Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Alureon.BP.22 / TR/Patched.Gen / TR/Dropper.Gen etc.


  • This topic is locked This topic is locked
34 replies to this topic

#1 synsterky

synsterky

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 19 May 2010 - 04:00 PM

Hi there.


I think it may be important to note that before discovering these forums, I have run Smitfraudfix and Combofix. I wasn't aware at the time that it wasn't advisable for me to do so. I have also run an antivirus scan (avira), Spybot S & D and SuperAntiSpyware. I am unable to install Hijackthis, as Windows Installer stops responding when open. Here is my DDS log:

** Please note:: I was unable to run GMER without it locking up my machine, even in safe mode.
** ALSO!! OTL.txt and Extras.txt are in attachments!
**** I have also used Malwarebyte's to try and rid of some of the infections. I have posted the before removal log and after removal log.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul at 22:38:44.71 on Wed 19/05/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.61.1033.18.2045.549 [GMT 10:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
"C:\Windows\System32\svchost.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paul\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = proxy.tpg.com.au:3128
uInternet Settings,ProxyOverride = *.local;<local>
BHO: c:\windows\system32\ltw9gy.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\system32\ltw9gy.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar]
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [mcexecwin] rundll32.exe c:\windows\temp\rfuwbhi.dll, RestoreWindows
dRun: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] c:\windows\temp\xwmuc4.exe
dRun: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] c:\windows\temp\cmd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.163.13,93.188.166.176
TCP: {54DB50BA-9F6F-4F87-99A9-3DDF9F4398EE} = 93.188.163.13,93.188.166.176
TCP: {67A7658B-583B-4E81-8D5E-C3B5C847C4E3} = 93.188.163.13,93.188.166.176
TCP: {70FC4915-10B8-4CD3-98F4-3E4B7CA244E0} = 93.188.163.13,93.188.166.176
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
STS: c:\windows\system32\ltw9gy.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\system32\ltw9gy.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\mrsnv4gw.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\users\paul\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2010-1-10 42608]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-10 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-10 56816]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-1 7168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-12 13224]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-6-4 806272]

=============== Created Last 30 ================

2010-05-19 10:35:35 0 d-s---w- C:\ComboFix
2010-05-19 09:56:53 691 ----a-w- c:\users\paul\appdata\roaming\GetValue.vbs
2010-05-19 09:56:53 35 ----a-w- c:\users\paul\appdata\roaming\SetValue.bat
2010-05-19 09:55:12 6968 ----a-w- c:\windows\system32\tmp.reg
2010-05-19 09:51:21 98816 ----a-w- c:\windows\sed.exe
2010-05-19 09:51:21 77312 ----a-w- c:\windows\MBR.exe
2010-05-19 09:51:21 256512 ----a-w- c:\windows\PEV.exe
2010-05-19 09:51:21 161792 ----a-w- c:\windows\SWREG.exe
2010-05-19 07:12:29 86 ----a-w- c:\windows\wininit.ini
2010-05-19 07:08:39 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-19 07:04:17 0 d-----w- c:\users\paul\appdata\roaming\SUPERAntiSpyware.com
2010-05-19 07:04:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-19 06:56:38 70656 ----a-w- c:\windows\system32\-f36decbb.exe
2010-05-19 06:03:23 70656 ----a-w- c:\windows\system32\-7e45548b.exe
2010-05-19 06:01:10 823808 ----a-w- c:\windows\system32\drivers\mzlqn.sys
2010-05-18 14:54:34 2068 ----a-w- c:\users\paul\Inv00000035.pdf
2010-05-18 14:52:43 2097 ----a-w- c:\users\paul\Inv00000001.pdf
2010-05-18 14:50:12 115738 ----a-w- c:\users\paul\fk.xps
2010-05-18 14:29:34 0 d-----w- c:\program files\common files\AnswerWorks 4.0
2010-05-18 14:29:22 0 ----a-w- c:\windows\drvxl32.INI
2010-05-18 14:29:21 0 ----a-w- c:\windows\drvwd32.INI
2010-05-18 14:28:19 0 d-----w- C:\Premier2006
2010-05-12 17:01:10 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-05-12 11:37:39 0 d-----w- c:\users\paul\appdata\roaming\TrueCrypt
2010-05-12 11:37:06 0 d-----w- c:\programdata\TrueCrypt
2010-05-12 11:36:59 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-12 11:36:32 0 d-----w- c:\program files\TrueCrypt
2010-05-12 11:17:21 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 09:39:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-05-12 09:39:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-05-12 09:36:55 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-05-12 09:36:54 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-05-10 07:31:44 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-10 07:31:44 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-10 07:30:55 0 d-----w- c:\program files\iPod
2010-05-10 07:30:54 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-10 07:30:54 0 d-----w- c:\program files\iTunes
2010-05-10 07:28:40 0 d-----w- c:\program files\Bonjour
2010-05-08 07:05:22 0 d-----w- c:\program files\Audacity Recovery Utility
2010-05-06 11:25:03 0 d-----w- c:\programdata\TEMP
2010-05-06 11:24:53 0 d-----w- c:\program files\SpywareBlaster
2010-05-03 03:23:53 0 d-----w- c:\program files\Ventrilo
2010-05-03 03:23:48 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-05-03 03:22:58 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-03 01:49:15 0 d-----w- c:\users\paul\appdata\roaming\TS3Client
2010-05-03 01:48:54 0 d-----w- c:\program files\TeamSpeak 3 Client
2010-05-02 09:53:17 0 d-----w- c:\users\paul\appdata\roaming\Omega
2010-05-02 06:48:17 0 d-----w- c:\program files\Mixxx
2010-04-24 06:18:58 0 d-----w- c:\programdata\Sun
2010-04-24 06:18:39 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-05-12 09:37:48 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-12 09:37:48 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-12 09:37:48 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-06 00:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-08 03:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 03:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39:35 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-18 14:49:31 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:49:31 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:11:41 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-01-10 14:21:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-30 02:00:16 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-30 02:00:16 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-30 02:00:16 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 22:40:45.64 ===============

Cheers. :-)

Attached Files


Edited by synsterky, 19 May 2010 - 10:43 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 20 May 2010 - 11:35 PM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 synsterky

synsterky
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 May 2010 - 12:47 AM

Hi Blade.

I ran ComboFix again, however, for some reason it didn't give me a log. It just have me this file in C:\ComboFix (no extension) that when clicked on opens up another My Computer window. I fully searched through the PC for it, but to no avail. I have ran DDS again, though, and I shall post the results below.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul at 15:43:21.93 on Fri 21/05/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.61.1033.18.2045.975 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paul\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = proxy.tpg.com.au:3128
uInternet Settings,ProxyOverride = *.local;<local>
BHO: c:\windows\system32\ltw9gy.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\system32\ltw9gy.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar]
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [mcexecwin] rundll32.exe c:\windows\temp\rfuwbhi.dll, RestoreWindows
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\guard32.dll
STS: c:\windows\system32\ltw9gy.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\system32\ltw9gy.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\mrsnv4gw.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\users\paul\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2010-1-10 42608]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-10 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 30112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\SDPIOSYS.SYS [2004-11-30 161792]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-10 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-10 185089]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2010-1-10 49152]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-10 56816]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-1-15 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-6 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-1 7168]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-15 27632]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-11 79360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-12 13224]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-10 30192]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-6-4 806272]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-1-15 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-1-15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-1-15 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-1-15 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-1-15 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-1-15 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-1-15 109864]

=============== Created Last 30 ================

2010-05-21 05:39:52 0 d-s---w- C:\ComboFix
2010-05-20 04:56:57 0 d-----w- c:\programdata\COMODO
2010-05-20 04:50:24 0 d-----w- c:\program files\COMODO
2010-05-20 04:48:49 0 d-----w- c:\programdata\Comodo Downloader
2010-05-20 03:44:38 0 d-----w- c:\program files\TrendMicro
2010-05-20 03:22:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 03:22:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 22:03:53 167067191 ----a-w- c:\windows\MEMORY.DMP
2010-05-19 13:03:42 0 d-----w- C:\32788R22FWJFW(0)
2010-05-19 09:56:53 691 ----a-w- c:\users\paul\appdata\roaming\GetValue.vbs
2010-05-19 09:56:53 35 ----a-w- c:\users\paul\appdata\roaming\SetValue.bat
2010-05-19 09:55:12 6968 ----a-w- c:\windows\system32\tmp.reg
2010-05-19 09:51:21 98816 ----a-w- c:\windows\sed.exe
2010-05-19 09:51:21 77312 ----a-w- c:\windows\MBR.exe
2010-05-19 09:51:21 256512 ----a-w- c:\windows\PEV.exe
2010-05-19 09:51:21 161792 ----a-w- c:\windows\SWREG.exe
2010-05-19 07:12:29 86 ----a-w- c:\windows\wininit.ini
2010-05-19 07:08:39 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-19 07:04:17 0 d-----w- c:\users\paul\appdata\roaming\SUPERAntiSpyware.com
2010-05-19 07:04:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-19 06:01:10 823808 ----a-w- c:\windows\system32\drivers\mzlqn.sys
2010-05-18 14:54:34 2068 ----a-w- c:\users\paul\Inv00000035.pdf
2010-05-18 14:52:43 2097 ----a-w- c:\users\paul\Inv00000001.pdf
2010-05-18 14:50:12 115738 ----a-w- c:\users\paul\fk.xps
2010-05-18 14:29:34 0 d-----w- c:\program files\common files\AnswerWorks 4.0
2010-05-18 14:29:22 0 ----a-w- c:\windows\drvxl32.INI
2010-05-18 14:29:21 0 ----a-w- c:\windows\drvwd32.INI
2010-05-18 14:28:19 0 d-----w- C:\Premier2006
2010-05-12 17:01:10 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-05-12 11:37:39 0 d-----w- c:\users\paul\appdata\roaming\TrueCrypt
2010-05-12 11:37:06 0 d-----w- c:\programdata\TrueCrypt
2010-05-12 11:36:59 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-12 11:36:32 0 d-----w- c:\program files\TrueCrypt
2010-05-12 11:17:21 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 09:39:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-05-12 09:39:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-05-12 09:36:55 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-05-12 09:36:54 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-05-10 07:31:44 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-10 07:31:44 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-10 07:30:55 0 d-----w- c:\program files\iPod
2010-05-10 07:30:54 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-10 07:30:54 0 d-----w- c:\program files\iTunes
2010-05-10 07:28:40 0 d-----w- c:\program files\Bonjour
2010-05-08 07:05:22 0 d-----w- c:\program files\Audacity Recovery Utility
2010-05-06 11:25:03 0 d-----w- c:\programdata\TEMP
2010-05-06 11:24:53 0 d-----w- c:\program files\SpywareBlaster
2010-05-03 03:23:53 0 d-----w- c:\program files\Ventrilo
2010-05-03 03:23:48 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-05-03 03:22:58 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-03 01:49:15 0 d-----w- c:\users\paul\appdata\roaming\TS3Client
2010-05-03 01:48:54 0 d-----w- c:\program files\TeamSpeak 3 Client
2010-05-02 09:53:17 0 d-----w- c:\users\paul\appdata\roaming\Omega
2010-05-02 06:48:17 0 d-----w- c:\program files\Mixxx
2010-04-24 06:18:58 0 d-----w- c:\programdata\Sun
2010-04-24 06:18:39 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-05-20 04:53:23 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-20 04:53:23 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-20 04:53:22 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-06 00:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-08 15:26:12 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-08 15:25:30 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-08 15:25:28 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-08 15:25:28 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-08 03:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 03:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39:35 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-10 14:21:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-30 02:00:16 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-30 02:00:16 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-30 02:00:16 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:45:35.94 ===============

Attached Files


Edited by synsterky, 21 May 2010 - 12:49 AM.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 21 May 2010 - 01:16 AM

Please try to run it again after making sure protection software is disabled (see the link in my previous post).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 synsterky

synsterky
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 May 2010 - 02:33 AM

I've tried running it a total of 4 more times - each time achieves the same result. I've tried 3 times in safe mode and once more in normal. Each time I've ensured that all software that may conflict with the running of ComboFix is disabled.

Is there any other application that can provide the same log?

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 21 May 2010 - 01:26 PM

Hi,

See if you can find ComboFix.txt file in c:\qoobox or c:\combofix folder.

Also, start MBAM, update its database and run a full scan. Post back the report.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 synsterky

synsterky
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 May 2010 - 08:08 PM

Hi.


No such luck finding ComboFix log, sorry. Here's the MBAM log, though.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4126

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

22/05/2010 11:06:50
mbam-log-2010-05-22 (11-06-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 275645
Time elapsed: 1 hour(s), 25 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DIBCMLQJ\packupdate_build107_302[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DIBCMLQJ\packupdate_build107_302[2].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DIBCMLQJ\packupdate_build107_302[3].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\mzlqn.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


#8 synsterky

synsterky
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 May 2010 - 09:04 PM

I also ran a SuperAntiSpyware scan, AFTER the MBAM scan and the results are as follows:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/22/2010 at 11:49 AM

Application Version : 4.37.1000

Core Rules Database Version : 4969
Trace Rules Database Version: 2781

Scan type : Quick Scan
Total Scan Time : 00:32:59

Memory items scanned : 975
Memory threats detected : 0
Registry items scanned : 620
Registry threats detected : 0
File items scanned : 21327
File threats detected : 4

Adware.Tracking Cookie
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@atdmt[4].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@atdmt[2].txt

Trojan.RootKit/Gen
C:\WINDOWS\SYSTEM32\DRIVERS\MZLQN.SYS

Trojan.Agent/Gen-CDesc[Medsec]
C:\WINDOWS\TEMP\IGK.EXE


As you can see MBAM didn't actually remove the Rootkit like it said it had. Odd?

#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 22 May 2010 - 10:21 AM

Hi,

Please post fresh DDS log with a description of remaining issues (if any).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 synsterky

synsterky
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 22 May 2010 - 10:30 AM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul at 1:23:29.59 on Sun 23/05/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.61.1033.18.2045.807 [GMT 10:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Omega\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Paul\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = proxy.tpg.com.au:3128
uInternet Settings,ProxyOverride = *.local;<local>
BHO: c:\windows\system32\ltw9gy.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\system32\ltw9gy.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar]
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [mcexecwin] rundll32.exe c:\windows\temp\rfuwbhi.dll, RestoreWindows
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\guard32.dll
STS: c:\windows\system32\ltw9gy.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\system32\ltw9gy.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\mrsnv4gw.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\users\paul\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2010-1-10 42608]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-10 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 30112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\SDPIOSYS.SYS [2004-11-30 161792]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-10 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-10 185089]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2010-1-10 49152]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-10 56816]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-1 7168]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-15 27632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-11 79360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-12 13224]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-10 30192]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-6-4 806272]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-1-15 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-1-15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-1-15 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-1-15 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-1-15 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-1-15 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-1-15 109864]

=============== Created Last 30 ================

2010-05-21 07:23:08 0 d-sh--w- C:\found.000
2010-05-21 06:59:11 0 d-s---w- C:\ComboFix
2010-05-20 04:56:57 0 d-----w- c:\programdata\COMODO
2010-05-20 04:50:24 0 d-----w- c:\program files\COMODO
2010-05-20 04:48:49 0 d-----w- c:\programdata\Comodo Downloader
2010-05-20 03:44:38 0 d-----w- c:\program files\TrendMicro
2010-05-20 03:22:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 03:22:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 22:03:53 167067191 ----a-w- c:\windows\MEMORY.DMP
2010-05-19 13:03:42 0 d-----w- C:\32788R22FWJFW(0)
2010-05-19 09:56:53 691 ----a-w- c:\users\paul\appdata\roaming\GetValue.vbs
2010-05-19 09:56:53 35 ----a-w- c:\users\paul\appdata\roaming\SetValue.bat
2010-05-19 09:55:12 6968 ----a-w- c:\windows\system32\tmp.reg
2010-05-19 09:51:21 98816 ----a-w- c:\windows\sed.exe
2010-05-19 09:51:21 77312 ----a-w- c:\windows\MBR.exe
2010-05-19 09:51:21 256512 ----a-w- c:\windows\PEV.exe
2010-05-19 09:51:21 161792 ----a-w- c:\windows\SWREG.exe
2010-05-19 07:12:29 86 ----a-w- c:\windows\wininit.ini
2010-05-19 07:08:39 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-19 07:04:17 0 d-----w- c:\users\paul\appdata\roaming\SUPERAntiSpyware.com
2010-05-19 07:04:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-19 06:01:10 823808 ----a-w- c:\windows\system32\drivers\mzlqn.sys
2010-05-18 14:54:34 2068 ----a-w- c:\users\paul\Inv00000035.pdf
2010-05-18 14:52:43 2097 ----a-w- c:\users\paul\Inv00000001.pdf
2010-05-18 14:50:12 115738 ----a-w- c:\users\paul\fk.xps
2010-05-18 14:29:34 0 d-----w- c:\program files\common files\AnswerWorks 4.0
2010-05-18 14:29:22 0 ----a-w- c:\windows\drvxl32.INI
2010-05-18 14:29:21 0 ----a-w- c:\windows\drvwd32.INI
2010-05-18 14:28:19 0 d-----w- C:\Premier2006
2010-05-12 17:01:10 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-05-12 11:37:39 0 d-----w- c:\users\paul\appdata\roaming\TrueCrypt
2010-05-12 11:37:06 0 d-----w- c:\programdata\TrueCrypt
2010-05-12 11:36:59 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-12 11:36:32 0 d-----w- c:\program files\TrueCrypt
2010-05-12 11:17:21 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 09:39:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-05-12 09:39:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-05-12 09:36:55 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-05-12 09:36:54 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-05-10 07:31:44 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-10 07:31:44 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-10 07:30:55 0 d-----w- c:\program files\iPod
2010-05-10 07:30:54 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-10 07:30:54 0 d-----w- c:\program files\iTunes
2010-05-10 07:28:40 0 d-----w- c:\program files\Bonjour
2010-05-08 07:05:22 0 d-----w- c:\program files\Audacity Recovery Utility
2010-05-06 11:25:03 0 d-----w- c:\programdata\TEMP
2010-05-06 11:24:53 0 d-----w- c:\program files\SpywareBlaster
2010-05-03 03:23:53 0 d-----w- c:\program files\Ventrilo
2010-05-03 03:23:48 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-05-03 03:22:58 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-03 01:49:15 0 d-----w- c:\users\paul\appdata\roaming\TS3Client
2010-05-03 01:48:54 0 d-----w- c:\program files\TeamSpeak 3 Client
2010-05-02 09:53:17 0 d-----w- c:\users\paul\appdata\roaming\Omega
2010-05-02 06:48:17 0 d-----w- c:\program files\Mixxx
2010-04-24 06:18:58 0 d-----w- c:\programdata\Sun
2010-04-24 06:18:39 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-05-20 04:53:23 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-20 04:53:23 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-20 04:53:22 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-06 00:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-08 15:26:12 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-08 15:25:30 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-08 15:25:28 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-08 15:25:28 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-08 03:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 03:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-10 14:21:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-30 02:00:16 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-30 02:00:16 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-30 02:00:16 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 1:26:00.39 ===============

I don't think there's any symptoms left but I might not have discovered them yet. Do you think it's all gone?


#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 22 May 2010 - 11:17 AM

Hi,

There's still some dubious stuff there. Could you uninstall both Antivir and Comodo for now (to make sure neither one will interfere with cleaning)?

Then disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer
Finally run ComboFix.

Edited by Blade81, 22 May 2010 - 11:17 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#12 synsterky

synsterky
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 22 May 2010 - 09:29 PM

For sure. I'll post the results ASAP :-)

#13 synsterky

synsterky
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 25 May 2010 - 07:24 AM

Hi.

I uninstalled Avira, Comodo and Spybot. I tried running ComboFix in normal mode twice - no luck. I then tried in safe mode - again no luck. It gets stuck at the point where it says it's going to take 10 minutes to scan. After that message there is no more progress - it just hangs my machine. I've ensured there were no intrusive applications running at the time. There are also no ComboFix log files that I can locate in the various directories you asked me to check previously.

Is this common? I'm not sure where to go from here.


Thanks for your help so far,


Paul.

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 25 May 2010 - 11:57 AM

Hi,

Let's try other tool for a change.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 synsterky

synsterky
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 25 May 2010 - 05:25 PM

There was no Extras.txt, just OTL.txt.


OTL logfile created on: 26/05/2010 08:12:33 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Paul\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.77 Gb Total Space | 68.87 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICEBLITZ
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Authentec memory manager) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Paul\AppData\Local\Temp\catchme.sys ()
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sdpiosys) -- C:\Windows\system32\drivers\sdpiosys.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 11 57 D0 A0 F5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.tpg.com.au:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.ftp: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/18 20:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 10:44:33 | 000,000,000 | ---D | M]

[2010/02/15 00:44:09 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2010/05/19 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\mrsnv4gw.default\extensions
[2010/02/15 12:20:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\mrsnv4gw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/24 16:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 16:18:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/19 19:56:50 | 000,392,963 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13573 more lines...
O2 - BHO: (C:\Windows\system32\ltw9gy.dll) - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\Windows\System32\ltw9gy.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Sidebar] File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - har98fefiesjfs93s8i9sejsdf - C:\Windows\System32\ltw9gy.dll File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bf61f31-0704-11df-8342-002258e3d526}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf61f31-0704-11df-8342-002258e3d526}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{85fb02e9-ff9f-11de-8dad-001e3392ca5a}\Shell - "" = AutoRun
O33 - MountPoints2\{85fb02e9-ff9f-11de-8dad-001e3392ca5a}\Shell\AutoRun\command - "" = E:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 12:35:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 08:11:45 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/05/25 22:44:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Avira
[2010/05/25 22:35:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/05/25 22:35:45 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/05/25 22:35:45 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/05/25 22:35:45 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/05/25 22:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/05/25 22:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/05/25 21:53:34 | 000,000,000 | --SD | C] -- C:\cf24549c
[2010/05/25 21:52:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/25 21:38:57 | 000,000,000 | --SD | C] -- C:\cf25139c
[2010/05/25 21:17:58 | 000,000,000 | --SD | C] -- C:\cf
[2010/05/25 21:09:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/05/21 17:23:08 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/21 15:26:26 | 000,000,000 | --SD | C] -- C:\ComboFix.txt
[2010/05/20 14:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/05/20 14:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/05/20 14:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/05/20 13:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/05/20 13:22:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/20 13:22:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/20 08:04:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/19 23:03:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(0)
[2010/05/19 19:51:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/19 19:51:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/19 19:51:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/19 19:51:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/19 19:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/19 17:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/19 17:04:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/19 17:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/19 00:52:52 | 000,000,000 | R--D | C] -- C:\Users\Paul\Documents\Scanned Documents
[2010/05/19 00:52:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Fax
[2010/05/19 00:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2010/05/19 00:28:19 | 000,000,000 | ---D | C] -- C:\Premier2006
[2010/05/13 03:01:10 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/05/12 21:37:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\TrueCrypt
[2010/05/12 21:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010/05/12 21:36:59 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010/05/12 21:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/05/12 19:36:55 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010/05/12 19:36:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010/05/12 19:31:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Sony Ericsson
[2010/05/10 17:31:44 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/05/10 17:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/10 17:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/10 17:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/10 17:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/10 17:03:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Apple Computer
[2010/05/10 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Apple Computer
[2010/05/09 15:41:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Notepad++
[2010/05/09 15:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/05/09 15:30:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Server Configs
[2010/05/08 17:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity Recovery Utility
[2010/05/06 21:28:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Files
[2010/05/06 21:27:42 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Games
[2010/05/06 21:26:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Shortcuts
[2010/05/06 21:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/05/06 21:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/05/06 18:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/03 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Ventrilo
[2010/05/03 13:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/05/03 13:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/03 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\TS3Client
[2010/05/03 11:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/05/02 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Omega
[2010/05/02 16:51:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Mixxx
[2010/05/02 16:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mixxx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/26 08:16:34 | 006,815,744 | -HS- | M] () -- C:\Users\Paul\ntuser.dat
[2010/05/26 08:16:20 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\mzlqn.sys
[2010/05/26 08:10:26 | 000,822,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/26 08:10:26 | 000,693,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/26 08:10:26 | 000,141,016 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/26 08:08:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/26 08:08:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/26 08:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/25 23:03:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2865800292-2543043664-1061227069-1000UA.job
[2010/05/25 22:35:58 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/25 22:09:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/25 22:09:06 | 2143,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 22:08:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/25 22:08:03 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{f130dd58-0d89-11df-9647-001e3392ca5a}.TMContainer00000000000000000001.regtrans-ms
[2010/05/25 22:08:03 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{f130dd58-0d89-11df-9647-001e3392ca5a}.TM.blf
[2010/05/25 22:08:01 | 004,007,155 | -H-- | M] () -- C:\Users\Paul\AppData\Local\IconCache.db
[2010/05/25 22:07:05 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/05/25 22:04:24 | 000,001,356 | ---- | M] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
[2010/05/25 21:23:00 | 164,425,271 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/25 16:22:08 | 000,000,700 | ---- | M] () -- C:\Users\Paul\Desktop\cmd.lnk
[2010/05/25 06:03:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2865800292-2543043664-1061227069-1000Core.job
[2010/05/23 01:53:27 | 000,025,088 | ---- | M] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/22 12:19:20 | 000,002,515 | ---- | M] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2010/05/22 11:06:44 | 000,001,530 | ---- | M] () -- C:\Users\Paul\Desktop\mbam-log-2010-05-22 (11-06-38)before
[2010/05/21 15:39:17 | 003,692,853 | R--- | M] () -- C:\Users\Paul\Desktop\cf.exe
[2010/05/21 08:04:10 | 000,002,048 | ---- | M] () -- C:\Users\Paul\Desktop\Google Chrome.lnk
[2010/05/20 13:22:27 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 08:10:02 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/05/19 23:18:50 | 000,293,376 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.exe
[2010/05/19 19:56:53 | 000,006,968 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/05/19 19:56:53 | 000,000,691 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\GetValue.vbs
[2010/05/19 19:56:53 | 000,000,035 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\SetValue.bat
[2010/05/19 19:56:50 | 000,392,963 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/19 17:12:29 | 000,000,086 | ---- | M] () -- C:\Windows\wininit.ini
[2010/05/19 17:04:19 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/19 16:56:20 | 000,412,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/19 13:59:47 | 000,120,408 | ---- | M] () -- C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/19 00:56:14 | 000,002,068 | ---- | M] () -- C:\Users\Paul\Inv00000035.pdf
[2010/05/19 00:52:43 | 000,002,097 | ---- | M] () -- C:\Users\Paul\Inv00000001.pdf
[2010/05/19 00:50:13 | 000,115,738 | ---- | M] () -- C:\Users\Paul\fk.xps
[2010/05/19 00:29:22 | 000,000,000 | ---- | M] () -- C:\Windows\drvxl32.INI
[2010/05/19 00:29:21 | 000,000,000 | ---- | M] () -- C:\Windows\drvwd32.INI
[2010/05/19 00:29:13 | 000,001,481 | ---- | M] () -- C:\Users\Public\Desktop\MYOB Premier Accounting 2006 (v15).lnk
[2010/05/13 22:34:52 | 2768,635,188 | ---- | M] () -- C:\Users\Paul\Desktop\mix 13th may.wav
[2010/05/12 21:36:59 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010/05/12 19:39:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/05/12 19:39:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/05/12 19:37:49 | 000,001,049 | ---- | M] () -- C:\Users\Paul\Desktop\Update Service.lnk
[2010/05/12 19:36:55 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010/05/12 19:36:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010/05/10 17:31:57 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/09 15:41:12 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/05/08 19:16:20 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2010/05/08 18:25:59 | 667,039,788 | ---- | M] () -- C:\Users\Paul\Desktop\DJ rKayde - Live (May '10).wav
[2010/05/08 17:05:23 | 000,000,893 | ---- | M] () -- C:\Users\Paul\Desktop\Audacity Recovery Utility.lnk
[2010/05/06 21:17:18 | 000,000,214 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/03 13:24:08 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/02 19:53:19 | 000,001,576 | ---- | M] () -- C:\Users\Paul\Desktop\Launch Omega Script.lnk
[2010/05/02 17:08:08 | 000,000,986 | ---- | M] () -- C:\Users\Paul\AppData\Local\7F68A003.il
[2010/05/02 17:08:08 | 000,000,280 | ---- | M] () -- C:\Users\Paul\AppData\Local\IndexIE_7F68A003.il
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 22:35:58 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/25 22:07:05 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/05/25 21:41:31 | 2143,313,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/25 16:22:05 | 000,000,700 | ---- | C] () -- C:\Users\Paul\Desktop\cmd.lnk
[2010/05/22 11:06:44 | 000,001,530 | ---- | C] () -- C:\Users\Paul\Desktop\mbam-log-2010-05-22 (11-06-38)before
[2010/05/20 13:44:38 | 000,002,515 | ---- | C] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2010/05/20 13:22:27 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 08:03:53 | 164,425,271 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/20 07:54:06 | 000,293,376 | ---- | C] () -- C:\Users\Paul\Desktop\gmer.exe
[2010/05/19 19:56:53 | 000,000,691 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\GetValue.vbs
[2010/05/19 19:56:53 | 000,000,035 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\SetValue.bat
[2010/05/19 19:55:12 | 000,006,968 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/05/19 19:51:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/19 19:51:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/19 19:51:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/19 19:51:21 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/19 19:51:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/19 19:43:35 | 003,692,853 | R--- | C] () -- C:\Users\Paul\Desktop\cf.exe
[2010/05/19 17:12:29 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/19 17:04:19 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/19 16:01:10 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\mzlqn.sys
[2010/05/19 00:54:34 | 000,002,068 | ---- | C] () -- C:\Users\Paul\Inv00000035.pdf
[2010/05/19 00:52:43 | 000,002,097 | ---- | C] () -- C:\Users\Paul\Inv00000001.pdf
[2010/05/19 00:50:12 | 000,115,738 | ---- | C] () -- C:\Users\Paul\fk.xps
[2010/05/19 00:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2010/05/19 00:29:21 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2010/05/19 00:29:13 | 000,001,481 | ---- | C] () -- C:\Users\Public\Desktop\MYOB Premier Accounting 2006 (v15).lnk
[2010/05/13 22:30:20 | 2768,635,188 | ---- | C] () -- C:\Users\Paul\Desktop\mix 13th may.wav
[2010/05/12 19:39:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/05/12 19:39:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/05/12 19:37:49 | 000,001,049 | ---- | C] () -- C:\Users\Paul\Desktop\Update Service.lnk
[2010/05/10 17:31:57 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/09 15:41:12 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/05/08 19:16:20 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2010/05/08 18:23:27 | 667,039,788 | ---- | C] () -- C:\Users\Paul\Desktop\DJ rKayde - Live (May '10).wav
[2010/05/08 17:05:23 | 000,000,893 | ---- | C] () -- C:\Users\Paul\Desktop\Audacity Recovery Utility.lnk
[2010/05/03 13:23:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/02 19:53:19 | 000,001,576 | ---- | C] () -- C:\Users\Paul\Desktop\Launch Omega Script.lnk
[2010/02/15 20:02:37 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/02/12 16:15:32 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/01/11 18:56:29 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/01/11 18:56:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/01/11 18:39:00 | 000,033,126 | ---- | C] () -- C:\Windows\System32\kschimp.ini
[2010/01/11 18:38:41 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/01/11 00:33:55 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/10 22:15:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/01/10 22:15:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/01/10 22:15:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/01/10 22:15:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/01/10 22:15:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/01/10 22:15:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/01/10 22:01:54 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2010/01/10 22:01:54 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2010/01/10 22:01:54 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2010/01/10 22:01:54 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/05 02:03:24 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2009/01/26 13:38:54 | 033,793,272 | ---- | C] () -- C:\Windows\System32\TrueAccessCoInst.dll
[2008/05/01 14:55:17 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/01 14:55:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/01 14:19:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/24 18:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 18:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 18:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 18:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 18:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 18:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/01/31 08:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004/11/30 12:10:00 | 000,161,792 | ---- | C] () -- C:\Windows\System32\drivers\SDPIOSYS.SYS

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 12:25:06 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/05/01 14:31:12 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/25 22:09:06 | 2143,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/01 13:43:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/01 13:43:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/25 22:09:04 | 2459,168,768 | -HS- | M] () -- C:\pagefile.sys
[2010/05/19 19:57:56 | 000,005,379 | ---- | M] () -- C:\rapport.txt
[2010/05/19 21:45:58 | 000,015,470 | ---- | M] () -- C:\RootRepeal report 05-19-10 (21-45-58).txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/07 23:59:42 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2008/01/21 12:25:06 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 12:25:02 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/08/12 13:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/09 01:25:28 | 000,016,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2010/04/09 01:25:28 | 000,218,560 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2010/04/09 01:25:30 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/05/12 19:36:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010/05/12 19:36:55 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010/04/09 01:25:30 | 000,074,408 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/26 08:21:33 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\mzlqn.sys
[2010/03/04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/05/12 21:36:59 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
< End of report >


There was no Extras.txt, just OTL.txt.


OTL logfile created on: 26/05/2010 08:12:33 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Paul\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.77 Gb Total Space | 68.87 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ICEBLITZ
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Authentec memory manager) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Paul\AppData\Local\Temp\catchme.sys ()
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sdpiosys) -- C:\Windows\system32\drivers\sdpiosys.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 11 57 D0 A0 F5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.tpg.com.au:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.ftp: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.tpg.com.au"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/18 20:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 10:44:33 | 000,000,000 | ---D | M]

[2010/02/15 00:44:09 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2010/05/19 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\mrsnv4gw.default\extensions
[2010/02/15 12:20:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\mrsnv4gw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/24 16:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 16:18:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/19 19:56:50 | 000,392,963 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13573 more lines...
O2 - BHO: (C:\Windows\system32\ltw9gy.dll) - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\Windows\System32\ltw9gy.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Sidebar] File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - har98fefiesjfs93s8i9sejsdf - C:\Windows\System32\ltw9gy.dll File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bf61f31-0704-11df-8342-002258e3d526}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf61f31-0704-11df-8342-002258e3d526}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{85fb02e9-ff9f-11de-8dad-001e3392ca5a}\Shell - "" = AutoRun
O33 - MountPoints2\{85fb02e9-ff9f-11de-8dad-001e3392ca5a}\Shell\AutoRun\command - "" = E:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 12:35:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 08:11:45 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/05/25 22:44:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Avira
[2010/05/25 22:35:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/05/25 22:35:45 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/05/25 22:35:45 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/05/25 22:35:45 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/05/25 22:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/05/25 22:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/05/25 21:53:34 | 000,000,000 | --SD | C] -- C:\cf24549c
[2010/05/25 21:52:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/25 21:38:57 | 000,000,000 | --SD | C] -- C:\cf25139c
[2010/05/25 21:17:58 | 000,000,000 | --SD | C] -- C:\cf
[2010/05/25 21:09:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/05/21 17:23:08 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/21 15:26:26 | 000,000,000 | --SD | C] -- C:\ComboFix.txt
[2010/05/20 14:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/05/20 14:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/05/20 14:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/05/20 13:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/05/20 13:22:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/20 13:22:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/20 08:04:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/19 23:03:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(0)
[2010/05/19 19:51:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/19 19:51:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/19 19:51:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/19 19:51:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/19 19:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/19 17:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/19 17:04:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/19 17:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/19 00:52:52 | 000,000,000 | R--D | C] -- C:\Users\Paul\Documents\Scanned Documents
[2010/05/19 00:52:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Fax
[2010/05/19 00:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2010/05/19 00:28:19 | 000,000,000 | ---D | C] -- C:\Premier2006
[2010/05/13 03:01:10 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/05/12 21:37:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\TrueCrypt
[2010/05/12 21:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010/05/12 21:36:59 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010/05/12 21:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/05/12 19:36:55 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010/05/12 19:36:54 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010/05/12 19:31:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Sony Ericsson
[2010/05/10 17:31:44 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/05/10 17:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/10 17:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/10 17:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/10 17:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/10 17:03:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Apple Computer
[2010/05/10 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Apple Computer
[2010/05/09 15:41:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Notepad++
[2010/05/09 15:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/05/09 15:30:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Server Configs
[2010/05/08 17:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity Recovery Utility
[2010/05/06 21:28:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Files
[2010/05/06 21:27:42 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Games
[2010/05/06 21:26:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Shortcuts
[2010/05/06 21:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/05/06 21:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/05/06 18:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/03 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Ventrilo
[2010/05/03 13:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/05/03 13:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/03 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\TS3Client
[2010/05/03 11:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/05/02 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Omega
[2010/05/02 16:51:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Mixxx
[2010/05/02 16:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mixxx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/26 08:16:34 | 006,815,744 | -HS- | M] () -- C:\Users\Paul\ntuser.dat
[2010/05/26 08:16:20 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\mzlqn.sys
[2010/05/26 08:10:26 | 000,822,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/26 08:10:26 | 000,693,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/26 08:10:26 | 000,141,016 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/26 08:08:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/26 08:08:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/26 08:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/25 23:03:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2865800292-2543043664-1061227069-1000UA.job
[2010/05/25 22:35:58 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/25 22:09:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/25 22:09:06 | 2143,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 22:08:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/25 22:08:03 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{f130dd58-0d89-11df-9647-001e3392ca5a}.TMContainer00000000000000000001.regtrans-ms
[2010/05/25 22:08:03 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{f130dd58-0d89-11df-9647-001e3392ca5a}.TM.blf
[2010/05/25 22:08:01 | 004,007,155 | -H-- | M] () -- C:\Users\Paul\AppData\Local\IconCache.db
[2010/05/25 22:07:05 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/05/25 22:04:24 | 000,001,356 | ---- | M] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
[2010/05/25 21:23:00 | 164,425,271 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/25 16:22:08 | 000,000,700 | ---- | M] () -- C:\Users\Paul\Desktop\cmd.lnk
[2010/05/25 06:03:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2865800292-2543043664-1061227069-1000Core.job
[2010/05/23 01:53:27 | 000,025,088 | ---- | M] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/22 12:19:20 | 000,002,515 | ---- | M] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2010/05/22 11:06:44 | 000,001,530 | ---- | M] () -- C:\Users\Paul\Desktop\mbam-log-2010-05-22 (11-06-38)before
[2010/05/21 15:39:17 | 003,692,853 | R--- | M] () -- C:\Users\Paul\Desktop\cf.exe
[2010/05/21 08:04:10 | 000,002,048 | ---- | M] () -- C:\Users\Paul\Desktop\Google Chrome.lnk
[2010/05/20 13:22:27 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 08:10:02 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/05/19 23:18:50 | 000,293,376 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.exe
[2010/05/19 19:56:53 | 000,006,968 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/05/19 19:56:53 | 000,000,691 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\GetValue.vbs
[2010/05/19 19:56:53 | 000,000,035 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\SetValue.bat
[2010/05/19 19:56:50 | 000,392,963 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/19 17:12:29 | 000,000,086 | ---- | M] () -- C:\Windows\wininit.ini
[2010/05/19 17:04:19 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/19 16:56:20 | 000,412,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/19 13:59:47 | 000,120,408 | ---- | M] () -- C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/19 00:56:14 | 000,002,068 | ---- | M] () -- C:\Users\Paul\Inv00000035.pdf
[2010/05/19 00:52:43 | 000,002,097 | ---- | M] () -- C:\Users\Paul\Inv00000001.pdf
[2010/05/19 00:50:13 | 000,115,738 | ---- | M] () -- C:\Users\Paul\fk.xps
[2010/05/19 00:29:22 | 000,000,000 | ---- | M] () -- C:\Windows\drvxl32.INI
[2010/05/19 00:29:21 | 000,000,000 | ---- | M] () -- C:\Windows\drvwd32.INI
[2010/05/19 00:29:13 | 000,001,481 | ---- | M] () -- C:\Users\Public\Desktop\MYOB Premier Accounting 2006 (v15).lnk
[2010/05/13 22:34:52 | 2768,635,188 | ---- | M] () -- C:\Users\Paul\Desktop\mix 13th may.wav
[2010/05/12 21:36:59 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010/05/12 19:39:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/05/12 19:39:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/05/12 19:37:49 | 000,001,049 | ---- | M] () -- C:\Users\Paul\Desktop\Update Service.lnk
[2010/05/12 19:36:55 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010/05/12 19:36:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010/05/10 17:31:57 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/09 15:41:12 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/05/08 19:16:20 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2010/05/08 18:25:59 | 667,039,788 | ---- | M] () -- C:\Users\Paul\Desktop\DJ rKayde - Live (May '10).wav
[2010/05/08 17:05:23 | 000,000,893 | ---- | M] () -- C:\Users\Paul\Desktop\Audacity Recovery Utility.lnk
[2010/05/06 21:17:18 | 000,000,214 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/03 13:24:08 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/02 19:53:19 | 000,001,576 | ---- | M] () -- C:\Users\Paul\Desktop\Launch Omega Script.lnk
[2010/05/02 17:08:08 | 000,000,986 | ---- | M] () -- C:\Users\Paul\AppData\Local\7F68A003.il
[2010/05/02 17:08:08 | 000,000,280 | ---- | M] () -- C:\Users\Paul\AppData\Local\IndexIE_7F68A003.il
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 22:35:58 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/25 22:07:05 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/05/25 21:41:31 | 2143,313,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/25 16:22:05 | 000,000,700 | ---- | C] () -- C:\Users\Paul\Desktop\cmd.lnk
[2010/05/22 11:06:44 | 000,001,530 | ---- | C] () -- C:\Users\Paul\Desktop\mbam-log-2010-05-22 (11-06-38)before
[2010/05/20 13:44:38 | 000,002,515 | ---- | C] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2010/05/20 13:22:27 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 08:03:53 | 164,425,271 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/20 07:54:06 | 000,293,376 | ---- | C] () -- C:\Users\Paul\Desktop\gmer.exe
[2010/05/19 19:56:53 | 000,000,691 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\GetValue.vbs
[2010/05/19 19:56:53 | 000,000,035 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\SetValue.bat
[2010/05/19 19:55:12 | 000,006,968 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/05/19 19:51:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/19 19:51:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/19 19:51:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/19 19:51:21 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/19 19:51:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/19 19:43:35 | 003,692,853 | R--- | C] () -- C:\Users\Paul\Desktop\cf.exe
[2010/05/19 17:12:29 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/19 17:04:19 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/19 16:01:10 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\mzlqn.sys
[2010/05/19 00:54:34 | 000,002,068 | ---- | C] () -- C:\Users\Paul\Inv00000035.pdf
[2010/05/19 00:52:43 | 000,002,097 | ---- | C] () -- C:\Users\Paul\Inv00000001.pdf
[2010/05/19 00:50:12 | 000,115,738 | ---- | C] () -- C:\Users\Paul\fk.xps
[2010/05/19 00:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2010/05/19 00:29:21 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2010/05/19 00:29:13 | 000,001,481 | ---- | C] () -- C:\Users\Public\Desktop\MYOB Premier Accounting 2006 (v15).lnk
[2010/05/13 22:30:20 | 2768,635,188 | ---- | C] () -- C:\Users\Paul\Desktop\mix 13th may.wav
[2010/05/12 19:39:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/05/12 19:39:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/05/12 19:37:49 | 000,001,049 | ---- | C] () -- C:\Users\Paul\Desktop\Update Service.lnk
[2010/05/10 17:31:57 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/09 15:41:12 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/05/08 19:16:20 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2010/05/08 18:23:27 | 667,039,788 | ---- | C] () -- C:\Users\Paul\Desktop\DJ rKayde - Live (May '10).wav
[2010/05/08 17:05:23 | 000,000,893 | ---- | C] () -- C:\Users\Paul\Desktop\Audacity Recovery Utility.lnk
[2010/05/03 13:23:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/02 19:53:19 | 000,001,576 | ---- | C] () -- C:\Users\Paul\Desktop\Launch Omega Script.lnk
[2010/02/15 20:02:37 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/02/12 16:15:32 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/01/11 18:56:29 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/01/11 18:56:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/01/11 18:39:00 | 000,033,126 | ---- | C] () -- C:\Windows\System32\kschimp.ini
[2010/01/11 18:38:41 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/01/11 00:33:55 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/10 22:15:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/01/10 22:15:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/01/10 22:15:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/01/10 22:15:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/01/10 22:15:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/01/10 22:15:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/01/10 22:01:54 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2010/01/10 22:01:54 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2010/01/10 22:01:54 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2010/01/10 22:01:54 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/05 02:03:24 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2009/01/26 13:38:54 | 033,793,272 | ---- | C] () -- C:\Windows\System32\TrueAccessCoInst.dll
[2008/05/01 14:55:17 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/01 14:55:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/01 14:19:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/24 18:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 18:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 18:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 18:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 18:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 18:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/01/31 08:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004/11/30 12:10:00 | 000,161,792 | ---- | C] () -- C:\Windows\System32\drivers\SDPIOSYS.SYS

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 12:25:06 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/05/01 14:31:12 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/25 22:09:06 | 2143,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/01 13:43:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/01 13:43:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/25 22:09:04 | 2459,168,768 | -HS- | M] () -- C:\pagefile.sys
[2010/05/19 19:57:56 | 000,005,379 | ---- | M] () -- C:\rapport.txt
[2010/05/19 21:45:58 | 000,015,470 | ---- | M] () -- C:\RootRepeal report 05-19-10 (21-45-58).txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/07 23:59:42 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2008/01/21 12:25:06 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 12:25:02 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/08/12 13:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/09 01:25:28 | 000,016,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2010/04/09 01:25:28 | 000,218,560 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2010/04/09 01:25:30 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/05/12 19:36:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010/05/12 19:36:55 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010/04/09 01:25:30 | 000,074,408 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/26 08:21:33 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\mzlqn.sys
[2010/03/04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/05/12 21:36:59 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users