl.ini
[2010/01/07 08:36:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/07 08:35:45 | 21,370,55232 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 08:34:36 | 02,066,560 | ---- | M] () -- C:\Users\Barry\Desktop\TeamViewerQS.exe
[2010/01/06 15:00:03 | 00,524,288 | -HS- | M] () -- C:\Users\Barry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/06 15:00:03 | 00,065,536 | -HS- | M] () -- C:\Users\Barry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/06 14:58:00 | 03,592,642 | -H-- | M] () -- C:\Users\Barry\AppData\Local\IconCache.db
[2010/01/06 12:12:26 | 00,000,000 | ---- | M] () -- C:\Users\Barry\Desktop\settings.dat
[2010/01/06 11:31:42 | 00,472,064 | ---- | M] ( ) -- C:\Users\Barry\Desktop\RootRepeal.exe
[2010/01/06 11:08:22 | 00,524,288 | ---- | M] () -- C:\Users\Barry\Desktop\dds.scr
[2010/01/06 10:50:00 | 00,001,885 | ---- | M] () -- C:\Users\Barry\Desktop\HijackThis.lnk
[2010/01/05 17:33:29 | 00,001,356 | ---- | M] () -- C:\Users\Barry\AppData\Local\d3d9caps.dat
[2010/01/05 13:33:27 | 18,399,9642 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/05 12:17:34 | 00,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/01/05 12:00:24 | 00,001,770 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/05 11:53:26 | 34,628,928 | ---- | M] (PC Tools ) -- C:\Users\Barry\Desktop\sdsetup.exe
[2010/01/05 11:52:16 | 91,338,304 | ---- | M] (Lavasoft ) -- C:\Users\Barry\Desktop\Ad-AwareInstallation.exe
[2010/01/04 15:17:50 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/04 15:17:50 | 00,001,658 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/04 15:17:49 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/04 15:17:35 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/04 15:17:34 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/04 15:17:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/04 14:55:58 | 00,371,260 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/04 13:11:02 | 00,001,066 | ---- | M] () -- C:\Users\Barry\Desktop\Spybot - Search & Destroy.lnk
[2010/01/04 12:58:02 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Barry\Desktop\spybotsd162.exe
[2010/01/04 12:15:51 | 00,000,000 | ---- | M] () -- C:\Windows\System32\11478.exe
[2010/01/04 11:55:50 | 00,000,000 | ---- | M] () -- C:\Windows\System32\15724.exe
[2010/01/04 11:35:49 | 00,000,000 | ---- | M] () -- C:\Windows\System32\19169.exe
[2010/01/04 11:15:47 | 00,000,000 | ---- | M] () -- C:\Windows\System32\26500.exe
[2010/01/04 10:55:46 | 00,000,000 | ---- | M] () -- C:\Windows\System32\6334.exe
[2010/01/04 10:35:45 | 00,000,000 | ---- | M] () -- C:\Windows\System32\18467.exe
[2010/01/04 10:31:16 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Barry\Desktop\avg_free_stb_all_9_40_cnet(2).exe
[2010/01/01 20:15:07 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/01 20:13:10 | 00,000,000 | ---- | M] () -- C:\Windows\System32\16827.exe
[2010/01/01 19:53:09 | 00,000,000 | ---- | M] () -- C:\Windows\System32\23281.exe
[2010/01/01 19:33:08 | 00,000,000 | ---- | M] () -- C:\Windows\System32\28145.exe
[2010/01/01 19:13:07 | 00,000,000 | ---- | M] () -- C:\Windows\System32\5705.exe
[2010/01/01 18:53:06 | 00,000,000 | ---- | M] () -- C:\Windows\System32\24464.exe
[2010/01/01 18:33:05 | 00,000,000 | ---- | M] () -- C:\Windows\System32\26962.exe
[2010/01/01 18:13:04 | 00,000,000 | ---- | M] () -- C:\Windows\System32\29358.exe
[2010/01/01 16:07:20 | 00,050,176 | ---- | M] () -- C:\Users\Barry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 15:22:47 | 00,000,001 | ---- | M] () -- C:\s
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 12:20:16 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/30 12:17:25 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/12/29 15:25:27 | 00,066,511 | ---- | M] () -- C:\Users\Barry\Desktop\ANZ Internet Banking.pdf
[2009/12/29 14:43:46 | 00,414,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/28 18:02:04 | 00,049,304 | ---- | M] () -- C:\Users\Barry\Desktop\Cineplex - Booking - Step 3...pdf
[2009/12/28 18:00:38 | 00,040,850 | ---- | M] () -- C:\Users\Barry\Desktop\cineplex.com.pdf
[2009/12/25 13:50:14 | 00,001,779 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2009/12/25 13:50:14 | 00,001,312 | ---- | M] () -- C:\Users\Barry\Desktop\Upgrade to Paltalk Extreme.lnk
[2009/12/25 13:50:10 | 00,001,753 | ---- | M] () -- C:\Users\Barry\Desktop\PaltalkScene.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/07 11:07:39 | 00,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 09:00:04 | 00,212,862 | ---- | C] () -- C:\Users\Barry\Desktop\TCPView.zip
[2010/01/07 08:48:25 | 01,615,732 | ---- | C] () -- C:\Users\Barry\Desktop\ProcessExplorer.zip
[2010/01/07 08:43:58 | 02,066,560 | ---- | C] () -- C:\Users\Barry\Desktop\TeamViewerQS.exe
[2010/01/06 12:12:26 | 00,000,000 | ---- | C] () -- C:\Users\Barry\Desktop\settings.dat
[2010/01/06 12:04:58 | 00,524,288 | ---- | C] () -- C:\Users\Barry\Desktop\dds.scr
[2010/01/06 10:50:00 | 00,001,885 | ---- | C] () -- C:\Users\Barry\Desktop\HijackThis.lnk
[2010/01/05 17:55:31 | 21,370,55232 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/05 13:33:27 | 18,399,9642 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/05 12:38:31 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/01/05 12:17:34 | 00,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/01/05 12:00:38 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/01/05 12:00:38 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/01/05 12:00:38 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/01/05 12:00:38 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/01/05 12:00:38 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/01/05 12:00:32 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/01/05 12:00:27 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/01/05 12:00:27 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/01/05 12:00:24 | 00,001,770 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/05 12:00:21 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/01/04 15:17:50 | 00,001,658 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/04 13:11:02 | 00,001,066 | ---- | C] () -- C:\Users\Barry\Desktop\Spybot - Search & Destroy.lnk
[2010/01/01 20:13:10 | 00,000,000 | ---- | C] () -- C:\Windows\System32\16827.exe
[2010/01/01 19:53:09 | 00,000,000 | ---- | C] () -- C:\Windows\System32\23281.exe
[2010/01/01 19:33:08 | 00,000,000 | ---- | C] () -- C:\Windows\System32\28145.exe
[2010/01/01 19:13:07 | 00,000,000 | ---- | C] () -- C:\Windows\System32\5705.exe
[2010/01/01 18:53:06 | 00,000,000 | ---- | C] () -- C:\Windows\System32\24464.exe
[2010/01/01 18:33:05 | 00,000,000 | ---- | C] () -- C:\Windows\System32\26962.exe
[2010/01/01 18:13:04 | 00,000,000 | ---- | C] () -- C:\Windows\System32\29358.exe
[2010/01/01 17:53:03 | 00,000,000 | ---- | C] () -- C:\Windows\System32\11478.exe
[2010/01/01 17:33:01 | 00,000,000 | ---- | C] () -- C:\Windows\System32\15724.exe
[2010/01/01 17:13:00 | 00,000,000 | ---- | C] () -- C:\Windows\System32\19169.exe
[2010/01/01 16:52:59 | 00,000,000 | ---- | C] () -- C:\Windows\System32\26500.exe
[2009/12/31 16:20:13 | 00,000,000 | ---- | C] () -- C:\Windows\System32\6334.exe
[2009/12/31 15:47:11 | 00,000,000 | ---- | C] () -- C:\Windows\System32\18467.exe
[2009/12/31 15:24:41 | 00,773,120 | ---- | C] () -- C:\Windows\System32\drivers\qibrkx.sys
[2009/12/31 15:22:47 | 00,000,001 | ---- | C] () -- C:\s
[2009/12/30 12:20:16 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/30 12:17:25 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/12/29 15:25:33 | 00,066,511 | ---- | C] () -- C:\Users\Barry\Desktop\ANZ Internet Banking.pdf
[2009/12/28 18:00:49 | 00,040,850 | ---- | C] () -- C:\Users\Barry\Desktop\cineplex.com.pdf
[2009/12/26 19:46:57 | 00,000,955 | ---- | C] () -- C:\Users\Barry\Desktop\Windows Media Player.lnk
[2009/12/26 10:21:26 | 00,049,304 | ---- | C] () -- C:\Users\Barry\Desktop\Cineplex - Booking - Step 3...pdf
[2009/12/25 13:50:14 | 00,001,779 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2009/12/25 13:50:14 | 00,001,312 | ---- | C] () -- C:\Users\Barry\Desktop\Upgrade to Paltalk Extreme.lnk
[2009/11/13 15:02:11 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 16:13:51 | 00,000,093 | ---- | C] () -- C:\Users\Barry\AppData\Local\fusioncache.dat
[2009/09/20 08:51:49 | 00,011,157 | ---- | C] () -- C:\Windows\System32\Cp30ls.dll
[2009/09/10 20:50:15 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2009/09/10 20:50:12 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2009/04/11 16:58:13 | 00,008,200 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/02/16 13:25:01 | 00,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2009/01/21 23:00:25 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/11/22 15:42:19 | 00,000,048 | ---- | C] () -- C:\Windows\scmate.ini
[2008/10/04 22:14:16 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/08/13 00:54:03 | 00,000,148 | ---- | C] () -- C:\Windows\OPHD.INI
[2008/05/08 23:59:59 | 00,049,152 | ---- | C] () -- C:\Windows\System32\Funckey.dll
[2008/05/08 23:59:56 | 00,003,653 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/02/14 16:52:12 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/12/16 17:59:01 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/28 05:51:50 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2007/11/20 12:02:40 | 00,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
[2007/11/20 11:44:48 | 00,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
[2007/10/18 20:32:49 | 00,050,176 | ---- | C] () -- C:\Users\Barry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/16 21:34:49 | 00,001,356 | ---- | C] () -- C:\Users\Barry\AppData\Local\d3d9caps.dat
[2007/10/02 10:51:10 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
[2007/09/29 10:29:41 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/09/29 10:29:41 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/09/29 10:29:41 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/09/29 10:29:41 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/09/29 02:07:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/09/29 02:05:50 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/09/29 02:05:50 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/09/29 02:05:08 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/05/03 10:11:03 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/03 10:06:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/03 10:06:40 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/03 10:06:40 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/03 10:06:40 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/03 10:06:40 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/03 10:06:40 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/03 10:00:10 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/03 09:55:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/22 04:26:58 | 00,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/06 06:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/16 16:32:18 | 00,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2006/11/16 16:29:20 | 12,007,040 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2006/11/02 22:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/23 14:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004/12/09 17:23:10 | 00,015,497 | ---- | C] () -- C:\Windows\snp2std.ini

========== LOP Check ==========

[2009/08/02 23:02:42 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Altium
[2008/01/10 03:10:38 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Azureus
[2009/12/26 14:13:41 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\FrostWire
[2009/09/20 08:57:27 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\IAR Embedded Workbench
[2009/07/19 16:42:41 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\LimeWire
[2009/04/09 11:24:23 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Mount&Blade
[2009/05/17 20:16:30 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Notepad++
[2009/05/11 11:11:58 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\OpenOffice.org
[2009/11/10 19:57:36 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Opera
[2008/08/13 00:56:32 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\OPHD
[2008/09/14 22:34:23 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Paltalk
[2010/01/07 08:44:10 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\TeamViewer
[2007/09/30 18:50:17 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\toshiba
[2008/11/11 10:25:47 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Ulead Systems
[2009/11/19 13:34:51 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\uTorrent
[2007/12/25 18:30:18 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\WinBatch
[2010/01/06 15:00:16 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >






OTL Extras logfile created on: 7/01/2010 11:55:22 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Barry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.24 Gb Total Space | 25.70 Gb Free Space | 24.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.41 Gb Free Space | 74.76% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QUARKSPACE
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2242916438-2647509237-4186725932-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2242916438-2647509237-4186725932-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00472B91-F4E3-4CF6-9FD9-F4C129209C3D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{023A182A-6165-47E0-A963-7C608AFD0D48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04510A79-6AA6-4B97-9124-6E740D3144C8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{11FA8B2B-5987-45F2-9FD6-F95102FE2A96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14F53034-29B6-4CEA-A9F8-8C3929C8B027}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B820235-D0AB-489E-9DC2-10DD2520181E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9748FDEF-087F-4FFB-9606-A9F317CE2EFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7EDEE52-7CDE-4314-A603-9AD5096E8693}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B00C3341-CED2-49D8-BDAC-4E7498C2FE06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B637A738-156D-47BF-89AD-4C1858205D27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE5817E9-8059-459F-9541-4AD817E7D9A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FAFD1EE0-5590-4DB2-95AA-D4A49F6DF0B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12453E42-50C0-4609-8144-8C6E96776FFB}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{15E0890E-0171-45AB-984A-AD07F88A5F2F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1F8AFEFD-89AD-478B-8E71-80AA14E127BF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{24900872-F3E7-4CDF-B183-035833E69161}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2A114AB3-0320-42C8-AF0C-21FAF273BB77}" = protocol=6 | dir=out | app=system |
"{3370253A-ACBF-481C-B92B-7C5B207638E4}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{409665D3-90FE-476B-802B-0DEA49C2A399}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44F9B166-C587-47D5-82B7-4797215A9235}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4545C8F5-D8C4-413E-AD42-2FAEF75FB209}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4A91DB72-D673-435B-8157-23FB10AAF473}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{4BAF362C-C52D-4B68-8C76-CC9CD59D5566}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4F38D1A7-AC10-4F73-9C3E-8CCB2BD294F9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
"{50B79F7D-866E-4E3B-8150-DBFDEBDD8502}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5A2D5209-6D03-4F47-8C92-96E2A35CCAD8}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{60638E19-1987-43C4-B415-F25F62C0161B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{663D8952-A59D-4DC5-B495-D0D04FDB0696}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{6BF82A7B-60B2-4C86-AA63-E8A095B501B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6EDA4FC4-9F6A-47DF-A71B-013EBFE0A332}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnwbgw.exe |
"{7B54DA4F-3D55-4EAD-B682-E07878247C43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81A739F7-9CB1-4CED-ABE5-FAEC56D82C16}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{82510D0F-F4F8-4A71-93FF-43F41328BF02}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
"{86DFB366-CA79-4D37-9195-131BE7835C95}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{8978E93E-C97A-4108-A692-1FE59C606EB1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{99880BC9-81CB-4E8B-A603-C2657E9EE6A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A8AE9F2-4F04-42FB-BAE0-2AE382C87DE7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A336B0B3-9AD3-490A-9338-12772DAEA93C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A437AC8B-994E-49EC-94CC-555A61561598}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
"{A73209BE-B0A3-49B2-A89F-80F9E088A6F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9298587-9815-41E6-8166-2CDAAC10F4C6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{AB4B418A-9412-418B-9CC5-D0C68BDC1559}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{B16532D2-0F50-40D9-B64D-98AD68AAF188}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B2D6EA17-3E18-4DCC-9CE4-7239684E06F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4F009B0-E665-493C-890A-0B9DEDE4BAA6}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
"{B5D6A4B6-A7B8-404B-BF78-D217179F5DF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B86065DA-71F3-45D1-B0AA-00752E8AE27D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{BC103D6F-5DE8-45AB-822D-C1B02DEB9C25}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{BC4446DD-4C29-414B-ABDA-DC8AEAAB5DBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCB8B630-CD9E-4C05-8E0A-A9B6BE7C12F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF60D10F-2870-4209-848B-7F77813062B2}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{C1E84F82-6B2F-457C-A214-21271FFC615F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C389BD3B-A01C-4891-B646-71FF116A4EB7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4E3F2F3-47B0-4C14-931A-3AE4C94CD0D6}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{C4FECB29-B857-4417-AA4C-6F7200C557BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA43AEDF-497E-4AC8-9564-551D3481382C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{DA2C5FE4-CA01-4799-B921-844D6F97EFF2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DBA84FB3-8675-4A90-91A1-B756ED1D6E4C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnwbgw.exe |
"{EA499F7E-340E-4385-9BDA-896ECDA2CCAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5362148-523A-4D7E-A601-D159237E0515}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F6016C10-FC6A-446F-B688-630EC82A9858}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{0D8A900D-4713-40C8-8137-503E97C1EEAD}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{557D1224-74E3-4EDE-A671-A6F40C33C2A1}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{5D49B7D4-5197-44D8-A2B1-3259E87A3531}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8DF1E524-7774-43A1-A325-FAC9DCDD3248}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9898BBC5-DD37-485B-8D7E-EC120BC4F203}C:\program files\adobe\adobe photoshop cs2\photoshop.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cs2\photoshop.exe |
"TCP Query User{9D066209-78D0-4381-A56D-10EBF7A1E9D7}C:\program files\galil\galiltools-x86\bin\galiltools.exe" = protocol=6 | dir=in | app=c:\program files\galil\galiltools-x86\bin\galiltools.exe |
"TCP Query User{A4FF9152-C5D6-4C2F-9DB3-5B7159788404}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{C608CBDC-BE8E-4A97-9534-2A9231AE0A26}C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe |
"TCP Query User{D2B4763C-8874-46B7-B3B7-AC013C0CD31B}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F2555E9C-1E41-452D-BA3E-8FA6FAA18510}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"TCP Query User{FE75C2AD-B485-4F31-9D65-7EBAE333ABB5}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{1580AE52-2D43-4AA8-B4B2-305684E1EAB3}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{32B82A68-84F1-4089-B1FD-6D35A6A6AAF7}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{39126657-EEC4-4449-BBC3-9D3581E162EB}C:\program files\adobe\adobe photoshop cs2\photoshop.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cs2\photoshop.exe |
"UDP Query User{4E32F502-19D4-48BF-8B05-D6D796D00B24}C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe |
"UDP Query User{5992F9FB-FD71-4E79-9144-AD46D77F7B35}C:\program files\galil\galiltools-x86\bin\galiltools.exe" = protocol=17 | dir=in | app=c:\program files\galil\galiltools-x86\bin\galiltools.exe |
"UDP Query User{689C28F0-9B0C-4C68-86E6-B6EF2FB94411}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{7C0CB1BA-CE1E-4617-9817-3498DCED6CC7}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{99FBC3A1-428F-4242-BD07-0A5C459EB3F1}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{D009C323-359F-46F5-BD87-A6FBDF107649}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EF935778-91D2-4898-94A9-DA428F83A80F}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{FB40AEB8-18B1-4F61-8BCA-149EF3DED387}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8537166B-40F4-4FAE-BAC5-454A4DD773B7}" = Power Presenter RE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3F9576E-C395-47D6-84AC-4B19FCD640A9}" = IAR Embedded Workbench KickStart for MSP430 V3.41A
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA47A854-2BA9-498F-97EE-D8FBECF0BA79}" = MyInk
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E327C2A5-E236-44C4-A410-B899403A49A9}" = C5650n Series GDI Driver from OKI® Printing Solutions for Windows XP - Windows Vista - Windows Server 2003
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AVG9Uninstall" = AVG Free 9.0
"Azureus Vuze" = Azureus Vuze
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner (remove only)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"e-tax 2008" = e-tax 2008
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0620
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.5
"GalilTools-x86" = GalilTools-x86
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark 2600 Series" = Lexmark 2600 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mario_Forever Toolbar" = Mario_Forever Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Notepad++" = Notepad++
"OJOsoft Total Video Converter2.5.0.1009" = OJOsoft Total Video Converter
"PalTalk8.2" = PaltalkScene
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Rmtablet" = USB Tablet Driver
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spyware Doctor" = Spyware Doctor 7.0
"Super Mario" = Super Mario
"Super Mario 3 : Mario Forever Advance Edition" = Super Mario 3 : Mario Forever Advance Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinRARi" = WinRARi
"WinZip Self-Extractor" = WinZip Self-Extractor
"WM Recorder 12.0" = WM Recorder 12.0
"Youtube Downloader_is1" = Youtube Downloader 2.3.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2242916438-2647509237-4186725932-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/12/2009 9:34:13 PM | Computer Name = Quarkspace | Source = Application Error | ID = 1000
Description = Faulting application ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52,
faulting module ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52, exception
code 0xc0000005, fault offset 0x00017180, process id 0xd4, application start time
0x01ca81c1c2b41866.

Error - 21/12/2009 11:21:33 PM | Computer Name = Quarkspace | Source = Application Error | ID = 1000
Description = Faulting application ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52,
faulting module ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52, exception
code 0xc0000005, fault offset 0x00017180, process id 0x2f8, application start time
0x01ca82ad1ff3c290.

Error - 22/12/2009 6:39:20 PM | Computer Name = Quarkspace | Source = VSS | ID = 8194
Description =

Error - 23/12/2009 2:57:24 AM | Computer Name = Quarkspace | Source = Application Error | ID = 1000
Description = Faulting application ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52,
faulting module ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52, exception
code 0xc0000005, fault offset 0x00017180, process id 0xa48, application start time
0x01ca834f2c272452.

Error - 24/12/2009 11:42:28 PM | Computer Name = Quarkspace | Source = Application Error | ID = 1000
Description = Faulting application paltalk.exe, version 9.93.3135.1004, time stamp
0x48c83ee6, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000016e4, process id 0x1638, application start time
0x01ca85142428eb4c.

Error - 25/12/2009 10:36:45 AM | Computer Name = Quarkspace | Source = Application Error | ID = 1000
Description = Faulting application ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52,
faulting module ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52, exception
code 0xc0000005, fault offset 0x00017180, process id 0x708, application start time
0x01ca850cafe04a0c.

Error - 26/12/2009 12:57:01 PM | Computer Name = Quarkspace | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.0.3623 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1098 Start Time: 01ca86141650c521 Termination Time: 38

Error - 27/12/2009 12:08:07 PM | Computer Name = Quarkspace | Source = Application Error | ID = 1000
Description = Faulting application ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52,
faulting module ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52, exception
code 0xc0000005, fault offset 0x00017180, process id 0xc14, application start time
0x01ca86f50801f670.

Error - 28/12/2009 3:40:02 AM | Computer Name = Quarkspace | Source = Application Error | ID = 1000
Description = Faulting application ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52,
faulting module ATWTUSB.EXE, version 2.49.5.0, time stamp 0x44c5db52, exception
code 0xc0000005, fault offset 0x00017180, process id 0xa18, application start time
0x01ca875ca8d5538b.

Error - 29/12/2009 12:46:57 AM | Computer Name = Quarkspace | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 2/10/2008 11:29:02 AM | Computer Name = Quarkspace | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 4/01/2010 11:46:57 PM | Computer Name = Quarkspace | Source = DCOM | ID = 10005
Description =

Error - 5/01/2010 3:56:31 AM | Computer Name = Quarkspace | Source = Service Control Manager | ID = 7000
Description =

Error - 5/01/2010 3:56:31 AM | Computer Name = Quarkspace | Source = Service Control Manager | ID = 7000
Description =

Error - 5/01/2010 3:57:23 AM | Computer Name = Quarkspace | Source = Service Control Manager | ID = 7009
Description =

Error - 5/01/2010 3:57:23 AM | Computer Name = Quarkspace | Source = Service Control Manager | ID = 7000
Description =

Error - 5/01/2010 9:38:30 PM | Computer Name = Quarkspace | Source = disk | ID = 262155
Description = The driver detected a controller error on \...\DR2.

Error - 5/01/2010 10:09:01 PM | Computer Name = Quarkspace | Source = Service Control Manager | ID = 7034
Description =

Error - 6/01/2010 12:58:42 AM | Computer Name = Quarkspace | Source = DCOM | ID = 10010
Description =

Error - 6/01/2010 6:36:17 PM | Computer Name = Quarkspace | Source = Service Control Manager | ID = 7000
Description =

Error - 6/01/2010 6:36:17 PM | Computer Name = Quarkspace | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Cheers

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 AM

Posted 07 January 2010 - 08:37 AM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


====================


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 rotahed

rotahed
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 08 January 2010 - 01:06 AM

here the combofix scan log



ComboFix 10-01-04.01 - Barry 08/01/2010 15:27:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2037.933 [GMT 10:00]
Running from: c:\users\Barry\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-533692986-2251870079-395755998-500
C:\install.exe
C:\s
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\drivers\qibrkx.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_qibrkx
-------\Service_qibrkx


((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 03:33 . 2010-01-08 03:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 01:07 . 2009-12-30 04:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 01:07 . 2009-12-30 04:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 01:07 . 2010-01-07 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 22:44 . 2010-01-06 22:44 -------- d-----w- c:\users\Barry\AppData\Roaming\TeamViewer
2010-01-06 22:44 . 2010-01-06 22:44 -------- d-----w- c:\users\Barry\temp
2010-01-06 00:49 . 2010-01-06 00:49 -------- d-----w- c:\program files\Trend Micro
2010-01-05 02:38 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-05 02:16 . 2010-01-05 02:21 -------- d-----w- c:\programdata\Lavasoft
2010-01-05 02:16 . 2010-01-05 02:16 -------- d-----w- c:\program files\Lavasoft
2010-01-05 02:01 . 2010-01-05 02:17 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-04 05:18 . 2010-01-08 05:09 -------- d-----w- C:\$AVG
2010-01-04 05:15 . 2010-01-08 05:09 -------- d-----w- c:\programdata\avg9
2010-01-04 03:10 . 2010-01-04 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 03:10 . 2010-01-04 05:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-04 00:57 . 2010-01-04 00:57 -------- d-----w- c:\users\Barry\AppData\Roaming\Malwarebytes
2010-01-04 00:57 . 2010-01-04 00:57 -------- d-----w- c:\programdata\Malwarebytes
2009-12-31 05:24 . 2010-01-04 02:31 -------- d-----w- c:\users\Barry\AppData\Local\mjiscw
2009-12-30 02:21 . 2009-12-30 02:21 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-30 02:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-30 02:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-30 02:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-30 01:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-30 01:54 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-30 01:54 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-30 01:54 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-28 18:30 . 2009-12-28 18:34 -------- d-----w- c:\windows\system32\ca-ES
2009-12-28 18:30 . 2009-12-28 18:34 -------- d-----w- c:\windows\system32\eu-ES
2009-12-28 18:30 . 2009-12-28 18:34 -------- d-----w- c:\windows\system32\vi-VN
2009-12-28 14:53 . 2009-12-28 14:53 -------- d-----w- c:\windows\system32\EventProviders
2009-12-10 04:23 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 04:23 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 04:23 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 03:31 . 2007-05-02 23:43 -------- d-----w- c:\program files\Java
2010-01-08 02:40 . 2008-09-27 14:13 -------- d-----w- c:\programdata\Google Updater
2010-01-07 01:53 . 2009-05-11 01:12 1 ----a-w- c:\users\Barry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-07 01:03 . 2007-10-13 10:03 -------- d-----w- c:\users\Barry\AppData\Roaming\Skype
2010-01-07 00:48 . 2007-12-16 07:59 -------- d-----w- c:\users\Barry\AppData\Roaming\skypePM
2010-01-06 23:13 . 2009-10-27 05:53 -------- d-----w- c:\program files\Mario_Forever
2010-01-06 02:00 . 2010-01-05 02:00 -------- d-----w- c:\program files\Spyware Doctor
2010-01-05 07:33 . 2007-10-16 11:34 1356 ----a-w- c:\users\Barry\AppData\Local\d3d9caps.dat
2010-01-05 02:34 . 2010-01-05 02:34 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-05 02:34 . 2010-01-05 02:34 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-05 02:34 . 2010-01-05 02:34 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-05 02:34 . 2010-01-05 02:33 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-05 02:33 . 2010-01-05 02:33 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-05 02:33 . 2010-01-05 02:33 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-05 02:33 . 2010-01-05 02:33 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-05 02:33 . 2010-01-05 02:33 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-05 02:33 . 2010-01-05 02:33 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-05 02:33 . 2010-01-05 02:33 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-05 02:33 . 2010-01-05 02:33 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-05 02:33 . 2010-01-05 02:33 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-05 02:33 . 2010-01-05 02:33 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-05 02:05 . 2010-01-05 02:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-05 02:00 . 2010-01-05 02:00 -------- d-----w- c:\users\Barry\AppData\Roaming\PC Tools
2010-01-05 02:00 . 2010-01-05 02:00 -------- d-----w- c:\programdata\PC Tools
2010-01-04 05:15 . 2009-01-04 03:40 -------- d-----w- c:\program files\AVG
2009-12-30 02:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-30 02:20 . 2009-12-30 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-30 02:17 . 2009-12-30 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-28 18:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-26 04:13 . 2008-12-14 09:55 -------- d-----w- c:\users\Barry\AppData\Roaming\FrostWire
2009-12-25 03:50 . 2008-09-14 12:10 -------- d-----w- c:\program files\Paltalk Messenger
2009-12-10 04:25 . 2007-05-03 01:11 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 08:43 . 2009-12-08 08:40 -------- d-----w- c:\program files\iTunes
2009-12-08 08:41 . 2009-12-08 08:41 -------- d-----w- c:\program files\iPod
2009-12-08 08:41 . 2008-10-01 01:14 -------- d-----w- c:\program files\Common Files\Apple
2009-12-08 08:29 . 2009-12-08 08:27 -------- d-----w- c:\program files\QuickTime
2009-12-08 08:17 . 2009-12-08 08:17 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-08 08:14 . 2009-12-08 08:14 -------- d-----w- c:\program files\Safari
2009-12-08 08:10 . 2009-12-08 08:10 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 14:10 . 2010-01-05 02:17 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-06 02:52 . 2009-12-11 14:40 52224 ----a-w- c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\FFExternalAlert.dll
2009-12-06 02:52 . 2009-12-11 14:40 114688 ----a-w- c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\npmozax.dll
2009-12-04 09:41 . 2009-12-04 09:41 341256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-30 03:27 . 2009-02-16 04:07 -------- d-----w- c:\programdata\Lx_cats
2009-11-19 03:34 . 2008-06-16 07:48 -------- d-----w- c:\users\Barry\AppData\Roaming\uTorrent
2009-11-19 01:42 . 2009-11-19 01:42 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-19 01:42 . 2009-11-19 01:42 -------- d-----w- c:\program files\DVDVideoSoft
2009-11-11 00:38 . 2009-10-27 05:53 -------- d-----w- c:\program files\softendo.com
2009-11-10 03:15 . 2009-11-10 02:57 -------- d-----w- c:\program files\Microsoft
2009-11-10 03:14 . 2009-11-10 03:14 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 03:12 . 2009-04-12 05:58 -------- d-----w- c:\program files\Windows Live
2009-11-10 03:10 . 2009-11-10 03:10 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 03:03 . 2009-11-10 03:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 00:28 . 2010-01-05 02:00 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 00:28 . 2010-01-05 02:00 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 00:28 . 2010-01-05 02:00 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 00:26 . 2010-01-05 02:00 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 06:03 . 2008-10-01 01:21 -------- d-----w- c:\users\Barry\AppData\Roaming\Apple Computer
2009-11-09 01:20 . 2010-01-05 02:00 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-02 10:42 . 2009-10-03 11:34 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 01:11 . 2010-01-05 02:00 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-30 01:09 . 2010-01-05 02:00 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-29 09:17 . 2009-11-25 17:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 15:36 . 2010-01-05 02:00 1152444 ----a-w- c:\windows\UDB.zip
2009-10-27 14:11 . 2009-12-09 04:34 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 04:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:54 . 2009-06-05 10:03 38 ----a-w- c:\users\Barry\jagex_runescape_preferences.dat
2009-10-27 09:35 . 2009-09-04 05:42 63 ----a-w- c:\users\Barry\jagex_runescape_preferences2.dat
2009-10-18 23:48 . 2007-09-28 07:42 119144 ----a-w- c:\users\Barry\AppData\Local\GDIPFONTCACHEV1.DAT
2006-12-03 06:58 . 2007-10-01 01:38 864768 ----a-w- c:\program files\mozilla firefox\components\pbgk1_8.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 07:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 07:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-27 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-05 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-14 102400]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"atwtusb"="atwtusb.exe" [2006-07-25 319488]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-06-12 56080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-05-19 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2009-05-19 107176]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-08 149280]

c:\users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-5 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-14 805392]
My Ink Resident.lnk - c:\program files\MyInk\My Ink Resident.exe [2008-5-9 36864]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-12-24 11552768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 06:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:9d,a5,c7,01,42,88,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2242916438-2647509237-4186725932-1000]
"EnableNotificationsRef"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [5/01/2010 12:00 PM 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [5/01/2010 12:00 PM 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/12/2009 11:19 PM 1181328]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [27/02/2008 11:07 AM 98984]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [4/01/2010 1:10 PM 1153368]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [3/05/2007 11:17 AM 7168]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [23/07/2008 6:56 PM 21504]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/01/2010 12:00 PM 359624]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - QIBRKX
*Deregistered* - qibrkx

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-13 13:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2247187
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{707db484-2428-402d-afb5-d85b387544c7} - (no file)
WebBrowser-{707DB484-2428-402D-AFB5-D85B387544C7} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 15:48
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qibrkx]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(2948)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\System32\ATWTUSB.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-08 15:56:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 05:56

Pre-Run: 27,384,639,488 bytes free
Post-Run: 26,661,482,496 bytes free

- - End Of File - - 65885BDEA1C9AD7B7B006B7D65A0B25F

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 AM

Posted 08 January 2010 - 09:21 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\windows\system32\drivers\qibrkx.sys

Folder::
c:\program files\hbt

RegLockDel::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qibrkx]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



====================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 rotahed

rotahed
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 09 January 2010 - 12:08 AM

Hello here are the logs

ComboFix 10-01-04.01 - Barry 09/01/2010 9:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2037.1052 [GMT 10:00]
Running from: c:\users\Barry\Desktop\ComboFix.exe
Command switches used :: c:\users\Barry\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\qibrkx.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\qibrkx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_qibrkx
-------\Service_qibrkx


((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 23:31 . 2010-01-08 23:37 -------- d-----w- c:\users\Barry\AppData\Local\temp
2010-01-08 23:31 . 2010-01-08 23:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-08 23:31 . 2010-01-08 23:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-08 23:31 . 2010-01-08 23:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-08 03:33 . 2010-01-08 03:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 01:07 . 2009-12-30 04:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 01:07 . 2009-12-30 04:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 01:07 . 2010-01-07 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 22:44 . 2010-01-06 22:44 -------- d-----w- c:\users\Barry\AppData\Roaming\TeamViewer
2010-01-06 22:44 . 2010-01-06 22:44 -------- d-----w- c:\users\Barry\temp
2010-01-06 00:49 . 2010-01-06 00:49 -------- d-----w- c:\program files\Trend Micro
2010-01-05 02:38 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-05 02:16 . 2010-01-05 02:21 -------- d-----w- c:\programdata\Lavasoft
2010-01-05 02:16 . 2010-01-05 02:16 -------- d-----w- c:\program files\Lavasoft
2010-01-05 02:01 . 2010-01-05 02:17 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-04 05:18 . 2010-01-08 05:09 -------- d-----w- C:\$AVG
2010-01-04 05:15 . 2010-01-08 05:09 -------- d-----w- c:\programdata\avg9
2010-01-04 03:10 . 2010-01-04 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 03:10 . 2010-01-04 05:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-04 00:57 . 2010-01-04 00:57 -------- d-----w- c:\users\Barry\AppData\Roaming\Malwarebytes
2010-01-04 00:57 . 2010-01-04 00:57 -------- d-----w- c:\programdata\Malwarebytes
2009-12-31 05:24 . 2010-01-04 02:31 -------- d-----w- c:\users\Barry\AppData\Local\mjiscw
2009-12-30 02:21 . 2009-12-30 02:21 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-30 02:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-30 02:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-30 02:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-30 01:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-30 01:54 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-30 01:54 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-30 01:54 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-28 18:30 . 2009-12-28 18:34 -------- d-----w- c:\windows\system32\ca-ES
2009-12-28 18:30 . 2009-12-28 18:34 -------- d-----w- c:\windows\system32\eu-ES
2009-12-28 18:30 . 2009-12-28 18:34 -------- d-----w- c:\windows\system32\vi-VN
2009-12-28 14:53 . 2009-12-28 14:53 -------- d-----w- c:\windows\system32\EventProviders
2009-12-10 04:23 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 04:23 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 04:23 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 03:31 . 2007-05-02 23:43 -------- d-----w- c:\program files\Java
2010-01-08 02:40 . 2008-09-27 14:13 -------- d-----w- c:\programdata\Google Updater
2010-01-07 01:53 . 2009-05-11 01:12 1 ----a-w- c:\users\Barry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-07 01:03 . 2007-10-13 10:03 -------- d-----w- c:\users\Barry\AppData\Roaming\Skype
2010-01-07 00:48 . 2007-12-16 07:59 -------- d-----w- c:\users\Barry\AppData\Roaming\skypePM
2010-01-06 23:13 . 2009-10-27 05:53 -------- d-----w- c:\program files\Mario_Forever
2010-01-06 02:00 . 2010-01-05 02:00 -------- d-----w- c:\program files\Spyware Doctor
2010-01-05 07:33 . 2007-10-16 11:34 1356 ----a-w- c:\users\Barry\AppData\Local\d3d9caps.dat
2010-01-05 02:34 . 2010-01-05 02:34 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-05 02:34 . 2010-01-05 02:34 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-05 02:34 . 2010-01-05 02:34 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-05 02:34 . 2010-01-05 02:33 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-05 02:33 . 2010-01-05 02:33 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-05 02:33 . 2010-01-05 02:33 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-05 02:33 . 2010-01-05 02:33 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-05 02:33 . 2010-01-05 02:33 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-05 02:33 . 2010-01-05 02:33 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-05 02:33 . 2010-01-05 02:33 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-05 02:33 . 2010-01-05 02:33 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-05 02:33 . 2010-01-05 02:33 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-05 02:33 . 2010-01-05 02:33 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-05 02:05 . 2010-01-05 02:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-05 02:00 . 2010-01-05 02:00 -------- d-----w- c:\users\Barry\AppData\Roaming\PC Tools
2010-01-05 02:00 . 2010-01-05 02:00 -------- d-----w- c:\programdata\PC Tools
2010-01-04 05:15 . 2009-01-04 03:40 -------- d-----w- c:\program files\AVG
2009-12-30 02:20 . 2009-12-30 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-30 02:17 . 2009-12-30 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-28 18:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-28 18:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-26 04:13 . 2008-12-14 09:55 -------- d-----w- c:\users\Barry\AppData\Roaming\FrostWire
2009-12-25 03:50 . 2008-09-14 12:10 -------- d-----w- c:\program files\Paltalk Messenger
2009-12-10 04:25 . 2007-05-03 01:11 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 08:43 . 2009-12-08 08:40 -------- d-----w- c:\program files\iTunes
2009-12-08 08:41 . 2009-12-08 08:41 -------- d-----w- c:\program files\iPod
2009-12-08 08:41 . 2008-10-01 01:14 -------- d-----w- c:\program files\Common Files\Apple
2009-12-08 08:29 . 2009-12-08 08:27 -------- d-----w- c:\program files\QuickTime
2009-12-08 08:17 . 2009-12-08 08:17 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-08 08:14 . 2009-12-08 08:14 -------- d-----w- c:\program files\Safari
2009-12-08 08:10 . 2009-12-08 08:10 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-07 14:10 . 2010-01-05 02:17 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-06 02:52 . 2009-12-11 14:40 52224 ----a-w- c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\FFExternalAlert.dll
2009-12-06 02:52 . 2009-12-11 14:40 114688 ----a-w- c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\npmozax.dll
2009-12-04 09:41 . 2009-12-04 09:41 341256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-30 03:27 . 2009-02-16 04:07 -------- d-----w- c:\programdata\Lx_cats
2009-11-19 03:34 . 2008-06-16 07:48 -------- d-----w- c:\users\Barry\AppData\Roaming\uTorrent
2009-11-19 01:42 . 2009-11-19 01:42 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-19 01:42 . 2009-11-19 01:42 -------- d-----w- c:\program files\DVDVideoSoft
2009-11-11 00:38 . 2009-10-27 05:53 -------- d-----w- c:\program files\softendo.com
2009-11-10 03:15 . 2009-11-10 02:57 -------- d-----w- c:\program files\Microsoft
2009-11-10 03:14 . 2009-11-10 03:14 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 03:12 . 2009-04-12 05:58 -------- d-----w- c:\program files\Windows Live
2009-11-10 03:10 . 2009-11-10 03:10 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 03:03 . 2009-11-10 03:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 00:28 . 2010-01-05 02:00 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 00:28 . 2010-01-05 02:00 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 00:28 . 2010-01-05 02:00 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 00:26 . 2010-01-05 02:00 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 01:20 . 2010-01-05 02:00 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-02 10:42 . 2009-10-03 11:34 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 01:11 . 2010-01-05 02:00 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-30 01:09 . 2010-01-05 02:00 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-29 09:17 . 2009-11-25 17:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 15:36 . 2010-01-05 02:00 1152444 ----a-w- c:\windows\UDB.zip
2009-10-27 14:11 . 2009-12-09 04:34 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 04:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:54 . 2009-06-05 10:03 38 ----a-w- c:\users\Barry\jagex_runescape_preferences.dat
2009-10-27 09:35 . 2009-09-04 05:42 63 ----a-w- c:\users\Barry\jagex_runescape_preferences2.dat
2009-10-18 23:48 . 2007-09-28 07:42 119144 ----a-w- c:\users\Barry\AppData\Local\GDIPFONTCACHEV1.DAT
2006-12-03 06:58 . 2007-10-01 01:38 864768 ----a-w- c:\program files\mozilla firefox\components\pbgk1_8.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 07:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 07:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-27 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-05 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-14 102400]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"atwtusb"="atwtusb.exe" [2006-07-25 319488]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-06-12 56080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-05-19 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2009-05-19 107176]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-08 149280]

c:\users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-5 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-14 805392]
My Ink Resident.lnk - c:\program files\MyInk\My Ink Resident.exe [2008-5-9 36864]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-12-24 11552768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 06:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:9d,a5,c7,01,42,88,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2242916438-2647509237-4186725932-1000]
"EnableNotificationsRef"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [5/01/2010 12:00 PM 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [5/01/2010 12:00 PM 112592]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [27/02/2008 11:07 AM 98984]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [4/01/2010 1:10 PM 1153368]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [3/05/2007 11:17 AM 7168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/12/2009 11:19 PM 1181328]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [23/07/2008 6:56 PM 21504]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/01/2010 12:00 PM 359624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-13 13:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2247187
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\k1c5ins8.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\FFExternalAlert.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(6028)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Adobe\Reader 8.0\Reader\viewerps.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\ATWTUSB.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2010-01-09 09:45:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 23:45
ComboFix2.txt 2010-01-08 05:56

Pre-Run: 26,509,754,368 bytes free
Post-Run: 26,358,026,240 bytes free

- - End Of File - - E2BE0231465AAA2A3DC6EF52CF8CCA46


and the other


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9386d0160a265242bbcdb7bdfb5775e9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-09 02:09:21
# local_time=2010-01-09 12:09:21 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 100527478 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=186506
# found=4
# cleaned=4
# scan_time=4610
C:\Qoobox\Quarantine\C\Windows\System32\drivers\qibrkx.sys.vir a variant of Win32/Rootkit.Kryptik.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Barry\Desktop\Apps\vlcsetup(2).exe Win32/Adware.180Solutions application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Barry\Desktop\Apps\vlcsetup.exe Win32/Adware.180Solutions application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Barry\Documents\LimeWire\Incomplete\T-4542054-let go mia rose MTV.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C



yeah that scanner found stuff

thanks

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 AM

Posted 09 January 2010 - 11:07 AM

Looks much better! How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 rotahed

rotahed
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 11 January 2010 - 05:13 AM

Hi

It all appears to be running well now thanks for your help.

Cheers

Christian

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 AM

Posted 11 January 2010 - 08:12 AM

Sounds good! :(
Here are some final steps and recommendations for you.

Now we'll remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 AM

Posted 24 January 2010 - 03:43 AM

Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users