Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple malware or just multiple virii ?


  • This topic is locked This topic is locked
16 replies to this topic

#1 jayxx2

jayxx2

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 15 March 2010 - 11:50 PM

Hello to all,

After noticing an inital slow-down in machine startup and shutdown, then re-directed web-pages in both I.E. and Firefox (to various useless ad sites and blank pages) I reasoned that my ESET Nod was no longer catching something going on. I quickly realized it was that horrilble Antivirus 2010 con-program that was in. My REGEDIT is locked about 50 % of the time, so is my Taskmanager, so are various other folders and files. I uninstalled NOD, put in Kaspersky and have spent the last 3 days running scan after scan with Malwarebytes, Spy-bot, Super-antivirus, Stopzilla, Panda-scan, Windows Defender, Malicious Software Removal Tool and all the best tricks I had up my sleave to remove them from the startup with services and msconfig. Despite all this, I keep booting slow and keep finding re-occurring infections via Kaspersky from Network Attack Intrusions to Trojan.Win32's, Trojan.Dropper.Win32's, PDM.Worm.P2P's, and Packed.Win32.Krap.

Taking the advice of this forum, I'm putting out a call for help and am including the DDS and Attach.zip files along with the GMER output. I have COMBOFIX waiting on stand-by if need be but will of course wait for any instructions.

I await in silent confusion.

Jane
Canada

Attached Files



BC AdBot (Login to Remove)

 


#2 jayxx2

jayxx2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 16 March 2010 - 04:33 PM

No suggestions?

Jane.


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 18 March 2010 - 06:01 AM.


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:07 PM

Posted 18 March 2010 - 09:57 AM

Hello, jayxx2.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 jayxx2

jayxx2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 18 March 2010 - 10:51 PM

Hi aommaster! You have no idea how happy I am just to know someone is actually around that cares about this. I thought I was going crazy installing a dozen different anti-virus and anti-malware things. Even better that you are in ON... but that's another story.

Here are the requested logs. I hope they turned out right. The GMER Program would only let me select Servies, Registry, Files and ADS - nothing else.

The Kasperky anti-virus still tells me that PDM.worm.P2P.generic and Trojan.Win32.Generic are being made on a daily basis in places like APPDATA\LOCAL\TEMP\268511590.exe or APPDATA\LOCAL\ogoquixat.dll (thankfully being caught I hope). And it tells me that Network Activity shows Detected: Intrusion.Win.MSSQL.worm.Helkern UDP from 222.86.62.237 to local port 1434, or various other places.

I await our next steps together.

Jane
(Ottawa) (Now visiting Wpg with a bad laptop).
-----------------------------------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by MJC at 2010-03-18 22:03:29
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 57 GB (23%) free of 246 GB
Total RAM: 3062 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:58 PM, on 18/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\MJC\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\MJC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/iat/us_ca.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: C:\Windows\SysWow64\mczi9q.dll - {A3BA40A2-74F1-52BD-F434-00B15A2C8953} - C:\Windows\SysWow64\mczi9q.dll (file missing)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\RunServices: [Atheros Configuration Service] C:\Windows\SysWOW64\acs.exe -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files (x86)\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: hs3t873tisghs837tgysu7 - {A3BA40A2-74F1-52BD-F434-00B15A2C8953} - C:\Windows\SysWow64\mczi9q.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10596 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BA40A2-74F1-52BD-F434-00B15A2C8953}]
C:\Windows\SysWow64\mczi9q.dll - C:\Windows\SysWow64\mczi9q.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
hs3t873tisghs837tgysu7 - {A3BA40A2-74F1-52BD-F434-00B15A2C8953} - C:\Windows\SysWow64\mczi9q.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
"NoRun"=0
"DisallowRun"=0
"NoViewContextMenu"=0
"NoSearchFilesInStartMenu"=0
"NoSearchProgramsInStartMenu"=0
"NoSearchComputerLinkInStartMenu"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=
"NoRun"=
"DisallowRun"=
"NoFolderOptions"=
"NoViewContextMenu"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\MJC\AppData\Local\Temp\cm25.09.exe"="C:\Users\MJC\AppData\Local\Temp\cm25.09.exe:*:Enabled:Windows Application Service"
"C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe"="C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe:*:Enabled:Windows Application Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f3ba73e-6528-11de-9763-001e6876dbf9}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{616eb9f5-7382-11dd-876c-001e6876dbf9}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8402551e-b65a-11dd-b864-001e6876dbf9}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84025539-b65a-11dd-b864-001e6876dbf9}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3711314-d446-11de-8774-001e6876dbf9}]
shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d46549fc-d39c-11de-857a-001e6876dbf9}]
shell\AutoRun\command - "G:\WD SmartWare.exe" autoplay=true


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*
.reg - edit - %SystemRoot%\SysWow64\NOTEPAD.EXE "%1"

======List of files/folders created in the last 1 months======

2010-03-18 22:03:30 ----D---- C:\Program Files (x86)\trend micro
2010-03-18 22:03:29 ----D---- C:\rsit
2010-03-18 00:24:10 ----D---- C:\ProgramData\Alwil Software
2010-03-16 21:32:56 ----D---- C:\Program Files (x86)\AVS4YOU
2010-03-16 19:19:23 ----D---- C:\Program Files (x86)\Xenocode
2010-03-16 00:28:46 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-03-16 00:28:22 ----D---- C:\Users\MJC\AppData\Roaming\SUPERAntiSpyware.com
2010-03-16 00:28:22 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2010-03-15 18:09:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-15 18:09:03 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-03-15 15:23:36 ----D---- C:\Program Files (x86)\Panda Security
2010-03-15 04:16:35 ----D---- C:\Windows\XSxS
2010-03-15 03:48:28 ----D---- C:\ProgramData\Kaspersky Lab
2010-03-15 03:48:24 ----D---- C:\Program Files (x86)\Kaspersky Lab
2010-03-15 03:28:42 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2010-03-15 03:02:19 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-03-13 20:17:32 ----SHD---- C:\Users\MJC\AppData\Roaming\SystemProc
2010-03-11 01:58:25 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 01:58:17 ----A---- C:\Windows\system32\httpapi.dll
2010-03-06 14:20:12 ----D---- C:\Program Files (x86)\OpenVPN
2010-03-02 21:22:30 ----D---- C:\Program Files (x86)\LG PC Sync
2010-03-02 21:08:09 ----D---- C:\LG_USB
2010-02-24 11:20:45 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 11:20:43 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 11:20:43 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 11:20:41 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 11:20:33 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 11:19:42 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 11:19:41 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 11:19:37 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 11:19:36 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 11:19:36 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 11:19:36 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 11:19:35 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 11:19:35 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 11:19:35 ----A---- C:\Windows\system32\msdrm.dll

======List of files/folders modified in the last 1 months======

2010-03-18 22:03:51 ----D---- C:\Windows\Prefetch
2010-03-18 22:03:30 ----RD---- C:\Program Files (x86)
2010-03-18 22:01:04 ----D---- C:\Windows\Temp
2010-03-18 20:06:10 ----SHD---- C:\System Volume Information
2010-03-18 12:25:03 ----D---- C:\Windows\System32
2010-03-18 12:25:03 ----D---- C:\Windows\inf
2010-03-18 01:28:53 ----A---- C:\Windows\ntbtlog.txt
2010-03-18 01:28:26 ----D---- C:\Windows\SysWOW64
2010-03-18 00:26:03 ----SHD---- C:\Windows\Installer
2010-03-18 00:26:03 ----D---- C:\Windows\winsxs
2010-03-18 00:24:10 ----RD---- C:\Program Files
2010-03-18 00:24:10 ----HD---- C:\ProgramData
2010-03-17 14:07:38 ----D---- C:\Users\MJC\AppData\Roaming\GameRanger
2010-03-17 12:39:21 ----D---- C:\Windows
2010-03-17 00:11:25 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2010-03-16 21:12:33 ----D---- C:\Users\MJC\AppData\Roaming\Skype
2010-03-16 19:27:03 ----D---- C:\Users\MJC\AppData\Roaming\skypePM
2010-03-16 18:48:07 ----D---- C:\Windows\system32\drivers
2010-03-16 18:24:39 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-03-16 11:48:28 ----SD---- C:\Windows\Downloaded Program Files
2010-03-15 17:34:34 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-03-15 15:50:06 ----D---- C:\Users\MJC\AppData\Roaming\Adobe
2010-03-15 05:24:45 ----D---- C:\Program Files (x86)\Internet Explorer
2010-03-15 04:20:51 ----D---- C:\Windows\Tasks
2010-03-15 03:02:32 ----D---- C:\Users\MJC\AppData\Roaming\Malwarebytes
2010-03-15 03:02:24 ----D---- C:\ProgramData\Malwarebytes
2010-03-15 02:34:30 ----D---- C:\Program Files (x86)\Adobe
2010-03-13 22:44:05 ----D---- C:\Stronghold
2010-03-13 20:38:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-03-13 20:19:25 ----D---- C:\CASINO99
2010-03-11 02:04:55 ----D---- C:\Program Files (x86)\Windows Mail
2010-03-07 17:57:49 ----A---- C:\Windows\NeroDigital.ini
2010-03-07 11:41:02 ----D---- C:\Users\MJC\AppData\Roaming\LimeWire
2010-03-05 12:13:17 ----D---- C:\Users\MJC\AppData\Roaming\uTorrent
2010-03-05 01:10:28 ----D---- C:\Program Files (x86)\GameSpy Arcade
2010-03-02 21:38:09 ----D---- C:\Users\MJC\AppData\Roaming\LG Electronics
2010-03-02 21:37:05 ----D---- C:\ProgramData\LGMOBILEAX
2010-03-02 21:25:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-03-02 21:07:19 ----A---- C:\Windows\system32\lgAxconfig.ini
2010-03-02 20:42:18 ----D---- C:\Program Files (x86)\LG Electronics
2010-03-01 00:55:41 ----D---- C:\ProgramData\BVRP Software
2010-02-24 12:19:04 ----D---- C:\Windows\rescache
2010-02-24 12:00:15 ----D---- C:\Windows\system32\en-US
2010-02-24 12:00:11 ----RSD---- C:\Windows\Fonts
2010-02-24 11:48:00 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys []
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART64.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 QIOMem;Generic IO & Memory Access; C:\Windows\system32\DRIVERS\QIOMem.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys []
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw4v64.sys []
S3 RkHit;RkHit; \??\C:\Windows\system32\drivers\RKHit.sys []
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys []
S3 V0230Vfx;V0230Vfx; C:\Windows\system32\DRIVERS\V0230Vfx.sys []
S3 V0230VID;Live! Cam Video IM Pro; C:\Windows\system32\DRIVERS\V0230VID.sys []
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 o2flash;O2Micro Flash Memory Card Service; c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 156016]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 434016]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-03-17 189808]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 WDDMService;WD SmartWare Drive Manager Service; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-05 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe []
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-06 651720]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe []
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2009-09-28 120640]
S4 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2008-08-11 57920]
S4 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2009-12-11 36352]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-03-18 22:04:03

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\CtDrvIns.exe -uninstall -script VF0230.uns -unsext AMD64 -plugin V0230Pin.dll -pluginres CtCamPin.crl
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
ABC (remove only)-->C:\Program Files (x86)\ABC\Uninstall.exe
Able2Extract Professional v5.0-->C:\Program Files (x86)\Investintech.com Inc\Able2Extract Professional 5.0\Uninstal.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files (x86)\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AoA Audio Extractor 1.0-->"C:\Program Files (x86)\AoA Audio Extractor\unins000.exe"
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avanquest update-->"C:\Program Files (x86)\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
AVI Splitter-->"C:\Program Files (x86)\avisplit\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Editor 4-->"C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\unins000.exe"
AVS Video Recorder 2.4-->"C:\Program Files (x86)\AVS4YOU\AVSVideoRecorder\unins000.exe"
AVS YouTube Uploader version 2.1-->"C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BSR Screen Recorder 4-->C:\Program Files\BSR Screen Recorder 4\Uninstall Screen Recorder 4.exe
Camera Assistant Software for Toshiba-->C:\Program Files (x86)\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
CD/DVD Drive Acoustic Silencer-->C:\Program Files (x86)\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.4.7.121-->"C:\Program Files (x86)\VSO\ConvertX\3\unins000.exe"
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\DXM51.INF,Uninstall.NT
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
FLV Player 2.0, build 24-->C:\Program Files (x86)\FLV Player\uninst.exe
GameSpy Arcade-->C:\PROGRA~2\GAMESP~1\UNWISE.EXE C:\PROGRA~2\GAMESP~1\INSTALL.LOG
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
Google Earth Pro 4.2-->"C:\Windows\Google Earth Pro 4.2\uninstall.exe" "/U:C:\Program Files (x86)\Google Earth Pro 4.2\Uninstall\uninstall.xml"
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Indeo® software-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Intel\Indeo\Uninst.isu" -c"C:\Program Files (x86)\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel A/V Codecs V2.0-->C:\Windows\IsUninst.exe -fC:\Windows\system32\CDUninst.isu
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
K-Lite Codec Pack 4.9.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
LG USB Modem Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -runfromtemp -l0x0409 LG -removeonly
LimeWire PRO 5.3.6-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
LogMeIn-->MsiExec.exe /I{34F93E31-E1A0-421C-8E86-BCF7C4193A91}
Magic Video Converter Trial Version (English) 8.0.2.18-->"C:\Program Files (x86)\Magic Video Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MasterSplitter Program-->C:\Program Files\MasterSplitter\uninstal.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.15-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->C:\Program Files (x86)\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Office Animation Runtime-->MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
OpenVPN 2.1.1-->C:\Program Files (x86)\OpenVPN\Uninstall.exe
Orca-->MsiExec.exe /I{4F34C602-4D6D-470D-A2A0-59E4F25DDBF2}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
PuppetShow Mystery of Joyville 1.00-->C:\Program Files (x86)\Games\PuppetShow Mystery of Joyville\Uninstall.exe
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Scrapbook Paige-->"C:\Windows\Scrapbook Paige\uninstall.exe" "/U:C:\Program Files (x86)\Scrapbook Paige\Uninstall\uninstall.xml"
SecureW2 EAP Suite 1.1.0 for Windows-->C:\Program Files (x86)\SecureW2\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Forge Pro 10.0-->MsiExec.exe /X{3F9170C9-A7C2-408F-A4D8-EC77250040BF}
The Game Of Life by Hasbro-->"C:\Windows\The Game Of Life by Hasbro\uninstall.exe" "/U:C:\Program Files (x86)\The Game Of Life by Hasbro\Uninstall\uninstall.xml"
Toshiba Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}
TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{E8B39B08-7FAB-48CC-89E9-37C5589E130C} /l1033
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{DF0853CA-A1D0-4169-8472-F2822C8FA1EB} /l1033
TOSHIBA Value Added Package-->C:\Program Files (x86)\InstallShield Installation Information\{066CFFF8-12BF-4390-A673-75F95EFF188E}\setup.exe -runfromtemp -l0x0409
Total Video Converter 3.12 080330-->"C:\Program Files (x86)\Total Video Converter\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6d-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WarZone Client v1.0.44-->C:\PROGRA~2\WarZone\UNWISE.EXE C:\PROGRA~2\WarZone\INSTALL.LOG
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files (x86)\WinRar\uninstall.exe
Xilisoft DVD Ripper Platinum 5-->C:\Program Files (x86)\Xilisoft\DVD Ripper Platinum 5\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: MJC-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971513_en-US(Language Pack) into Install Requested(Install Requested) state
Record Number: 139960
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103171058.000000-000
Event Type: Warning
User: MJC-PC\MJC

Computer Name: MJC-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Microsoft-Windows-AutomationAPI-Package-Package-en-US-MiniLP(Update) into Install Requested(Install Requested) state
Record Number: 139958
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103171058.000000-000
Event Type: Warning
User: MJC-PC\MJC

Computer Name: MJC-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971513(Update) into Install Requested(Install Requested) state
Record Number: 139956
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103171058.000000-000
Event Type: Warning
User: MJC-PC\MJC

Computer Name: MJC-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971513(Update) into Install Requested(Install Requested) state
Record Number: 139918
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103171058.000000-000
Event Type: Warning
User: MJC-PC\MJC

Computer Name: MJC-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 139460
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091103061847.608000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: MJC-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 9656
Source Name: SideBySide
Time Written: 20081212172921.000000-000
Event Type: Error
User:

Computer Name: MJC-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 9655
Source Name: SideBySide
Time Written: 20081212172921.000000-000
Event Type: Error
User:

Computer Name: MJC-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 9654
Source Name: SideBySide
Time Written: 20081212172920.000000-000
Event Type: Error
User:

Computer Name: MJC-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 9653
Source Name: SideBySide
Time Written: 20081212172919.000000-000
Event Type: Error
User:

Computer Name: MJC-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 9646
Source Name: Microsoft-Windows-WMI
Time Written: 20081212165512.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: MJC-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 23760
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408152613.780942-000
Event Type: Audit Success
User:

Computer Name: MJC-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MJC-PC$
Account Domain: CALIWORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2bc
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 23759
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408152613.780942-000
Event Type: Audit Success
User:

Computer Name: MJC-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: MJC-PC$
Account Domain: CALIWORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2bc
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 23758
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408152613.780942-000
Event Type: Audit Success
User:

Computer Name: MJC-PC
Event Code: 5056
Message: A cryptographic self test was performed.

Subject:
Security ID: S-1-5-18
Account Name: MJC-PC$
Account Domain: CALIWORKGROUP
Logon ID: 0x3e7

Module: ncrypt.dll

Return Code: 0x0
Record Number: 23757
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408152610.790942-000
Event Type: Audit Success
User:

Computer Name: MJC-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 23756
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090408152609.809736-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 22:49:32
Windows 6.0.6002 Service Pack 2
Running: 0im0bfmr.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x14 0x34 0x13 0x1E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x14 0x34 0x13 0x1E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{53A5E481-782D-578D-524D-6DD8BA48C34E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{53A5E481-782D-578D-524D-6DD8BA48C34E}@iaimcabiebbfcfceeh 0x6A 0x61 0x68 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{53A5E481-782D-578D-524D-6DD8BA48C34E}@hacpmponibckoach 0x6A 0x61 0x68 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{53A5E481-782D-578D-524D-6DD8BA48C34E}@hajnjmnehmdkfagn 0x66 0x61 0x66 0x62 ...

---- EOF - GMER 1.0.15 ----



#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:07 PM

Posted 18 March 2010 - 10:56 PM

Hello, jayxx2.
QUOTE
You have no idea how happy I am just to know someone is actually around that cares about this. I thought I was going crazy installing a dozen different anti-virus and anti-malware things.

Hehe... all the staff members care. It's just that we're bogged down with over 100 pending logs, so it does take a while for us to respond to help smile.gif

Let's begin smile.gif
P2P Program Warning!

uTorrent and Limewire

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




Backdoor warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In most cases, a reformat and clean install of the Operating System is the best solution for your (and probably other's) safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?


Again, if you would like me to attempt to clean it, I will be happy to do so. But if you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful. Should you have any questions, please feel free to ask.

Please let me know what you decide to do. If you decide to continue with the fix, please proceed with the steps below.




We need to run ATF Cleaner
  1. Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
  2. Double-click ATF-Cleaner.exe to run the program.
  3. Under Main "Select Files to Delete" choose: Select All.
  4. Click the Empty Selected button
  5. If you use Firefox browser Click Firefox at the top and choose: Select All
  6. Click the Empty Selected button.

    Note: If you would like to keep your saved passwords, please click No at the prompt.

  7. If you use Opera browser Click Opera at the top and choose: Select All
  8. Click the Empty Selected button.

    Note: If you would like to keep your saved passwords, please click No at the prompt.

  9. Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

NEXT:

We need to run OTL
  1. Please download OTL
  2. Save it to your desktop.
  3. Double click on the OTL icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Change the "Extra Registry" option to "SafeList"
  6. Push the Run Scan button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply, please include the following:
  • OTL Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 jayxx2

jayxx2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 19 March 2010 - 07:41 AM

HI Aommaster!

I am soo mad right now. Just the thought of some backdoor jerks stealing my banking info makes me want to scream. I do a large amout of banking on this laptop almost daily!! As I am away from home lets go forward with our clean and hope for the best. I don't know whether to hunt down these bastards and murder them or just alert the banks and change all the passwords.

Here comes the OTL log.
P.S. I ran the ATF cleaner even though I have Vista and the note said for XP/2000.
-------------

OTL logfile created on: 19/03/2010 7:27:16 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\MJC\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 240.46 Gb Total Space | 61.36 Gb Free Space | 25.52% Space Free | Partition Type: NTFS
Drive D: | 26.56 Gb Total Space | 24.40 Gb Free Space | 91.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MJC-PC
Current User Name: MJC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/19 07:25:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MJC\Desktop\OTL.exe
PRC - [2010/03/13 20:38:03 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/03/19 07:25:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MJC\Desktop\OTL.exe
MOD - [2009/04/11 01:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/04/11 01:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:49:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2006/11/02 04:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 04:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/05 09:45:12 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/09/24 20:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/04/11 02:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/08/22 22:51:55 | 000,497,920 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2008/05/29 09:28:54 | 000,035,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/17 18:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/03 19:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/10/18 01:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2009/12/11 18:47:44 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/09/28 20:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/17 14:37:10 | 000,189,808 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/01/06 23:43:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/11 13:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2008/05/29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/15 04:18:31 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/01/21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/12/11 18:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/10/14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 20:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/09/14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/25 00:38:20 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009/02/07 20:47:25 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/02/07 18:58:52 | 000,860,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/11/17 16:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/08/23 23:27:31 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/06/12 01:40:13 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2008/01/31 22:46:54 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDART64.sys -- (CnxtHdAudAddService)
DRV:64bit: - [2008/01/21 15:42:26 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/01/20 21:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 21:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/14 21:35:34 | 000,058,328 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2007/12/20 18:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/11/29 04:58:58 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/11/01 04:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/11/01 04:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/11/01 04:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/18 01:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/10 17:41:54 | 000,052,608 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motodrv.sys -- (MotDev)
DRV:64bit: - [2007/09/29 10:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/25 17:19:08 | 003,196,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/13 01:27:10 | 007,041,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/08/07 02:03:00 | 000,595,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\V0230VID.sys -- (V0230VID)
DRV:64bit: - [2007/06/20 14:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/04/09 19:15:44 | 000,009,728 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2006/11/02 00:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/19 15:10:40 | 000,027,456 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2006/05/05 02:00:00 | 000,010,752 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\V0230Vfx.sys -- (V0230Vfx)
DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/19 00:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-397022135-231552384-2811352233-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-397022135-231552384-2811352233-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-397022135-231552384-2811352233-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2008/09/10 10:54:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/13 20:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/15 23:07:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/03/15 03:49:11 | 000,000,000 | ---D | M]

[2010/03/16 19:20:47 | 000,000,000 | ---D | M] -- C:\Users\MJC\AppData\Roaming\Mozilla\Extensions
[2010/03/18 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\MJC\AppData\Roaming\Mozilla\Firefox\Profiles\60jraf0m.default\extensions
[2009/06/28 11:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MJC\AppData\Roaming\Mozilla\Firefox\Profiles\60jraf0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 11:30:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MJC\AppData\Roaming\Mozilla\Firefox\Profiles\60jraf0m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/10 12:36:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MJC\AppData\Roaming\Mozilla\Firefox\Profiles\60jraf0m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/18 19:10:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/15 03:50:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/03/13 20:38:22 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 20:38:22 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 20:38:22 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 20:38:23 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/17 00:29:57 | 000,380,636 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13114 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (C:\Windows\SysWow64\mczi9q.dll) - {A3BA40A2-74F1-52BD-F434-00B15A2C8953} - C:\Windows\SysWow64\mczi9q.dll File not found
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0230Ext.ax] C:\Windows\SysNative\V0230Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunServices: [Atheros Configuration Service] C:\Windows\SysWOW64\acs.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0
O7 - HKU\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O8:64bit: - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files (x86)\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files (x86)\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/Pow...N-US/msorun.cab (IEAnimBehaviorFactory Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {A3BA40A2-74F1-52BD-F434-00B15A2C8953} - hs3t873tisghs837tgysu7 - C:\Windows\SysWow64\mczi9q.dll File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/22 20:41:51 | 000,000,000 | ---D | M] - C:\AutoRecorder -- [ NTFS ]
O33 - MountPoints2\{4f3ba73e-6528-11de-9763-001e6876dbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3ba73e-6528-11de-9763-001e6876dbf9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{616eb9f5-7382-11dd-876c-001e6876dbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{616eb9f5-7382-11dd-876c-001e6876dbf9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8402551e-b65a-11dd-b864-001e6876dbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{8402551e-b65a-11dd-b864-001e6876dbf9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{84025539-b65a-11dd-b864-001e6876dbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{84025539-b65a-11dd-b864-001e6876dbf9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c3711314-d446-11de-8774-001e6876dbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{c3711314-d446-11de-8774-001e6876dbf9}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{d46549fc-d39c-11de-857a-001e6876dbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{d46549fc-d39c-11de-857a-001e6876dbf9}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Users\MJC\AppData\Local\Windows Server\xetpmk.dll) - C:\Users\MJC\AppData\Local\Windows Server\xetpmk.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 07:25:16 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\MJC\Desktop\OTL.exe
[2010/03/18 22:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/03/18 22:03:29 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/18 00:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/03/18 00:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/16 21:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/03/16 21:14:00 | 000,000,000 | ---D | C] -- C:\Users\MJC\Desktop\New Folder (2)
[2010/03/16 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2010/03/16 00:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/16 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\MJC\AppData\Roaming\SUPERAntiSpyware.com
[2010/03/16 00:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/03/15 18:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/03/15 18:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/03/15 17:39:34 | 000,052,568 | R--- | C] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll
[2010/03/15 17:39:34 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/03/15 17:28:06 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2010/03/15 17:28:06 | 000,182,784 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/03/15 17:28:06 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/03/15 17:28:06 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/03/15 17:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/15 15:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010/03/15 04:16:35 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/03/15 04:16:35 | 000,000,000 | ---D | C] -- C:\Users\MJC\AppData\Local\Re-Enable v2
[2010/03/15 03:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/03/15 03:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/03/15 03:48:04 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/03/15 03:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/03/15 03:02:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/15 03:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/14 04:32:40 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/13 20:17:32 | 000,000,000 | -HSD | C] -- C:\Users\MJC\AppData\Roaming\SystemProc
[2010/03/13 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\MJC\AppData\Local\Windows Server
[2010/03/11 01:58:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/11 01:58:25 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/11 01:58:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/11 01:58:17 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/06 14:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2010/03/02 21:33:42 | 000,000,000 | ---D | C] -- C:\Users\MJC\{8cbf57fd-6a4d-41b0-811a-86f131fd06f3}
[2010/03/02 21:27:14 | 000,000,000 | ---D | C] -- C:\Users\MJC\{48180703-2d12-40c7-8486-0227c3baa407}
[2010/03/02 21:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG PC Sync
[2010/03/02 21:10:30 | 000,000,000 | ---D | C] -- C:\Users\MJC\{be959bf3-2156-4f1b-858f-45fc78777cc3}
[2010/03/02 21:08:09 | 000,000,000 | ---D | C] -- C:\LG_USB
[2010/03/02 20:42:21 | 000,033,280 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64modem.sys
[2010/03/02 20:42:21 | 000,017,920 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64bus.sys
[2010/03/01 00:24:40 | 000,000,000 | ---D | C] -- C:\Users\MJC\Documents\My MMS
[2010/02/24 11:20:46 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/24 11:20:45 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/24 11:20:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/24 11:20:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/24 11:20:43 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/24 11:20:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/24 11:20:42 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/24 11:20:41 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/24 11:19:42 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/24 11:19:41 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/24 11:19:41 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/24 11:19:40 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/24 11:19:39 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/24 11:19:39 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/24 11:19:39 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/24 11:19:39 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/24 11:19:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/24 11:19:36 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/24 11:19:36 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/24 11:19:36 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/24 11:19:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/24 11:19:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/24 11:19:35 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/24 11:19:35 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/24 11:19:35 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/24 11:19:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2009/02/07 20:47:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\MJC\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/19 07:26:30 | 008,650,752 | -HS- | M] () -- C:\Users\MJC\NTUSER.DAT
[2010/03/19 07:25:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MJC\Desktop\OTL.exe
[2010/03/19 07:20:12 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2010/03/19 07:09:20 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/19 07:09:20 | 000,600,378 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/19 07:09:20 | 000,105,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/19 07:03:30 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/19 07:03:30 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/19 07:03:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/19 07:03:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/19 07:03:20 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/19 00:01:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/19 00:00:56 | 000,524,288 | -HS- | M] () -- C:\Users\MJC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/19 00:00:56 | 000,065,536 | -HS- | M] () -- C:\Users\MJC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/19 00:00:27 | 001,108,162 | -H-- | M] () -- C:\Users\MJC\AppData\Local\IconCache.db
[2010/03/18 20:26:26 | 000,232,960 | ---- | M] () -- C:\Users\MJC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 00:26:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/03/17 14:07:38 | 000,000,985 | ---- | M] () -- C:\Users\MJC\Desktop\GameRanger.lnk
[2010/03/17 00:29:57 | 000,380,636 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/03/16 21:34:34 | 000,001,047 | ---- | M] () -- C:\Users\MJC\Desktop\AVS Video Editor 4.lnk
[2010/03/16 19:38:08 | 000,380,636 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100317-002957.backup
[2010/03/16 19:26:42 | 000,002,405 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/16 18:46:44 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\scud.udf
[2010/03/15 17:50:33 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100316-193808.backup
[2010/03/15 17:27:41 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2010/03/15 17:27:41 | 000,182,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/03/15 17:27:41 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/03/15 17:27:41 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/03/15 04:18:31 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/03/15 03:50:03 | 000,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/03/15 03:50:02 | 000,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/03/15 02:29:15 | 000,000,732 | ---- | M] () -- C:\Users\MJC\AppData\Local\d3d9caps64.dat
[2010/03/15 01:56:13 | 002,329,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/14 04:26:09 | 000,000,120 | ---- | M] () -- C:\Users\MJC\AppData\Local\Rvoweca.dat
[2010/03/14 04:25:53 | 000,000,000 | ---- | M] () -- C:\Users\MJC\AppData\Local\Blidevaxikufi.bin
[2010/03/11 19:31:04 | 000,114,280 | ---- | M] () -- C:\Users\MJC\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010/03/07 17:57:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/06 14:21:46 | 000,000,971 | ---- | M] () -- C:\Users\MJC\Desktop\OpenVPN GUI.lnk
[2010/03/02 21:07:19 | 000,002,412 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010/02/24 12:30:06 | 000,114,280 | ---- | M] () -- C:\Users\MJC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/21 22:12:44 | 000,002,687 | ---- | M] () -- C:\Users\MJC\Desktop\AMV Converter.lnk
[2010/02/20 18:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 18:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 18:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 18:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/18 10:03:35 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/18 00:26:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/03/18 00:25:33 | 000,438,878 | ---- | C] () -- C:\Users\MJC\AppData\Local\dd_vcredistMSI3E60.txt
[2010/03/18 00:25:33 | 000,011,638 | ---- | C] () -- C:\Users\MJC\AppData\Local\dd_vcredistUI3E60.txt
[2010/03/17 14:07:38 | 000,000,985 | ---- | C] () -- C:\Users\MJC\Desktop\GameRanger.lnk
[2010/03/16 21:34:34 | 000,001,047 | ---- | C] () -- C:\Users\MJC\Desktop\AVS Video Editor 4.lnk
[2010/03/16 18:46:44 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\scud.udf
[2010/03/15 03:50:03 | 000,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/03/15 03:50:02 | 000,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/03/15 02:29:15 | 000,000,732 | ---- | C] () -- C:\Users\MJC\AppData\Local\d3d9caps64.dat
[2010/03/13 20:20:40 | 000,000,120 | ---- | C] () -- C:\Users\MJC\AppData\Local\Rvoweca.dat
[2010/03/13 20:20:40 | 000,000,000 | ---- | C] () -- C:\Users\MJC\AppData\Local\Blidevaxikufi.bin
[2010/03/06 14:21:46 | 000,000,971 | ---- | C] () -- C:\Users\MJC\Desktop\OpenVPN GUI.lnk
[2010/02/12 11:00:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/02/12 11:00:06 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010/01/11 21:05:27 | 000,003,082 | ---- | C] () -- C:\Windows\SysWow64\affv300053706p4now.sys
[2009/10/19 17:28:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/19 17:27:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/14 17:46:16 | 000,218,784 | ---- | C] () -- C:\Users\MJC\AppData\Local\dd_ATL90SP1_KB973924MSI644B.txt
[2009/09/14 17:46:15 | 000,011,680 | ---- | C] () -- C:\Users\MJC\AppData\Local\dd_ATL90SP1_KB973924UI644B.txt
[2009/09/13 19:16:27 | 000,420,468 | ---- | C] () -- C:\Users\MJC\AppData\Local\dd_vcredistMSI5B33.txt
[2009/09/13 19:16:27 | 000,011,470 | ---- | C] () -- C:\Users\MJC\AppData\Local\dd_vcredistUI5B33.txt
[2009/07/28 18:37:38 | 000,520,614 | ---- | C] () -- C:\Users\MJC\AppData\Local\dd_ATL80SP1_KB973923MSI653A.txt
[2009/07/28 18:37:37 | 000,013,188 | ---- | C] () -- C:\Users\MJC\AppData\Local\dd_ATL80SP1_KB973923UI653A.txt
[2009/06/12 15:27:01 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/06/12 15:27:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/06/12 15:26:54 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/03/12 02:27:42 | 003,190,784 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/03/12 02:27:42 | 000,741,376 | ---- | C] () -- C:\Windows\SysWow64\audxlib.dll
[2009/03/12 02:27:42 | 000,662,016 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/12 02:27:42 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/03/12 02:27:42 | 000,405,504 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/03/12 02:27:42 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/03/12 02:27:42 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/03/12 02:27:42 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/03/12 02:27:42 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/03/12 02:27:42 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2009/03/12 02:27:42 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/03/12 02:27:42 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/03/12 02:27:42 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/03/12 02:27:42 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_realaac.dll
[2009/03/12 02:27:42 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/03/12 02:27:42 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/03/12 02:27:42 | 000,038,400 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/03/12 02:27:42 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/03/12 02:27:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/03/12 02:27:42 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/03/11 21:55:20 | 000,000,024 | ---- | C] () -- C:\Windows\ShellIcon32.dll
[2009/02/08 19:08:16 | 000,000,154 | ---- | C] () -- C:\Users\MJC\AppData\Roaming\default.rss
[2009/02/08 19:07:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/02/07 20:48:51 | 000,000,671 | ---- | C] () -- C:\Users\MJC\AppData\Roaming\vso_ts_preview.xml
[2009/02/07 20:48:34 | 000,000,034 | ---- | C] () -- C:\Users\MJC\AppData\Roaming\pcouffin.log
[2009/02/07 20:47:25 | 000,099,384 | ---- | C] () -- C:\Users\MJC\AppData\Roaming\inst.exe
[2009/02/07 20:47:25 | 000,007,859 | ---- | C] () -- C:\Users\MJC\AppData\Roaming\pcouffin.cat
[2009/02/07 20:47:25 | 000,001,167 | ---- | C] () -- C:\Users\MJC\AppData\Roaming\pcouffin.inf
[2008/10/23 18:57:56 | 000,499,200 | ---- | C] () -- C:\Windows\SysWow64\WZDPlay.dll
[2008/09/15 23:58:44 | 000,000,850 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/11 18:38:30 | 000,000,680 | ---- | C] () -- C:\Users\MJC\AppData\Local\d3d9caps.dat
[2008/08/26 18:29:44 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2008/08/24 20:39:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/23 23:29:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2008/08/23 19:03:05 | 000,585,728 | ---- | C] () -- C:\Windows\SysWow64\bsratswf.dll
[2008/08/23 19:03:05 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\bsratwmv.dll
[2008/08/22 21:09:31 | 000,232,960 | ---- | C] () -- C:\Users\MJC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/21 00:18:34 | 000,023,888 | ---- | C] () -- C:\Users\MJC\AppData\Roaming\UserTile.png
[2008/08/20 23:42:07 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/20 23:42:07 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/20 23:42:07 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/20 23:42:07 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/20 23:42:07 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/20 23:42:07 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/08/20 23:39:00 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/08/20 23:39:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/08/20 23:39:00 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/02/26 21:02:27 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2008/02/26 21:02:27 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/02/19 01:01:24 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/19 00:57:34 | 000,700,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\SysWow64\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS
[2004/04/27 01:29:58 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2004/04/27 01:29:58 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:45FE2B4E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FD000392
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:40F038C5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE
< End of report >

OTL Extras logfile created on: 19/03/2010 7:27:16 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\MJC\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 240.46 Gb Total Space | 61.36 Gb Free Space | 25.52% Space Free | Partition Type: NTFS
Drive D: | 26.56 Gb Total Space | 24.40 Gb Free Space | 91.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MJC-PC
Current User Name: MJC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 55 E3 47 3E 16 51 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-397022135-231552384-2811352233-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"SerialNumber" = A109A-K13-3ZXD-BAP5-TE
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"mW[ķµˆÖ¾`=µś¾˜v%S8’’Łźé>grl>­Ż\†Š=ŸąŪ±Ž" =
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\MJC\AppData\Local\Temp\cm25.09.exe" = C:\Users\MJC\AppData\Local\Temp\cm25.09.exe:*:Enabled:Windows Application Service -- File not found
"C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe" = C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe:*:Enabled:Windows Application Service -- File not found
"C:\Users\MJC\AppData\Local\Temp\cm25.09.exe" = C:\Users\MJC\AppData\Local\Temp\cm25.09.exe:*:Enabled:Windows Application Service -- File not found
"C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe" = C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe:*:Enabled:Windows Application Service -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087465DA-7972-4DD1-B684-14DC7F02C776}" = lport=138 | protocol=17 | dir=in | app=system |
"{08BD3149-AA12-4655-9FE8-C46D2EF45370}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{08CE753C-87DE-492D-A59F-1DB067940B06}" = rport=139 | protocol=6 | dir=out | app=system |
"{104F2E13-D927-4D19-B853-A62B3C1938E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{11AACC48-8513-4544-8A5A-E83DD8C99143}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{1C54250E-54A6-41B1-90A4-913CA3F9CEF9}" = lport=2302 | protocol=6 | dir=in | name=2302 |
"{1EE1E274-D439-4763-AA70-524A2B0E4048}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{238C505C-A1F6-439D-BFDD-5A9A66CBF9A5}" = lport=28900 | protocol=17 | dir=in | name=master server list request |
"{2484B44D-A1BC-443D-9FE9-88C773D0B3B5}" = lport=27900 | protocol=17 | dir=in | name=master server udp heartbeat |
"{33A92934-F7D4-4363-823B-D5A4DBB4965E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3511EB55-9AE5-46B2-99FB-619676395D01}" = lport=5358 | protocol=6 | dir=in | app=system |
"{3C7DFC7C-B101-434B-8E1A-D8CEBC157556}" = lport=2400 | protocol=6 | dir=in | name=2400 |
"{48435F62-641A-4EC3-A866-282EE49DE931}" = lport=5357 | protocol=6 | dir=in | app=system |
"{497AE537-D75F-4C1E-A704-67548E4BE9AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{4A1F5DF2-6056-4535-AF62-E1E81D49653C}" = lport=3783 | protocol=17 | dir=in | name=gamespy voice |
"{55FC7C14-E743-40E0-AACE-787814A9DFBC}" = rport=5358 | protocol=6 | dir=out | app=system |
"{575CEEF4-972B-4F4C-B901-DA2FA408CE9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59AAF96D-6CCA-444A-89DE-D0825D15A38C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B278FA4-79D9-4973-828A-F07B19B8CA21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BD64807-9BCE-4BB6-8341-FFC34CD199F2}" = lport=13139 | protocol=17 | dir=in | name=gamespy custom udp pings |
"{62ED619C-85CB-40BA-93E1-CF56792BC3A4}" = lport=29901 | protocol=17 | dir=in | name=gamespy connection search |
"{659EAA8A-2B62-4DE6-9B8E-F46490672E37}" = lport=6667 | protocol=6 | dir=in | name=irc |
"{7D80B48F-4028-4599-8BB5-870D52E9EFD9}" = lport=6073 | protocol=17 | dir=in | name=strnghld |
"{8470E6DC-A2EF-400E-B729-5835429F17AF}" = lport=445 | protocol=6 | dir=in | app=system |
"{893C0110-0FF5-44D4-B76E-71D6F7357875}" = lport=6515 | protocol=17 | dir=in | name=dplay udp |
"{930D2330-A7CB-4FB7-9260-75459D5A621F}" = lport=6500 | protocol=17 | dir=in | name=gamespy query port |
"{A07601A9-B1E3-409A-BF49-A2DA45658F70}" = lport=137 | protocol=17 | dir=in | app=system |
"{A21BC1D3-7A43-4A62-A484-E30590627E8D}" = lport=2302 | protocol=17 | dir=in | name=strnghld 1 port range |
"{A4A70A0A-F399-43E9-BFA8-74E755D4FF7D}" = rport=138 | protocol=17 | dir=out | app=system |
"{B559A97F-6F49-41C5-A78E-E7F27F9E7EA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1788200-2681-4AF7-BB2E-AD738A702C6C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{C377EE7E-70BB-4BFA-8CF5-995F352DBF37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7539D5D-D282-49A5-9823-5523330B5D1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA97F3BA-8A72-442D-ABD9-234C2DD88A39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CC0CCD0B-C0ED-43B2-A07A-3140FAF13121}" = lport=29900 | protocol=17 | dir=in | name=gp connection manager |
"{CFCA432D-16DF-45E6-8E8A-3D8C72AD2ABB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3A02139-6F29-4180-A764-3873B26C7DB0}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF985311-8D68-4829-92AA-4BA805352AD2}" = rport=5357 | protocol=6 | dir=out | app=system |
"{F3EABFDD-F332-425C-8223-E67CCFFD59EE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0018C6C7-76F0-427A-86AC-AB47E9D728F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02B5842F-DA8A-496C-A449-7CCDD71E8302}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{03699483-29DD-4F8B-BDCF-D6DD7448E0FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0A7E7F5B-E20F-4EE1-B46B-A3244EE844E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C97380B-B611-4C9C-AB53-97DD82E48813}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DDD7950-F509-463E-8CC6-3A3F3A5EE588}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{10426889-FC50-4B56-9BEB-7B0DDC40DD33}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{20223B52-95F5-429C-882E-E2B699A9417F}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\gsapak.exe |
"{23585DC1-00E9-45A4-B7D2-476D473DE2C4}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2667F36B-5A1A-4B16-A72B-89376AB497CC}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{3AE48232-B4CB-44CB-8BFB-CFD6929AB7A1}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{47635CCE-43DB-4C88-AE44-7E0326B42A1D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{56C3E4AF-850B-4CF7-B1D3-C1027A2435C6}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{5DA42A72-C409-4AF1-9768-D62B4F50A732}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5DF389E8-9406-4A2D-91FF-2241B0AC0362}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6128F57A-5D55-45F1-8AF3-791A099BEB9C}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{6E908FD3-146D-4FBB-AEBA-5E92328F9013}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6EE4E133-3E4D-4615-9412-7D77E0CD1D21}" = protocol=17 | dir=in | app=c:\stronghold\stronghold.exe |
"{6F7BE1B7-E269-41E3-9902-A5F5AEA10783}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{707C8949-4CEE-433A-BDBA-9741CED624E1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{76BA4A82-7880-4B79-83DF-C3BCBAF7307A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77A2D7B0-F9E2-474E-ADF4-E636E56FE805}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82C43FD7-3138-4800-8CBC-6AC81F3AED6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{892705FC-BF9F-4861-A5DA-AC1379315214}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E5BB5A2-04FE-4A6E-ACB8-73BB95F10A3E}" = protocol=6 | dir=in | app=c:\program files (x86)\download manager\dlm.exe |
"{A14D279D-DF77-4A12-A1CC-6022104B7D66}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A698B119-B450-4412-B272-4615947707E0}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\gsapak.exe |
"{B74C2827-B7DA-4F83-85A8-3AF869026DBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD05D0A3-A88F-4094-9DFE-CAD3AD133B37}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C562172B-393F-49DA-BB1A-EE3E9D3BA5DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C9782A00-0F7F-4257-91D5-A65C75F16733}" = protocol=6 | dir=in | app=c:\stronghold\stronghold.exe |
"{D255D2CF-83CF-4544-8FD1-4408A8014565}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D46F93E4-5C5C-48B8-803A-6B196812CFFB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6A4933B-7F78-4E47-ADA0-8D0507C6C0FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4D209F7-8551-430B-A54F-B8FD5287562A}" = protocol=17 | dir=in | app=c:\program files\microprose\risk ii\riskii.exe |
"{E9403490-22C4-49B7-A714-CD5D69CC2126}" = protocol=6 | dir=in | app=c:\program files\microprose\risk ii\riskii.exe |
"{F0FD1E8D-BB1A-445F-9035-2BAF782C2543}" = protocol=17 | dir=in | app=c:\program files (x86)\download manager\dlm.exe |
"{FB04393C-F7C4-48D5-A87E-8D8DCE419768}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{128B525D-DAFA-4E6B-818B-1EEDEABC2643}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{4C7BCBE3-F22A-4861-89C9-BD776F0F86FF}C:\program files (x86)\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\abc\abc.exe |
"TCP Query User{58A654D4-375A-42AB-8301-A7A68E7DA7DB}C:\program files (x86)\gamespy arcade\services\_common\rwvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\services\_common\rwvoice.exe |
"TCP Query User{5D2E07F5-4032-4D0C-8BF1-756A7749BE27}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe |
"TCP Query User{740CEAE1-F9F3-4596-B2D8-E754C795E0C4}C:\stronghold\stronghold.exe" = protocol=6 | dir=in | app=c:\stronghold\stronghold.exe |
"TCP Query User{8F07222F-C7E7-41D6-9288-51E5446CD77E}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{91F72090-8A73-4971-87FC-A59FB0226272}C:\program files (x86)\warzone\lobbyclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warzone\lobbyclient.exe |
"TCP Query User{96161F8E-D94E-417E-9344-D45D61B0D868}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{A435F036-AACA-4E91-8284-F60EABF83A77}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{A6A83DDC-B21B-4C64-B5DC-B00849DA878E}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{ABDD92A0-0708-426F-84BD-B4C3813F51E3}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B050D53E-590D-4314-9A0A-94040EDE4AF0}C:\users\mjc\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\mjc\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{B961ED58-BB7E-4087-AF84-722D71E48852}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"TCP Query User{C290E2E0-8E1D-4FEC-89E6-E99EDCF6456E}C:\users\mjc\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\mjc\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{C67666CD-2EAC-4027-8C50-D0D994AB2FB7}C:\program files (x86)\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\abc\abc.exe |
"TCP Query User{DBFEDE07-E74C-4290-ACD8-4CF4C74E5B29}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{F183E093-7B96-4B52-8738-0C890C181E66}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FB3EB973-E40C-4989-8553-2412AEEDF331}C:\program files (x86)\laplink\pcsync\sfthost.exe" = protocol=6 | dir=in | app=c:\program files (x86)\laplink\pcsync\sfthost.exe |
"UDP Query User{012B6AD7-7535-4E60-A8B0-00CF229F8E92}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{07C95B4E-09C8-4D09-A675-20B560E5C56B}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{0C2D6D4D-4399-4301-A07B-1CCB18B24C3F}C:\stronghold\stronghold.exe" = protocol=17 | dir=in | app=c:\stronghold\stronghold.exe |
"UDP Query User{211B0E35-75C7-4903-BFAD-5876016BDF80}C:\program files (x86)\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\abc\abc.exe |
"UDP Query User{228F91C1-F4D6-459D-8609-571A4A6BD836}C:\program files (x86)\gamespy arcade\services\_common\rwvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\services\_common\rwvoice.exe |
"UDP Query User{4A4A1697-520E-40AB-984C-AB92FA07FE63}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4B0EE349-2FE0-40C3-9D1B-2DBF2D9327D5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{4DEF4440-2FDB-4A13-9214-DD64203825A6}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe |
"UDP Query User{58FDEEF8-C642-44A5-961D-4554C35D9634}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{5DD67599-5D8B-4745-8C8F-58BDACB163E1}C:\users\mjc\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\mjc\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{5DF82CF7-6ACC-4A13-B875-5ED9C61B5E29}C:\program files (x86)\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\abc\abc.exe |
"UDP Query User{7DE81EFD-828D-431A-977B-22EA6ACCA92B}C:\program files (x86)\warzone\lobbyclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warzone\lobbyclient.exe |
"UDP Query User{8AD9E65C-7262-4A80-BDE4-21EBE971E023}C:\users\mjc\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\mjc\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{8FB652AC-E74C-4B4E-96F0-94E4296CC780}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"UDP Query User{A9A2F522-4048-4D98-AD7A-89419016A02A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{E8A74F44-1A88-454D-B712-BCB64D1AEE90}C:\program files (x86)\laplink\pcsync\sfthost.exe" = protocol=17 | dir=in | app=c:\program files (x86)\laplink\pcsync\sfthost.exe |
"UDP Query User{F8695F0B-C6CD-485B-94FB-F224EA45CAF7}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{FB8744DE-39B8-4789-B598-7CEB7BD5294B}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java™ 6 Update 18 (64-bit)
"{3F2B4DAD-88CB-4F5B-86B2-DF3384063EFA}" = O2Micro Flash Memory Card Reader Driver Installer(x64)
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.03.02.00)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4F34C602-4D6D-470D-A2A0-59E4F25DDBF2}" = Orca
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F7B5BA4-9846-41A4-80E0-C6AA3914581F}" = SMCWCBT-G 108Mbps WLAN Cardbus
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"ABC" = ABC (remove only)
"Able2Extract Professional v5.0" = Able2Extract Professional v5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"AVI Splitter_is1" = AVI Splitter
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"CodInstl" = Intel A/V Codecs V2.0
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLV Player" = FLV Player 2.0, build 24
"GameSpy Arcade" = GameSpy Arcade
"GOM Player" = GOM Player
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"HijackThis" = HijackThis 2.0.2
"Indeo® software" = Indeo® software
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
"InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.0 (Full)
"LimeWire" = LimeWire PRO 5.3.6
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterSplitter" = MasterSplitter Program
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OpenVPN" = OpenVPN 2.1.1
"PowerISO" = PowerISO
"PuppetShow Mystery of Joyville 1.00" = PuppetShow Mystery of Joyville 1.00
"RealPlayer 6.0" = RealPlayer
"Scrapbook Paige1.0" = Scrapbook Paige
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.0 for Windows
"The Game Of Life by Hasbro1.0" = The Game Of Life by Hasbro
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WarZone Client v1.0.44" = WarZone Client v1.0.44
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-397022135-231552384-2811352233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/12/2009 1:37:51 PM | Computer Name = MJC-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/12/2009 1:54:56 PM | Computer Name = MJC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/12/2009 1:54:56 PM | Computer Name = MJC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/12/2009 1:55:05 PM | Computer Name = MJC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/12/2009 1:55:05 PM | Computer Name = MJC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/12/2009 1:55:05 PM | Computer Name = MJC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/12/2009 1:55:05 PM | Computer Name = MJC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/12/2009 1:55:05 PM | Computer Name = MJC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/12/2009 1:55:05 PM | Computer Name = MJC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/12/2009 9:07:08 PM | Computer Name = MJC-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 07/10/2008 7:24:44 PM | Computer Name = MJC-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 22/08/2009 3:37:09 AM | Computer Name = MJC-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 18/03/2010 2:28:06 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/03/2010 2:28:06 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/03/2010 2:28:06 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/03/2010 2:28:06 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18/03/2010 2:28:06 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/03/2010 2:28:06 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/03/2010 2:28:06 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/03/2010 2:28:15 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18/03/2010 2:28:50 AM | Computer Name = MJC-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/03/2010 1:01:06 AM | Computer Name = MJC-PC | Source = DCOM | ID = 10010
Description =


< End of report >


#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:07 PM

Posted 19 March 2010 - 09:01 AM

Hello, jayxx2.
QUOTE
I don't know whether to hunt down these bastards and murder them or just alert the banks and change all the passwords.

I think the latter may be the better option tongue.gif

We need to run a custom OTL fix
  1. Please run OTL on your desktop.
  2. Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not copy the word "code".
    CODE
    :OTL
    IE - HKU\S-1-5-21-397022135-231552384-2811352233-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (C:\Windows\SysWow64\mczi9q.dll) - {A3BA40A2-74F1-52BD-F434-00B15A2C8953} - C:\Windows\SysWow64\mczi9q.dll File not found
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O22 - SharedTaskScheduler: {A3BA40A2-74F1-52BD-F434-00B15A2C8953} - hs3t873tisghs837tgysu7 - C:\Windows\SysWow64\mczi9q.dll File not found

    :Files
    C:\Windows\SysWow64\mczi9q.dl

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    C:\Users\MJC\AppData\Local\Temp\cm25.09.exe" =-
    "C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe" =-
    "C:\Users\MJC\AppData\Local\Temp\cm25.09.exe" =-
    "C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe" =-
  3. Click the Run Fix button
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click OK
  6. A report will open. Copy and Paste that report in your next reply.

NEXT:

We need to run an MBAM Scan
  1. Run MBAM and you will be asked to update the program before performing a scan.
    If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If you encounter any problems while downloading the updates, manually download them from here
    and just double-click on mbam-rules.exe to install.
  2. On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  6. Click OK to close the message box and continue with the removal process.
  7. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  8. Make sure that everything is checked, and click Remove Selected.
  9. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  10. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  11. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



In your next reply, please include the following:
  • OTL Log
  • MBAM Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 jayxx2

jayxx2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 19 March 2010 - 05:30 PM

I bet that no judge in the world would throw the book at me if I murdered 1 or more of these pigs that make malware. That being said... here are the next logs!
------------
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-397022135-231552384-2811352233-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BA40A2-74F1-52BD-F434-00B15A2C8953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BA40A2-74F1-52BD-F434-00B15A2C8953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{A3BA40A2-74F1-52BD-F434-00B15A2C8953} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BA40A2-74F1-52BD-F434-00B15A2C8953}\ not found.
========== FILES ==========
File\Folder C:\Windows\SysWow64\mczi9q.dl not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\MJC\AppData\Local\Temp\cm25.09.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\MJC\AppData\Local\Temp\cm25.09.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\MJC\AppData\Local\Temp\lu.07.10.exe not found.

OTL by OldTimer - Version 3.1.37.3 log created on 03192010_171325

-----------
Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

19/03/2010 5:29:02 PM
mbam-log-2010-03-19 (17-29-02).txt

Scan type: Quick Scan
Objects scanned: 105513
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f1-52bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\MJC\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
-----------

Now Rebooting as MAB told me to.

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:07 PM

Posted 19 March 2010 - 06:20 PM

Hello, jayxx2.
Looks good! How's your computer doing?

We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 18 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the Export to button, Post the contents of the ActiveScan report

In your next reply, please include the following:
  • ActiveScan Report

Edited by aommaster, 19 March 2010 - 06:21 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 jayxx2

jayxx2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 20 March 2010 - 01:20 AM

I would say the computer is doing much better. The speed seems pretty normal, except that network activity is a tiny bit slower which is (I assume) because of the new Kaspersky monitoring. The Panda scan is all done now - Log is below:

I was able to do the java reinstall but I could not locate the option which was 'Windows offline Installation'. I was only able to download the newest one and I installed it after removing the old ones and rebooting. I hope that is ok.

------
;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-20 01:17:05
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\mjc\appdata\roaming\microsoft\windows\cookies\mjc@atdmt[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@mediaplex[2].txt
01048936 Generic Malware Virus/Trojan No 0 Yes No c:\program files (x86)\gamespy arcade\services\_common\portraitloader.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:07 PM

Posted 20 March 2010 - 01:26 AM

Hello, jayxx2.
Good to hear smile.gif

Let's clean up.
We need to clean up using OTL
  1. Please run OTL on your desktop.
  2. Click the CleanUp button




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif
Hiding Hidden Files
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Purging System Restore Points
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
  2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  3. Then go to Start > Run and type: Cleanmgr
  4. Click "OK".
  5. Click the "More Options" Tab.
  6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  4. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  5. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 jayxx2

jayxx2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 20 March 2010 - 12:02 PM

I am extremely happy to hear that all looks good. I have run the Cleanup and rebooted as it told me to. Once I rebooted the Kaspersky came up with a message saying:

20/03/2010 11:46:37 AM Detected: PDM.Keylogger kernel mode memory patch Action selected by user Absent

Was that just a warning regarding the last actions of OTL ??

I have now set the restore point.

I noticed that Kasperky's firewall and anti-virus was not listed on the suggested fire-wall or anti-virus list of good programs. Should I get rid of it and try another? I often think that it is over-protective by all the warnings, but I am not sure.

There are 2 files on my machine that I still think are ok but come up as possible viruses from Kasperky, can I .zip them up and post them here or is there a place that can check them. They are not quarentined but did cause an alert like the one above. If they were quarentined I would have sent them for analysis to Kasperky via the program's Send Option, but they are not.

Jane.

#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:07 PM

Posted 20 March 2010 - 12:08 PM

Hi!

QUOTE
I have run the Cleanup and rebooted as it told me to. Once I rebooted the Kaspersky came up with a message saying:

20/03/2010 11:46:37 AM Detected: PDM.Keylogger kernel mode memory patch Action selected by user Absent

Was that just a warning regarding the last actions of OTL ??

Yes, that probably is OTL, since it runs a number of scripts to clear the files it has deleted. Was there a file listed up there?

QUOTE
I noticed that Kasperky's firewall and anti-virus was not listed on the suggested fire-wall or anti-virus list of good programs. Should I get rid of it and try another? I often think that it is over-protective by all the warnings, but I am not sure.

The recommended list contains most of the free AV software and firewalls, since many people prefer to use free software.

QUOTE
There are 2 files on my machine that I still think are ok but come up as possible viruses from Kasperky, can I .zip them up and post them here or is there a place that can check them. They are not quarentined but did cause an alert like the one above.

You can send them to my malware upload channel:
http://www.bleepingcomputer.com/submit-mal...php?channel=101

Fill in the fields and click upload. I can take a look at them for you smile.gif



My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 jayxx2

jayxx2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 20 March 2010 - 03:33 PM

The file was not listed anywhere - it was just labelled as 'Absent' - according to Kasperky's log. I wish there was an easy way to cut and paste it but it is just huge as it is monitoring everything.

It even gave the following two Network warning about 1 hour ago:

20/03/2010 2:05:18 PM Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 218.30.22.82 to local port 1434

20/03/2010 2:42:05 PM Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 122.225.100.154 to local port 1434

- Again, just the word Absent was given instead of a location, I guess that means that we managed to get the actual file out of there, which is good, but I wish I knew for sure.

I will head over to the link you posted and try to upload 2 of the files that I suspect are false-positives.

I'll keep an eye on that thread to for any responce there.

Jane

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:07 PM

Posted 20 March 2010 - 04:32 PM

Hi!

About the network warnings, they're normal. You can read this for more info smile.gif

I also had a look at the file you sent, and it is clean. So yes, it's just a false positive. Updating your virus definitions should fix the problem.

Let me know if you have any more questions.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users