Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google and Yahoo re-direct infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 Alec300

Alec300

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 17 October 2010 - 03:25 AM

Hello

Hoping someone can help me. The problem is frequent redirects from Google and Yahoo search results, plus redirects from internal links on webpages.

In an attempt to cure the problem I've done the following:

1. Used the Toshiba recovery disk to re-install Windows XP Professional (I have a Toshiba laptop)
2. Installed AVG, using the latest (2011).
3. Installed all Windows updates.
4. Installed Opera, IE8, Firefox, Chrome browsers.
5. Installed iTunes, xampp, and some other applications from disks.

The redirect problem is still present (I thought that re-installing the OS with a recovery disk would produce a clean system). So now have run out of ideas!

I've run the GMER but it freezes the computer at the end, so I have attached a screenshot of the log instead of a file.

Cheers
Alec


Here are the DDS.txt log contents:


DDS (Ver_10-10-10.03) - NTFSx86
Run by Alec_S at 16:20:58.29 on 15/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1897.1176 [GMT 1:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\igfxtray.exe
svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Alec_S\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ZoomText 9.0\Zt.exe
C:\Program Files\ZoomText 9.0\ZER.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Alec_S\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AhIeBho Class: {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - c:\program files\zoomtext 9.0\ahoi\ah_ie_bho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Google Update] "c:\documents and settings\alec_s\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TOSDCR] TOSDCR.EXE
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"
mRun: [UsbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"
mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"
mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TFNF5] TFNF5.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: TosBtNP - TosBtNP.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alec_s\applic~1\mozilla\firefox\profiles\y4t325qd.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\alec_s\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2008-10-9 42608]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-1-11 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2010-10-15 7296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2008-7-17 5888]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-10-9 49152]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-10-9 131072]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2008-7-17 114688]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2008-5-27 628072]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-4-30 4992]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-10-15 2058776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-7-17 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-17 41216]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2008-7-17 435072]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-15 488776]
S3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\drivers\toshscard.sys [2008-8-19 24232]
S3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\drivers\toshbus.sys [2008-8-19 300544]
S3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\drivers\toshcard.sys [2008-8-19 376960]
S3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\drivers\toshgps.sys [2008-8-19 72232]
S3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\drivers\toshmdfl.sys [2008-8-19 14976]
S3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\toshmdfl2.sys [2008-8-19 14976]
S3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\drivers\toshmdm.sys [2008-8-19 385536]
S3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\toshmdm2.sys [2008-8-19 430080]
S3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\toshnd5.sys [2008-8-19 25856]
S3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\toshunic.sys [2008-8-19 402816]

=============== Created Last 30 ================

2010-10-15 14:30:34 -------- d-sh--w- C:\AX NF ZZ
2010-10-15 14:23:19 -------- d-----w- c:\program files\VW
2010-10-15 14:23:09 69632 ----a-w- c:\windows\system32\Crypserv.exe
2010-10-15 14:23:09 31846 ----a-w- c:\windows\system32\Ckldrv.sys
2010-10-15 14:23:09 27648 ----a-r- c:\windows\Setup_ck.exe
2010-10-15 14:23:09 18432 ----a-w- c:\windows\Setup_ck.dll
2010-10-15 14:23:09 165888 ----a-w- c:\windows\Ckconfig.exe
2010-10-15 14:23:09 11776 ----a-w- c:\windows\Ckrfresh.exe
2010-10-15 14:23:07 57344 ----a-w- c:\windows\system32\dcmc0d0.dll
2010-10-15 14:21:33 -------- d-----w- c:\windows\Speech
2010-10-15 14:21:30 40448 ----a-w- c:\windows\system32\Ai2XOR.dll
2010-10-15 14:21:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-15 14:21:30 110592 ----a-w- c:\windows\system32\Zosf.dll
2010-10-15 13:35:05 -------- d---a-w- C:\xampp
2010-10-15 12:23:30 -------- d-----w- c:\program files\common files\Borland Shared
2010-10-15 12:21:37 -------- d-----w- c:\program files\Corel
2010-10-15 12:17:41 -------- d-----w- c:\windows\Corel
2010-10-15 11:38:27 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-15 11:38:27 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-15 11:38:06 -------- d-----w- c:\program files\iPod
2010-10-15 11:38:03 -------- d-----w- c:\program files\iTunes
2010-10-15 11:38:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-15 11:35:04 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Apple Computer
2010-10-15 11:11:00 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\WinZip
2010-10-15 11:02:29 -------- d-sh--w- c:\documents and settings\alec_s\IETldCache
2010-10-15 10:59:07 -------- d-----w- c:\windows\ie8updates
2010-10-15 10:58:24 -------- dc-h--w- c:\windows\ie8
2010-10-15 10:54:44 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-10-15 10:54:40 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-15 10:54:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-15 10:54:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-15 10:54:38 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-15 10:54:38 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-15 10:54:38 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-15 10:54:36 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-15 10:41:20 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Opera
2010-10-15 10:35:38 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Temp
2010-10-15 10:35:35 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Google
2010-10-15 10:34:57 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Deployment
2010-10-15 10:00:53 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-15 10:00:53 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-15 10:00:49 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-10-15 10:00:45 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-10-15 10:00:00 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-10-15 10:00:00 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-15 09:59:57 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 09:59:56 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 09:59:56 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 09:59:45 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-10-15 09:59:40 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-10-15 09:59:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-10-15 09:59:03 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-15 09:59:00 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-15 09:58:52 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-15 09:57:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-10-15 09:57:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-10-15 09:57:56 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-10-15 09:57:56 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-10-15 09:57:56 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-15 09:57:56 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-10-15 09:57:55 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-10-15 09:57:55 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-10-15 09:57:55 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-15 09:57:31 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-15 09:56:19 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-15 09:54:57 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-15 09:54:03 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-10-15 09:48:11 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-15 09:48:09 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-10-15 09:47:57 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-15 09:47:57 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-10-15 09:46:45 -------- d-----w- c:\windows\system32\PreInstall
2010-10-15 09:46:43 -------- d--h--w- c:\windows\$hf_mig$
2010-10-15 09:45:35 -------- d-----w- c:\docume~1\alec_s\applic~1\AVG10
2010-10-15 09:43:55 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-10-15 09:43:49 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-15 09:43:49 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-15 09:43:49 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-10-15 09:43:49 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-15 09:43:39 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-15 09:43:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-10-15 09:42:48 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-15 09:42:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-15 09:23:15 12536 ----a-w- c:\windows\system32\avgrsstx.dll.prepare
2010-10-15 09:23:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-15 09:18:21 -------- d--h--w- C:\$AVG
2010-10-15 09:17:57 -------- d-----w- c:\program files\AVG
2010-10-15 09:17:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-10-15 09:17:44 -------- d-----w- c:\windows\SxsCaPendDel
2010-10-15 08:52:56 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-15 08:49:49 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-10-15 08:24:56 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-10-15 08:24:15 -------- d-----w- c:\windows\Downloaded Installations
2010-10-15 08:23:47 40832 ----a-w- c:\windows\system32\drivers\HECI.sys
2010-10-15 08:23:46 989720 ----a-w- c:\windows\system32\heciudlg.exe
2010-10-15 08:23:44 1002008 ----a-w- c:\windows\system32\mesoludlg.exe
2010-10-15 08:23:44 -------- d-----w- c:\program files\common files\postureAgent
2010-10-15 08:22:36 -------- d-----w- c:\program files\common files\Intel
2010-10-15 08:22:22 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2010-10-15 08:22:21 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-15 08:22:16 -------- d-----w- c:\program files\common files\Toshiba Shared
2010-10-15 08:19:57 659456 ----a-w- c:\windows\system32\NETw5c32.dll
2010-10-15 08:19:57 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-10-15 08:19:57 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-10-15 08:09:58 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-15 08:09:56 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-10-15 08:09:53 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-10-15 08:09:53 -------- d-----w- c:\windows\system32\x64
2010-09-18 11:23:26 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 17:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 16:21:15.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 PM

Posted 27 October 2010 - 02:22 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Alec300

Alec300
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 27 October 2010 - 01:47 PM

Hello Elise

Thanks for responding and please don't apologise for any delays.

However, I have been doing some tinkering since my original post - to no avail!

The problem with my computer continues to be frequent redirects from Google search results (haven't checked Yahoo recently but it was doing the same) in various browswers, to either a real website (epoclick or shopping sites) or 'unable to find/open' IP addresses. Also sometimes when I am looking at a website, another (unrequested) website tab appears, which I just close.

The redirects do not happen every time - it seems to be at random. I am also concerned at what else might be happening beneath the surface, possibly intercepting passwords etc.

As requested, I have run the DDS again and have pasted in the log below, and attached the attach.txt file. I will then post this before sending another post with the next set of files you require, in case the posting is too big.


DDS (Ver_10-10-10.03) - NTFSx86
Run by Alec_S at 19:31:27.00 on 27/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1897.865 [GMT 1:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\Alec_S\Desktop\Virus Removal Tool\setup_9.0.0.722_27.10.2010_09-18\setup_9.0.0.722_27.10.2010_09-18.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Alec_S\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AhIeBho Class: {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - c:\program files\zoomtext 9.0\ahoi\ah_ie_bho.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: NuSphere ToolBar: {0f62d223-9206-4ea3-9ea8-d0f3c7c82aca} - c:\program files\nusphere\phped\NuSphereIEBar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\alec_s\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TOSDCR] TOSDCR.EXE
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"
mRun: [UsbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"
mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"
mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TFNF5] TFNF5.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alec_s\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alec_s\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\alec_s\desktop\virus removal

tool\setup_9.0.0.722_27.10.2010_09-18\startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: TosBtNP - TosBtNP.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alec_s\applic~1\mozilla\firefox\profiles\y4t325qd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://order.1and1.co.uk/xml/order/Home;jsessionid=AFEBCB27D6015C9C20025F8BA7AE66B4.TCpfix154b?

__reuse=1287659687674
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb82246&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 93844792;93844792 Boot Guard Driver;c:\windows\system32\drivers\93844792.sys [2010-10-27 37392]
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2008-10-9 42608]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-1-11 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R1 93844791;93844791;c:\windows\system32\drivers\93844791.sys [2010-10-27 128016]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2010-10-15 7296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 setup_9.0.0.722_27.10.2010_09-18drv;setup_9.0.0.722_27.10.2010_09-18drv;c:\windows\system32\drivers\9384479.sys [2010-10-27 315408]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2008-7-17 5888]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-15 29416]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-10-9 49152]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-10-9 131072]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2008-7-17 114688]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2008-5-27 628072]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-4-30 4992]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-10-15 2058776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-7-17 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-17 41216]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2008-7-17 435072]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-15 517448]
S3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\drivers\toshscard.sys [2008-8-19 24232]
S3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\drivers\toshbus.sys [2008-8-19 300544]
S3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\drivers\toshcard.sys [2008-8-19 376960]
S3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\drivers\toshgps.sys [2008-8-19 72232]
S3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\drivers\toshmdfl.sys [2008-8-19 14976]
S3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\toshmdfl2.sys [2008-8-19 14976]
S3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\drivers\toshmdm.sys [2008-8-19 385536]
S3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\toshmdm2.sys [2008-8-19 430080]
S3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\toshnd5.sys [2008-8-19 25856]
S3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\toshunic.sys [2008-8-19 402816]

=============== Created Last 30 ================

2010-10-27 08:06:05 -------- d--h--w- c:\windows\PIF
2010-10-27 06:52:50 37392 ----a-w- c:\windows\system32\drivers\93844792.sys
2010-10-27 06:52:50 315408 ----a-w- c:\windows\system32\drivers\9384479.sys
2010-10-27 06:52:50 128016 ----a-w- c:\windows\system32\drivers\93844791.sys
2010-10-26 18:57:23 -------- d-----w- c:\program files\FTP Navigator
2010-10-25 08:18:37 -------- d-sh--w- c:\documents and settings\alec_s\IECompatCache
2010-10-22 16:05:25 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\AVG Security Toolbar
2010-10-21 12:59:49 -------- d-----w- c:\windows\system32\appmgmt
2010-10-21 09:27:49 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-21 09:27:49 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-21 09:27:49 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-10-20 06:50:16 -------- d-----w- c:\docume~1\alec_s\applic~1\NuSphere
2010-10-20 06:49:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\PHP
2010-10-20 06:48:40 297984 ----a-w- c:\windows\system32\midas.dll
2010-10-20 06:48:26 -------- d-----w- c:\windows\system32\phpED
2010-10-20 06:48:26 -------- d-----w- c:\program files\NuSphere
2010-10-16 18:46:41 -------- d-----w- c:\docume~1\alec_s\applic~1\ABIG
2010-10-15 15:34:37 -------- d-sh--w- c:\documents and settings\alec_s\PrivacIE
2010-10-15 14:30:34 -------- d-sh--w- C:\AX NF ZZ
2010-10-15 14:23:19 -------- d-----w- c:\program files\VW
2010-10-15 14:23:09 69632 ----a-w- c:\windows\system32\Crypserv.exe
2010-10-15 14:23:09 31846 ----a-w- c:\windows\system32\Ckldrv.sys
2010-10-15 14:23:09 27648 ----a-r- c:\windows\Setup_ck.exe
2010-10-15 14:23:09 18432 ----a-w- c:\windows\Setup_ck.dll
2010-10-15 14:23:09 165888 ----a-w- c:\windows\Ckconfig.exe
2010-10-15 14:23:09 11776 ----a-w- c:\windows\Ckrfresh.exe
2010-10-15 14:23:07 57344 ----a-w- c:\windows\system32\dcmc0d0.dll
2010-10-15 14:21:33 -------- d-----w- c:\windows\Speech
2010-10-15 14:21:30 40448 ----a-w- c:\windows\system32\Ai2XOR.dll
2010-10-15 14:21:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-15 14:21:30 110592 ----a-w- c:\windows\system32\Zosf.dll
2010-10-15 13:35:05 -------- d---a-w- C:\xampp
2010-10-15 12:23:30 -------- d-----w- c:\program files\common files\Borland Shared
2010-10-15 12:21:37 -------- d-----w- c:\program files\Corel
2010-10-15 12:17:41 -------- d-----w- c:\windows\Corel
2010-10-15 11:38:27 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-15 11:38:27 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-15 11:38:06 -------- d-----w- c:\program files\iPod
2010-10-15 11:38:03 -------- d-----w- c:\program files\iTunes
2010-10-15 11:38:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-15 11:35:04 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Apple Computer
2010-10-15 11:11:00 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\WinZip
2010-10-15 11:02:29 -------- d-sh--w- c:\documents and settings\alec_s\IETldCache
2010-10-15 10:59:07 -------- d-----w- c:\windows\ie8updates
2010-10-15 10:58:24 -------- dc-h--w- c:\windows\ie8
2010-10-15 10:54:44 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-10-15 10:54:40 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-15 10:54:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-15 10:54:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-15 10:54:38 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-15 10:54:38 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-15 10:54:38 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-15 10:54:36 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-15 10:41:20 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Opera
2010-10-15 10:35:38 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Temp
2010-10-15 10:35:35 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Google
2010-10-15 10:34:57 -------- d-----w- c:\docume~1\alec_s\locals~1\applic~1\Deployment
2010-10-15 10:00:53 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-15 10:00:53 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-15 10:00:49 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-10-15 10:00:45 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-10-15 10:00:00 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-10-15 10:00:00 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-15 09:59:57 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 09:59:56 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 09:59:56 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 09:59:45 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-10-15 09:59:40 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-10-15 09:59:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-10-15 09:59:03 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-15 09:59:00 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-15 09:58:52 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-15 09:57:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-10-15 09:57:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-10-15 09:57:56 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-10-15 09:57:56 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-10-15 09:57:56 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-15 09:57:56 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-10-15 09:57:55 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-10-15 09:57:55 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-10-15 09:57:55 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-15 09:57:31 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-15 09:56:19 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-15 09:54:57 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-15 09:54:03 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-10-15 09:48:11 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-15 09:48:09 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-10-15 09:47:57 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-15 09:47:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-10-15 09:46:45 -------- d-----w- c:\windows\system32\PreInstall
2010-10-15 09:46:43 -------- d--h--w- c:\windows\$hf_mig$
2010-10-15 09:45:35 -------- d-----w- c:\docume~1\alec_s\applic~1\AVG10
2010-10-15 09:43:55 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-10-15 09:43:49 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-15 09:43:49 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-15 09:43:49 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-10-15 09:43:49 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-15 09:43:39 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-15 09:43:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-10-15 09:42:48 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-15 09:42:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-15 09:23:15 12536 ----a-w- c:\windows\system32\avgrsstx.dll.prepare
2010-10-15 09:23:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-15 09:18:21 -------- d--h--w- C:\$AVG
2010-10-15 09:17:57 -------- d-----w- c:\program files\AVG
2010-10-15 09:17:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-10-15 09:17:44 -------- d-----w- c:\windows\SxsCaPendDel
2010-10-15 08:52:56 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-15 08:49:49 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-10-15 08:24:56 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-10-15 08:24:15 -------- d-----w- c:\windows\Downloaded Installations
2010-10-15 08:23:47 40832 ----a-w- c:\windows\system32\drivers\HECI.sys
2010-10-15 08:23:46 989720 ----a-w- c:\windows\system32\heciudlg.exe
2010-10-15 08:23:44 1002008 ----a-w- c:\windows\system32\mesoludlg.exe
2010-10-15 08:23:44 -------- d-----w- c:\program files\common files\postureAgent
2010-10-15 08:22:36 -------- d-----w- c:\program files\common files\Intel
2010-10-15 08:22:22 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2010-10-15 08:22:21 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-15 08:22:16 -------- d-----w- c:\program files\common files\Toshiba Shared
2010-10-15 08:19:57 659456 ----a-w- c:\windows\system32\NETw5c32.dll
2010-10-15 08:19:57 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-10-15 08:19:57 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-10-15 08:09:58 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-15 08:09:56 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-10-15 08:09:53 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-10-15 08:09:53 -------- d-----w- c:\windows\system32\x64

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 19:32:35.18 ===============

Attached Files



#4 Alec300

Alec300
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 27 October 2010 - 01:49 PM

Hello again

Here is the OTL file, then the extras.txt file:

OTL logfile created on: 27/10/2010 19:36:11 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Alec_S\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 129.85 Gb Free Space | 87.12% Space Free | Partition Type: NTFS

Computer Name: ALEC | User Name: Alec_S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/27 19:35:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec_S\Desktop\OTL.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/08 14:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:40 | 001,090,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgscanx.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/10/01 14:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Alec_S\Desktop\Virus Removal Tool\setup_9.0.0.722_27.10.2010_09-18\setup_9.0.0.722_27.10.2010_09-18.exe
PRC - [2008/09/03 16:20:14 | 003,152,384 | ---- | M] (Arachnoid Biometrics Identification Group) -- C:\Program Files\TrueSuite Access Manager\PwdBank.exe
PRC - [2008/09/03 13:47:00 | 000,712,704 | ---- | M] (AuthenTec, Inc) -- C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
PRC - [2008/09/03 13:47:00 | 000,131,072 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\WINDOWS\system32\TAMSvr.exe
PRC - [2008/07/25 15:41:56 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
PRC - [2008/06/04 19:44:18 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/06/04 17:06:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/05/27 13:12:44 | 000,451,944 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
PRC - [2008/05/27 13:12:18 | 000,628,072 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
PRC - [2008/05/19 11:20:04 | 000,086,016 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2008/05/05 15:19:16 | 000,552,312 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2008/04/29 14:45:54 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/04/29 14:45:52 | 000,367,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2008/04/29 14:45:50 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/11/15 10:58:48 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/11/15 10:58:32 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/10/05 10:08:10 | 000,172,032 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2007/09/28 16:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/08/09 19:48:08 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/04/10 18:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/16 12:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/03/06 17:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2006/03/06 17:30:04 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMEEJME.exe
PRC - [2006/01/29 00:35:10 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2006/01/13 11:42:54 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/17 15:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [1996/11/17 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/27 19:35:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec_S\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2008/09/03 13:47:00 | 000,131,072 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\WINDOWS\system32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008/06/04 17:06:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/27 13:12:18 | 000,628,072 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2008/05/05 15:19:16 | 000,552,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2008/04/29 14:45:54 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/04/29 14:45:50 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/04/11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/03/06 17:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2006/01/29 00:35:10 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2005/01/17 15:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\93844792.sys -- (93844792)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\9384479.sys -- (setup_9.0.0.722_27.10.2010_09-18drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\93844791.sys -- (93844791)
DRV - [2008/08/14 09:52:00 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/07/25 15:41:36 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/07/23 22:12:14 | 000,072,232 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshgps.sys -- (toshgps)
DRV - [2008/07/08 19:04:10 | 000,402,816 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshunic.sys -- (toshunic) Toshiba F3507g Mobile Broadband Network Adapter (WDM)
DRV - [2008/07/08 19:04:08 | 000,430,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshmdm2.sys -- (toshmdm2)
DRV - [2008/07/08 19:04:08 | 000,385,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshmdm.sys -- (toshmdm)
DRV - [2008/07/08 19:04:08 | 000,376,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshcard.sys -- (toshcard)
DRV - [2008/07/08 19:04:08 | 000,300,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshbus.sys -- (toshbus) Toshiba F3507g Mobile Broadband Device driver (WDM)
DRV - [2008/07/08 19:04:08 | 000,025,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshnd5.sys -- (toshnd5) Toshiba F3507g Mobile Broadband Network Adapter (NDIS)
DRV - [2008/07/08 19:04:08 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshmdfl2.sys -- (toshmdfl2)
DRV - [2008/07/08 19:04:08 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshmdfl.sys -- (toshmdfl)
DRV - [2008/07/02 10:18:18 | 000,024,232 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshscard.sys -- (Sony_EricssonWWSC)
DRV - [2008/06/04 16:32:58 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/21 11:48:46 | 006,018,464 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/04/30 21:09:24 | 000,004,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2008/04/28 05:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/09 17:01:16 | 004,703,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/27 10:42:00 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/03/26 13:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/11 22:58:00 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/12/24 08:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/04 10:14:00 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 06:59:12 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/05/03 17:08:50 | 000,007,296 | ---- | M] (Ai Squared ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Ai2sXP.sys -- (Ai2sXP)
DRV - [2006/01/10 03:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 20:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/01/29 13:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4051365748-607487856-1633239843-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-4051365748-607487856-1633239843-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4051365748-607487856-1633239843-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "https://order.1and1.co.uk/xml/order/Home;jsessionid=AFEBCB27D6015C9C20025F8BA7AE66B4.TCpfix154b?__reuse=1287659687674"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb82246&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/26 09:11:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 16:25:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/15 12:37:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 07:53:01 | 000,000,000 | ---D | M]

[2010/10/15 11:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alec_S\Application Data\Mozilla\Extensions
[2010/10/26 10:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alec_S\Application Data\Mozilla\Firefox\Profiles\y4t325qd.default\extensions
[2010/10/26 10:24:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alec_S\Application Data\Mozilla\Firefox\Profiles\y4t325qd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 11:45:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AhIeBho Class) - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.0\ahoi\ah_ie_bho.dll (Ai Squared )
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (NuSphere ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4051365748-607487856-1633239843-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPCHWMsg] C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKU\S-1-5-21-4051365748-607487856-1633239843-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-4051365748-607487856-1633239843-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\Alec_S\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Alec_S\Start Menu\Programs\Startup\setup_9.0.0.722_27.10.2010_09-18.lnk = C:\Documents and Settings\Alec_S\Desktop\Virus Removal Tool\setup_9.0.0.722_27.10.2010_09-18\startup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4051365748-607487856-1633239843-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.19 213.109.73.6 1.1.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Alec_S\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alec_S\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/17 12:20:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{25a76b50-d9f8-11df-a12e-001e6541081e}\Shell\AutoRun\command - "" = CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
O33 - MountPoints2\{25a76b50-d9f8-11df-a12e-001e6541081e}\Shell\open\command - "" = CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
O33 - MountPoints2\{25a76b51-d9f8-11df-a12e-001e6541081e}\Shell\AutoRun\command - "" = CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
O33 - MountPoints2\{25a76b51-d9f8-11df-a12e-001e6541081e}\Shell\open\command - "" = CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 19:35:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alec_S\Desktop\OTL.exe
[2010/10/27 09:06:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/10/27 07:52:50 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\9384479.sys
[2010/10/27 07:52:50 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\93844791.sys
[2010/10/27 07:52:50 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\93844792.sys
[2010/10/27 07:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Desktop\Virus Removal Tool
[2010/10/26 19:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\FTP Navigator
[2010/10/26 09:10:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/25 09:18:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Alec_S\IECompatCache
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/10/23 08:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/10/22 17:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\AVG Security Toolbar
[2010/10/21 13:59:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/10/21 09:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/21 07:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/20 07:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\NuSphere
[2010/10/20 07:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PHP
[2010/10/20 07:48:40 | 000,297,984 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\midas.dll
[2010/10/20 07:48:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\phpED
[2010/10/20 07:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\NuSphere
[2010/10/19 21:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/10/19 15:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/18 08:31:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/10/18 08:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/10/18 08:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/10/18 08:31:02 | 000,000,000 | ---D | C] -- C:\8a096e1bdd00fbcbd2fbae
[2010/10/17 21:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/10/17 21:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/16 19:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\ABIG
[2010/10/16 11:12:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/16 08:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Desktop\gmer
[2010/10/15 16:34:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Alec_S\PrivacIE
[2010/10/15 15:30:34 | 000,000,000 | -HSD | C] -- C:\AX NF ZZ
[2010/10/15 15:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\VW
[2010/10/15 15:23:09 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2010/10/15 15:23:09 | 000,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
[2010/10/15 15:22:56 | 000,057,344 | ---- | C] (Ai Squared ) -- C:\WINDOWS\System32\Zx7Uninstall.dll
[2010/10/15 15:22:56 | 000,057,344 | ---- | C] (Ai Squared ) -- C:\WINDOWS\System32\BSUninstall.dll
[2010/10/15 15:22:56 | 000,053,248 | ---- | C] (Freedom Scientific, Inc.) -- C:\WINDOWS\System32\bypass_jfwvid.dll
[2010/10/15 15:22:38 | 000,054,400 | ---- | C] (Ai Squared ) -- C:\WINDOWS\System32\Ai2dXP.dll
[2010/10/15 15:22:38 | 000,015,232 | ---- | C] (Ai Squared ) -- C:\WINDOWS\System32\Ai2Ldr.dll
[2010/10/15 15:22:38 | 000,007,296 | ---- | C] (Ai Squared ) -- C:\WINDOWS\System32\drivers\Ai2sXP.sys
[2010/10/15 15:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\ZoomText 9.0
[2010/10/15 15:21:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Speech
[2010/10/15 15:21:30 | 000,110,592 | ---- | C] (Ai Squared ) -- C:\WINDOWS\System32\Zosf.dll
[2010/10/15 15:21:30 | 000,040,448 | ---- | C] (Ai Squared ) -- C:\WINDOWS\System32\Ai2XOR.dll
[2010/10/15 15:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\On-line info
[2010/10/15 15:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\Transition Town
[2010/10/15 15:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\Smarty examples
[2010/10/15 15:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\SMART Notebook
[2010/10/15 15:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\Server files
[2010/10/15 15:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\Route 70 source code
[2010/10/15 14:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\my web databases
[2010/10/15 14:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\compare product e-eagle-eye files
[2010/10/15 14:35:05 | 000,000,000 | ---D | C] -- C:\xampp
[2010/10/15 13:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\PdxPriv
[2010/10/15 13:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\Corel
[2010/10/15 13:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2010/10/15 13:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/10/15 13:17:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Corel
[2010/10/15 12:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\Apple Computer
[2010/10/15 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/15 12:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/15 12:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/15 12:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/15 12:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/10/15 12:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Apple
[2010/10/15 12:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/10/15 12:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/15 12:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/10/15 12:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/10/15 12:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Apple Computer
[2010/10/15 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\WinZip
[2010/10/15 12:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/15 12:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/10/15 12:08:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/15 12:02:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Alec_S\IETldCache
[2010/10/15 11:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/10/15 11:58:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/10/15 11:58:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/10/15 11:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Mozilla
[2010/10/15 11:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\Mozilla
[2010/10/15 11:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/15 11:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Opera
[2010/10/15 11:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\Opera
[2010/10/15 11:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/10/15 11:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\My Documents\Downloads
[2010/10/15 11:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\Macromedia
[2010/10/15 11:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Temp
[2010/10/15 11:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Google
[2010/10/15 11:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Deployment
[2010/10/15 10:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/10/15 10:46:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/10/15 10:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\AVG10
[2010/10/15 10:43:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/15 10:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/15 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/15 10:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/10/15 10:23:15 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.prepare
[2010/10/15 10:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/15 10:18:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/15 10:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/15 10:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/15 10:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/10/15 09:52:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/15 09:24:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/10/15 09:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2010/10/15 09:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/10/15 09:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2010/10/15 09:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared
[2010/10/15 09:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Nethood
[2010/10/15 09:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\InstallShield
[2010/10/15 09:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\Identities
[2010/10/15 09:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\Adobe
[2010/10/15 09:21:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Alec_S\Application Data\Microsoft
[2010/10/15 09:21:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alec_S\SendTo
[2010/10/15 09:21:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alec_S\Recent
[2010/10/15 09:21:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alec_S\Application Data
[2010/10/15 09:21:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Alec_S\Start Menu
[2010/10/15 09:21:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Alec_S\My Documents\My Pictures
[2010/10/15 09:21:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Alec_S\My Documents\My Music
[2010/10/15 09:21:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Alec_S\My Documents
[2010/10/15 09:21:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Alec_S\Favorites
[2010/10/15 09:21:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Alec_S\Cookies
[2010/10/15 09:21:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Alec_S\Templates
[2010/10/15 09:21:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Alec_S\PrintHood
[2010/10/15 09:21:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Alec_S\Local Settings
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Utility
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\toshiba
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Application Data\Sun
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Seven Zip
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Pointing
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Player
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\pad
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\On-Off
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Microsoft Help
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Microsoft
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Device
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Desktop
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\ApplicationHistory
[2010/10/15 09:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alec_S\Local Settings\Application Data\Adobe
[2010/10/15 09:09:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\x64
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/27 19:35:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec_S\Desktop\OTL.exe
[2010/10/27 19:25:06 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4051365748-607487856-1633239843-1005UA.job
[2010/10/27 19:12:28 | 000,441,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/27 19:12:28 | 000,071,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/27 19:12:03 | 097,810,124 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/27 19:09:39 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/27 19:09:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/27 19:07:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/10/27 19:07:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/27 19:07:04 | 1989,332,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 09:25:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4051365748-607487856-1633239843-1005Core.job
[2010/10/27 09:24:27 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Alec_S\Desktop\Google Chrome.lnk
[2010/10/27 09:24:27 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/27 07:54:00 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Alec_S\Start Menu\Programs\Startup\setup_9.0.0.722_27.10.2010_09-18.lnk
[2010/10/26 21:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/26 17:32:16 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/10/26 17:27:36 | 000,002,503 | ---- | M] () -- C:\Documents and Settings\Alec_S\Desktop\Paradox 10.lnk
[2010/10/26 09:11:14 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/24 19:42:56 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/23 12:09:30 | 000,388,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/21 20:59:15 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Alec_S\My Documents\lanyard pic.doc
[2010/10/21 07:53:01 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/20 20:06:00 | 000,007,680 | ---- | M] () -- C:\WINDOWS\Alec_S.pcb
[2010/10/20 19:45:43 | 000,035,262 | ---- | M] () -- C:\WINDOWS\Alec_S.acl
[2010/10/20 19:33:08 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Alec_S\Start Menu\Programs\Startup\Office Startup.lnk
[2010/10/20 07:48:43 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NuSphere PhpED.lnk
[2010/10/19 15:35:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/15 20:50:00 | 000,285,230 | ---- | M] () -- C:\Documents and Settings\Alec_S\Desktop\gmer.zip
[2010/10/15 18:05:50 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Alec_S\My Documents\gmer.exe
[2010/10/15 16:15:32 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Alec_S\Desktop\dds.scr
[2010/10/15 15:53:48 | 000,002,240 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2010/10/15 15:33:28 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\Alec_S\Desktop\Shortcut to on-line info.lnk
[2010/10/15 15:33:09 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Alec_S\Desktop\Windows Explorer.lnk
[2010/10/15 15:30:56 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomText 9.0.lnk
[2010/10/15 15:26:54 | 000,002,240 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2010/10/15 15:26:54 | 000,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
[2010/10/15 15:23:48 | 000,000,090 | ---- | M] () -- C:\WINDOWS\TestSupp.ini
[2010/10/15 15:23:12 | 000,000,046 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2010/10/15 14:37:37 | 000,001,404 | ---- | M] () -- C:\Documents and Settings\Alec_S\Desktop\XAMPP Control Panel.lnk
[2010/10/15 12:37:43 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/15 12:10:47 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/10/15 12:10:47 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/10/15 12:02:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/15 11:45:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/10/15 11:45:20 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/15 11:45:20 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/15 11:41:14 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/15 11:41:14 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/10/15 11:32:46 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/10/15 10:23:15 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.prepare
[2010/10/15 09:25:29 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Alec_S\Desktop\Windows Media Player.lnk
[2010/10/15 09:22:16 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TOSHIBA DVD PLAYER.lnk
[2010/10/15 09:21:17 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\System32\drivers\TOSHIBA_TECRA M10_08385-EN_PTMB1E-02Y00.MRK
[2010/10/15 09:20:09 | 000,000,317 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/15 09:19:55 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TPM (Trusted Platform Module) Installation Guide.lnk
[2010/10/15 09:19:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 3.job
[2010/10/15 09:19:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 2.job
[2010/10/15 09:19:52 | 000,000,226 | RHS- | M] () -- C:\boot.ini
[2010/10/15 09:14:41 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 19:12:03 | 097,810,124 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/27 09:24:27 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Alec_S\Desktop\Google Chrome.lnk
[2010/10/27 09:24:27 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/27 09:20:48 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4051365748-607487856-1633239843-1005UA.job
[2010/10/27 09:20:48 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4051365748-607487856-1633239843-1005Core.job
[2010/10/27 07:54:00 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Alec_S\Start Menu\Programs\Startup\setup_9.0.0.722_27.10.2010_09-18.lnk
[2010/10/23 08:41:05 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/10/21 20:55:16 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\lanyard pic.doc
[2010/10/21 07:53:01 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/20 20:06:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\Alec_S.pcb
[2010/10/20 19:45:43 | 000,035,262 | ---- | C] () -- C:\WINDOWS\Alec_S.acl
[2010/10/20 19:33:08 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Alec_S\Start Menu\Programs\Startup\Office Startup.lnk
[2010/10/20 07:48:43 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NuSphere PhpED.lnk
[2010/10/20 07:48:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Alec_S\.cvspass
[2010/10/17 21:12:09 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/15 20:50:00 | 000,285,230 | ---- | C] () -- C:\Documents and Settings\Alec_S\Desktop\gmer.zip
[2010/10/15 18:05:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\gmer.exe
[2010/10/15 16:15:23 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Alec_S\Desktop\dds.scr
[2010/10/15 15:33:28 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\Alec_S\Desktop\Shortcut to on-line info.lnk
[2010/10/15 15:30:55 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomText 9.0.lnk
[2010/10/15 15:26:26 | 000,002,240 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2010/10/15 15:26:26 | 000,002,240 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2010/10/15 15:26:26 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/10/15 15:23:12 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/10/15 15:23:09 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/10/15 15:23:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/10/15 15:23:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/10/15 15:23:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/10/15 15:22:56 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2010/10/15 15:22:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\ai2drv.dat
[2010/10/15 15:21:31 | 000,000,090 | ---- | C] () -- C:\WINDOWS\TestSupp.ini
[2010/10/15 15:01:28 | 000,293,282 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\SOT Cycling Training Instructors job descrip.pdf
[2010/10/15 15:01:28 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\SOT cycle instructor job application_xxx_additional info.doc
[2010/10/15 15:01:28 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\SOT cycle instructor job application_xxx_cover letter.doc
[2010/10/15 15:01:27 | 000,559,104 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\SOT cycle instructor job application_xxx.doc
[2010/10/15 15:01:21 | 010,355,921 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\PPC3-Superaffiliate-Secrets-Report.pdf
[2010/10/15 15:01:21 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Paul Austen Associates details.doc
[2010/10/15 15:01:20 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\ALEC-CV 1998.doc
[2010/10/15 15:01:20 | 000,065,580 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\insurance_table_alec.html
[2010/10/15 15:01:20 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\insurance_table_alec.doc
[2010/10/15 15:01:20 | 000,056,895 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\NI exemption form.pdf
[2010/10/15 15:01:20 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Packing Slip slik tripod.doc
[2010/10/15 15:01:20 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Packing Slip drum base.doc
[2010/10/15 15:01:20 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Packing Slip drier.doc
[2010/10/15 15:01:20 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Packing Slip camera backpack.doc
[2010/10/15 15:01:20 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Packing Slip devel tank.doc
[2010/10/15 15:01:20 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Billington family tree.xls
[2010/10/15 15:01:20 | 000,021,572 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\DMC-LX3 review.html
[2010/10/15 15:01:20 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Packing Slip small tripod.doc
[2010/10/15 15:01:20 | 000,019,022 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\DMC-LX3 review.odt
[2010/10/15 15:01:20 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\bike_info_record.doc
[2010/10/15 15:01:20 | 000,008,637 | ---- | C] () -- C:\Documents and Settings\Alec_S\My Documents\Cheshire cycleway help.odt
[2010/10/15 14:36:55 | 000,001,404 | ---- | C] () -- C:\Documents and Settings\Alec_S\Desktop\XAMPP Control Panel.lnk
[2010/10/15 13:31:20 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET
[2010/10/15 13:30:43 | 000,002,503 | ---- | C] () -- C:\Documents and Settings\Alec_S\Desktop\Paradox 10.lnk
[2010/10/15 12:38:29 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/15 12:37:43 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/15 12:37:26 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/15 12:18:04 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Alec_S\Desktop\Windows Explorer.lnk
[2010/10/15 12:10:47 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/10/15 12:10:47 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/10/15 11:45:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/15 11:45:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/15 11:45:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/15 11:41:14 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/15 11:41:14 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/10/15 11:32:45 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/10/15 10:43:26 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/15 09:25:44 | 1989,332,992 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/15 09:25:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Alec_S\Desktop\Windows Media Player.lnk
[2010/10/15 09:22:16 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TOSHIBA DVD PLAYER.lnk
[2010/10/15 09:21:17 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\drivers\TOSHIBA_TECRA M10_08385-EN_PTMB1E-02Y00.MRK
[2010/10/15 09:21:04 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/15 09:21:04 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Alec_S\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/10/15 09:19:55 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TPM (Trusted Platform Module) Installation Guide.lnk
[2010/10/15 09:19:52 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 3.job
[2010/10/15 09:19:51 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 2.job
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/07/17 14:13:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/17 14:00:52 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2008/07/17 13:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2008/07/17 13:32:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2008/07/17 13:22:09 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/07/17 13:22:09 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/07/17 13:22:08 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/07/17 13:22:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/07/17 13:16:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/17 13:08:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2008/07/17 13:07:17 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008/07/17 13:06:56 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/10/15 16:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2010/10/16 19:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alec_S\Application Data\ABIG
[2010/10/15 10:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alec_S\Application Data\AVG10
[2010/10/20 07:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alec_S\Application Data\NuSphere
[2010/10/15 11:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alec_S\Application Data\Opera
[2010/10/20 21:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alec_S\Application Data\toshiba
[2010/10/15 17:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/22 16:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/15 10:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/15 10:43:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/15 10:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/20 07:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PHP
[2010/10/15 09:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2010/10/15 12:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/15 16:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/10/15 12:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/15 16:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2010/10/27 19:07:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/10/15 09:19:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2010/10/15 09:19:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 27/10/2010 19:36:11 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Alec_S\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 129.85 Gb Free Space | 87.12% Space Free | Partition Type: NTFS

Computer Name: ALEC | User Name: Alec_S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-4051365748-607487856-1633239843-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ZoomText 9.0\Zt.exe" = C:\Program Files\ZoomText 9.0\Zt.exe:LocalSubNet:Enabled:ZoomText 9.0 -- (Ai Squared )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe" = C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"C:\Program Files\ZoomText 9.0\Zt.exe" = C:\Program Files\ZoomText 9.0\Zt.exe:LocalSubNet:Enabled:ZoomText 9.0 -- (Ai Squared )
"C:\Program Files\NuSphere\PhpED\php\php.exe" = C:\Program Files\NuSphere\PhpED\php\php.exe:*:Enabled:php4-cgi -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php\php-cli.exe" = C:\Program Files\NuSphere\PhpED\php\php-cli.exe:*:Enabled:php4-cli -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe" = C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe:*:Enabled:php5-cgi -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php5\php.exe" = C:\Program Files\NuSphere\PhpED\php5\php.exe:*:Enabled:php5-cli -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe" = C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe:*:Enabled:php53-cgi -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php53\php.exe" = C:\Program Files\NuSphere\PhpED\php53\php.exe:*:Enabled:php53-cli -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\Srv.exe" = C:\Program Files\NuSphere\PhpED\Srv.exe:*:Enabled:NuSphere PhpED SRV web server -- (NuSphere Corp.)
"C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe" = C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe:*:Enabled:NuSphere PhpED Dbg Listener -- (NuSphere Corp., http://www.nusphere.com/)
"C:\Program Files\NuSphere\PhpED\phped.exe" = C:\Program Files\NuSphere\PhpED\phped.exe:*:Enabled:NuSphere PhpED Embedded browser -- (NuSphere Corp.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{068B2432-7CF2-449C-97A6-95E16E7F4880}" = OZ776 SCR Driver V1.1.4.202
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24BEE00C-0DE6-443E-8C3C-00A199B1DCDD}" = ZoomText 9.0
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{4EB34322-B940-46EB-810E-68E71A819269}" = AVG 2011
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{7F3B0E97-447F-4199-84E3-7745BAA2E497}" = TOSHIBA Cooling Performance Diagnostic Tool
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F73E7B59-F951-11D4-884D-00902761A46D}" = WordPerfect Office 2002 Professional
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"CSELITE65_is1" = CSE HTML Validator Lite v6.52
"FTP Navigator" = FTP Navigator
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"ie8" = Windows Internet Explorer 8
"InstallShield_{068B2432-7CF2-449C-97A6-95E16E7F4880}" = OZ776 SCR Driver V1.1.4.202
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{7F3B0E97-447F-4199-84E3-7745BAA2E497}" = TOSHIBA Cooling Performance Diagnostic Tool
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Embedded Browser_is1" = Mozilla Embedded Browser version 3.5
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NuSphere PhpED_is1" = NuSphere PhpED version 5.9.5
"Office8.0" = Microsoft Office 97, Professional Edition
"PHP Documentor_is1" = Php Documentor version 1.4.2 for NuSphere PhpED
"PHP_is1" = php-4.4.9 for NuSphere PhpED
"PHP5_is1" = php-5.2.14 for NuSphere PhpED
"PHP53_is1" = php-5.3.3 for NuSphere PhpED
"POLYSTYLE_is1" = Polystyle 2.0zo (trial) for NuSphere PhpED
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® Network Connections Drivers
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME" = Uninstall for TOSHIBA Mobile Extension3
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4051365748-607487856-1633239843-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/10/2010 04:01:36 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 26/10/2010 05:07:17 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 26/10/2010 06:05:05 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 26/10/2010 06:40:00 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 26/10/2010 08:10:01 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 26/10/2010 11:29:03 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 26/10/2010 11:50:06 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 26/10/2010 14:54:39 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 27/10/2010 02:23:19 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

Error - 27/10/2010 14:08:01 | Computer Name = ALEC | Source = COM | ID = 10023
Description = The application-specific access security descriptor for the COM Server
application c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe is invalid.
It contains Access Control Entries with permissions that are invalid. The requested
action was therefore not performed. The application set this security permission
programmatically; to modify this security permission contact the application vendor.

[ System Events ]
Error - 24/10/2010 13:35:49 | Computer Name = ALEC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 25/10/2010 04:10:58 | Computer Name = ALEC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001E6541081E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/10/2010 04:12:00 | Computer Name = ALEC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 25/10/2010 05:37:42 | Computer Name = ALEC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 25/10/2010 05:52:21 | Computer Name = ALEC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 25/10/2010 15:31:05 | Computer Name = ALEC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001E6541081E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/10/2010 15:32:16 | Computer Name = ALEC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 26/10/2010 04:02:26 | Computer Name = ALEC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 26/10/2010 04:03:27 | Computer Name = ALEC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001E6541081E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 26/10/2010 05:07:47 | Computer Name = ALEC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde


< End of report >

Edited by elise025, 15 November 2010 - 04:50 AM.


#5 Alec300

Alec300
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 27 October 2010 - 01:55 PM

And finally, here is the RKU log:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9631000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6021120 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA7DA9000 C:\WINDOWS\system32\DRIVERS\93844791.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0xA8843000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4870144 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB921D000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3629056 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xBF27F000 C:\WINDOWS\System32\igxpdx32.DLL 3174400 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF073000 C:\WINDOWS\System32\igxpdv32.DLL 2146304 bytes (Intel Corporation, Component GHAL Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA8698000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0xA7C63000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 843776 bytes
0xB9E1F000 iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D49000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8350000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA87B4000 C:\WINDOWS\system32\DRIVERS\TEchoCan.sys 438272 bytes (TOSHIBA Corporation, TOSHIBA Echo Cancel Filter Driver)
0xB8FB0000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA84A3000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7335000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB9192000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xA8557000 C:\WINDOWS\system32\DRIVERS\9384479.sys 331776 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wnet_x86])
0xA845B000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9CD9000 tos_sps32.sys 274432 bytes (TOSHIBA Corporation, tos_sps2)
0xA63BC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB95DF000 C:\WINDOWS\system32\DRIVERS\e1y5132.sys 253952 bytes (Intel Corporation, Intel® Gigabit Network Connection NDIS 5.1 deserialized driver)
0xA8314000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB9036000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA756D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D1C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF028000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA6058000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA83C0000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA6C55000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB9593000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA840D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8435000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA881F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB95BB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA82F1000 C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys 143360 bytes (AuthenTec, Inc., Slide Fingerprint USB Driver)
0xB912E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA83EB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA7A37000 C:\WINDOWS\system32\DRIVERS\trudf.sys 135168 bytes (TOSHIBA Corporation, TOSHIBA Direct Disc Writer - DVD-RAM UDF File System Driver)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DFF000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB9CBF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA7A69000 C:\WINDOWS\system32\DRIVERS\tdudf.sys 106496 bytes (TOSHIBA Corporation, TOSHIBA Direct Disc Writer - File System Driver)
0xB9179000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 102400 bytes (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0xB9DD6000 C:\WINDOWS\system32\Drivers\ksecdd.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9077000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7702000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB91E4000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB9209000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB961D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA84FC000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF016000 C:\WINDOWS\System32\dcmc0d0.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xBF053000 C:\WINDOWS\System32\dcmkrnl.dll 73728 bytes (Microsoft Corporation, Display Chaining Manager - Kernel mode component)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DED000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9066000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB91F8000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0xA7A58000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xA8630000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA2A8000 C:\WINDOWS\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0xBA188000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA258000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA7C53000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA248000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF065000 C:\WINDOWS\System32\Ai2dXP.dll 57344 bytes (Ai Squared , ZoomText 9 Video Driver)
0xBA138000 93844792.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA168000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB911E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 45056 bytes (Infineon Technologies AG, Infineon Trusted Platform Module)
0xBA198000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA6DFD000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xA74DD000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA308000 C:\WINDOWS\system32\DRIVERS\HECI.sys 40960 bytes (Intel Corporation, Intel® Management Engine Interface)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA238000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA218000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA118000 AlfaFF.sys 36864 bytes (Alfa Corporation, Windows 2000 Mini-Filter Monitor Network Edition)
0xBA128000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA799F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA410000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA420000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA368000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA428000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA340000 thpdrv.sys 24576 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3E8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA348000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA3F0000 C:\WINDOWS\system32\ckldrv.sys 20480 bytes
0xBA400000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA408000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA338000 TVALZ.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0xBA380000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBF012000 C:\WINDOWS\System32\Ai2Ldr.dll 16384 bytes (Ai Squared , ZoomText 9 Loader Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9C5F000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA7A0F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9C83000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA8CF4000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xB9C7B000 C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86. XP)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA82E9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA868C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA85B8000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9C57000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA7D4D000 C:\WINDOWS\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xB9161000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9C67000 C:\WINDOWS\system32\DRIVERS\tosrfec.sys 12288 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth EC Driver)
0xBA606000 C:\WINDOWS\System32\drivers\Ai2sXP.sys 8192 bytes (Ai Squared , ZoomText 9 Kernel Driver)
0xBA5F8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5F4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5FC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA600000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5CC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5AE000 Thpevm.SYS 8192 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection - Shock Sensor Driver)
0xBA60A000 C:\WINDOWS\System32\Drivers\TMEI3E.SYS 8192 bytes (Toshiba Corporation, Toshiba Mobile Extension Value Added Logical Device Driver)
0xBA5C6000 C:\WINDOWS\system32\DRIVERS\TVALZFL.sys 8192 bytes (TOSHIBA Corporation, TOSHIBA TVALZ Filter Driver)
0xBA5D4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6C3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6E6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7E1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
0x00F60000 Hidden Image-->TOPI.resources.dll [ EPROCESS 0x84942BD0 ] PID: 3424, 28672 bytes
0x03960000 Hidden Image-->PrivacyIconClient.resources.dll [ EPROCESS 0x85204718 ] PID: 4076, 36864 bytes

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 PM

Posted 27 October 2010 - 02:41 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Alec300

Alec300
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 28 October 2010 - 03:36 AM

Hi Elise

Here is the Combofix log txt, When I ran Combofix, there was a Windows error stating that there was a problem with mbr.cfxx?

Thanks

Alec

ComboFix 10-10-27.04 - Alec_S 28/10/2010 9:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1897.1105 [GMT 1:00]
Running from: c:\documents and settings\Alec_S\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-27 08:06 . 2010-10-27 08:06 -------- d--h--w- c:\windows\PIF
2010-10-27 06:52 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\93844792.sys
2010-10-27 06:52 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\9384479.sys
2010-10-27 06:52 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\93844791.sys
2010-10-26 18:57 . 2010-10-28 07:12 -------- d-----w- c:\program files\FTP Navigator
2010-10-21 09:27 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-21 09:27 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-21 06:52 . 2010-10-21 06:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-20 06:49 . 2010-10-20 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PHP
2010-10-20 06:48 . 2004-04-23 17:01 297984 ----a-w- c:\windows\system32\midas.dll
2010-10-20 06:48 . 2010-10-20 06:48 -------- d-----w- c:\windows\system32\phpED
2010-10-20 06:48 . 2010-10-20 06:48 -------- d-----w- c:\program files\NuSphere
2010-10-19 20:37 . 2010-10-19 20:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-10-19 14:59 . 2010-10-19 15:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-17 20:12 . 2010-10-17 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-10-17 20:12 . 2010-10-17 20:12 -------- d-----w- c:\program files\Google
2010-10-15 14:30 . 2010-10-15 14:30 -------- d-----w- C:\AX NF ZZ
2010-10-15 14:23 . 2010-10-15 14:23 -------- d-----w- c:\program files\VW
2010-10-15 14:23 . 2006-01-28 23:35 69632 ----a-w- c:\windows\system32\Crypserv.exe
2010-10-15 14:23 . 2006-01-10 02:47 31846 ----a-w- c:\windows\system32\Ckldrv.sys
2010-10-15 14:23 . 1999-06-18 21:49 165888 ----a-w- c:\windows\Ckconfig.exe
2010-10-15 14:23 . 1996-05-03 17:21 27648 ----a-r- c:\windows\Setup_ck.exe
2010-10-15 14:23 . 1996-05-03 15:36 18432 ----a-w- c:\windows\Setup_ck.dll
2010-10-15 14:23 . 1995-07-04 18:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2010-10-15 14:23 . 2008-05-21 10:48 57344 ----a-w- c:\windows\system32\dcmc0d0.dll
2010-10-15 14:21 . 2010-10-15 14:21 -------- d-----w- c:\windows\Speech
2010-10-15 14:21 . 2006-05-03 16:43 40448 ----a-w- c:\windows\system32\Ai2XOR.dll
2010-10-15 14:21 . 2006-05-03 16:43 110592 ----a-w- c:\windows\system32\Zosf.dll
2010-10-15 14:21 . 2006-05-03 16:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-15 13:35 . 2010-10-20 15:00 -------- d---a-w- C:\xampp
2010-10-15 12:23 . 2010-10-15 12:23 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-10-15 12:21 . 2010-10-15 12:21 -------- d-----w- c:\program files\Corel
2010-10-15 12:17 . 2010-10-15 12:25 -------- d-----w- c:\windows\Corel
2010-10-15 11:37 . 2010-10-15 11:37 -------- d-----w- c:\program files\QuickTime
2010-10-15 11:37 . 2010-10-15 11:37 -------- d-----w- c:\program files\Apple Software Update
2010-10-15 11:37 . 2010-10-15 11:37 -------- d-----w- c:\program files\Bonjour
2010-10-15 11:36 . 2010-10-15 11:38 -------- d-----w- c:\program files\Common Files\Apple
2010-10-15 11:36 . 2010-10-15 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-15 11:10 . 2010-10-15 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-10-15 11:03 . 2010-10-15 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-15 10:58 . 2010-10-15 10:58 -------- dc-h--w- c:\windows\ie8
2010-10-15 10:54 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-10-15 10:54 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-15 10:54 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-15 10:54 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-15 10:54 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-15 10:54 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-15 10:54 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-15 10:54 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-15 10:41 . 2010-10-15 10:41 -------- d-----w- c:\program files\Opera
2010-10-15 10:00 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-15 10:00 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-15 10:00 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-10-15 10:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-10-15 10:00 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-15 10:00 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-10-15 09:59 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 09:59 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 09:59 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 09:59 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-10-15 09:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-10-15 09:59 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-10-15 09:59 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-15 09:59 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-15 09:58 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-15 09:57 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-10-15 09:57 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-10-15 09:57 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-10-15 09:57 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-10-15 09:57 . 2009-02-06 10:39 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-10-15 09:57 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-15 09:57 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-10-15 09:57 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-10-15 09:57 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-15 09:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-15 09:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-15 09:54 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-15 09:54 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-10-15 09:48 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-15 09:48 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-10-15 09:47 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-10-15 09:47 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-15 09:46 . 2010-10-17 07:53 -------- d--h--w- c:\windows\$hf_mig$
2010-10-15 09:43 . 2009-12-16 18:43 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-10-15 09:43 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-15 09:43 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-15 09:43 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-10-15 09:43 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-15 09:43 . 2010-10-15 09:43 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-15 09:43 . 2010-10-15 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-10-15 09:42 . 2010-10-27 18:12 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-15 09:42 . 2010-10-22 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-15 09:23 . 2010-10-15 09:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll.prepare
2010-10-15 09:23 . 2010-10-15 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-15 09:18 . 2010-10-15 11:12 -------- d-----w- C:\$AVG
2010-10-15 09:17 . 2010-10-15 09:39 -------- d-----w- c:\program files\AVG
2010-10-15 09:17 . 2010-10-15 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-10-15 09:17 . 2010-10-15 09:17 -------- d-----w- c:\windows\SxsCaPendDel
2010-10-15 08:49 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-10-15 08:24 . 2007-12-20 00:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-10-15 08:24 . 2010-10-15 08:24 -------- d-----w- c:\windows\Downloaded Installations
2010-10-15 08:23 . 2008-03-26 12:12 40832 ----a-w- c:\windows\system32\drivers\HECI.sys
2010-10-15 08:23 . 2008-04-29 13:46 989720 ----a-w- c:\windows\system32\heciudlg.exe
2010-10-15 08:23 . 2010-10-15 08:23 -------- d-----w- c:\program files\Common Files\postureAgent
2010-10-15 08:23 . 2008-04-29 13:45 1002008 ----a-w- c:\windows\system32\mesoludlg.exe
2010-10-15 08:22 . 2010-10-15 08:22 -------- d-----w- c:\program files\Common Files\Intel
2010-10-15 08:22 . 2008-06-04 15:32 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2010-10-15 08:22 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-15 08:22 . 2010-10-15 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TOSHIBA
2010-10-15 08:22 . 2010-10-15 08:22 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2010-10-15 08:21 . 2010-10-27 19:01 -------- d-----w- c:\documents and settings\Alec_S
2010-10-15 08:20 . 2010-10-15 15:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\toshiba
2010-10-15 08:20 . 2010-10-15 15:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2010-10-15 08:20 . 2008-07-17 12:34 -------- d-----w- c:\windows\system32\config\systemprofile\Player
2010-10-15 08:20 . 2008-07-17 12:21 -------- d-----w- c:\windows\system32\config\systemprofile\pad
2010-10-15 08:20 . 2008-07-17 12:21 -------- d-----w- c:\windows\system32\config\systemprofile\On-Off
2010-10-15 08:20 . 2008-07-17 12:20 -------- d-----w- c:\windows\system32\config\systemprofile\Utility
2010-10-15 08:20 . 2008-07-17 12:20 -------- d-----w- c:\windows\system32\config\systemprofile\Pointing
2010-10-15 08:20 . 2008-07-17 12:20 -------- d-----w- c:\windows\system32\config\systemprofile\Device
2010-10-15 08:19 . 2008-04-28 04:14 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-10-15 08:19 . 2008-04-18 14:09 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-10-15 08:19 . 2008-04-18 14:08 659456 ----a-w- c:\windows\system32\NETw5c32.dll
2010-10-15 08:19 . 2008-07-17 12:20 -------- d-----w- c:\documents and settings\Default User\Device
2010-10-15 08:19 . 2008-07-17 12:34 -------- d-----w- c:\documents and settings\Default User\Player
2010-10-15 08:19 . 2008-07-17 12:21 -------- d-----w- c:\documents and settings\Default User\pad

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2008-07-17 10:14 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-07-17 10:14 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-07-17 10:14 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-07-17 10:14 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-13 15:27 . 2010-09-13 15:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-10 05:58 . 2008-07-17 10:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-07-17 10:14 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2008-07-17 10:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-01 11:51 . 2008-07-17 10:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-07-17 10:14 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-07-17 10:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-07-17 10:14 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2008-07-17 10:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-07-17 10:14 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 20:42 . 2010-08-19 20:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 13:17 . 2008-07-17 10:14 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-07-17 10:14 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 10:31 2475336 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 14:41 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-17 39408]
"Google Update"="c:\documents and settings\Alec_S\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-07 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-11-15 118784]
"TPSMain"="TPSMain.exe" [2007-11-15 299008]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2008-05-19 86016]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2006-03-06 114688]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-10-05 172032]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2008-05-27 451944]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-03 712704]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-09-03 3152384]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-05 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"TFNF5"="TFNF5.exe" [2006-04-10 622592]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-04-29 367128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Alec_S\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
setup_9.0.0.722_27.10.2010_09-18.lnk - c:\documents and settings\Alec_S\Desktop\Virus Removal Tool\setup_9.0.0.722_27.10.2010_09-18\startup.exe [2010-10-27 72208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-09-03 12:48 208896 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-21 17:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php\\php.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php\\php-cli.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php5\\php-cgi.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php5\\php.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php53\\php-cgi.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php53\\php.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\Srv.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\debugger\\DbgListener.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\phped.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

R0 93844792;93844792 Boot Guard Driver;c:\windows\system32\drivers\93844792.sys [27/10/2010 07:52 37392]
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [09/10/2008 09:01 42608]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [11/01/2008 22:58 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [04/09/2007 10:14 6528]
R1 93844791;93844791;c:\windows\system32\drivers\93844791.sys [27/10/2010 07:52 128016]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [15/10/2010 15:22 7296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 298448]
R1 setup_9.0.0.722_27.10.2010_09-18drv;setup_9.0.0.722_27.10.2010_09-18drv;c:\windows\system32\drivers\9384479.sys [27/10/2010 07:52 315408]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [17/07/2008 13:29 5888]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [15/10/2010 14:35 29416]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [09/10/2008 09:01 49152]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/10/2010 12:58 6104656]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 01:45 265400]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [09/10/2008 09:01 131072]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [17/07/2008 13:29 114688]
R2 TPCHSrv;TPCH Service;c:\program files\Toshiba\TPHM\TPCHSrv.exe [27/05/2008 13:12 628072]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30/04/2008 21:09 4992]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [15/10/2010 09:22 2058776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [17/07/2008 11:14 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [17/07/2008 12:36 41216]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [17/07/2008 13:18 435072]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [15/10/2010 10:43 517448]
S3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\drivers\toshscard.sys [19/08/2008 03:14 24232]
S3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\drivers\toshbus.sys [19/08/2008 03:14 300544]
S3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\drivers\toshcard.sys [19/08/2008 03:14 376960]
S3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\drivers\toshgps.sys [19/08/2008 03:14 72232]
S3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\drivers\toshmdfl.sys [19/08/2008 03:14 14976]
S3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\toshmdfl2.sys [19/08/2008 03:14 14976]
S3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\drivers\toshmdm.sys [19/08/2008 03:14 385536]
S3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\toshmdm2.sys [19/08/2008 03:14 430080]
S3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\toshnd5.sys [19/08/2008 03:14 25856]
S3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\toshunic.sys [19/08/2008 03:14 402816]
.
Contents of the 'Scheduled Tasks' folder

2010-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-10-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-17 20:12]

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4051365748-607487856-1633239843-1005Core.job
- c:\documents and settings\Alec_S\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 08:20]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4051365748-607487856-1633239843-1005UA.job
- c:\documents and settings\Alec_S\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 08:20]

2010-10-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-10-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-17 12:00]

2010-10-15 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-17 12:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Alec_S\Application Data\Mozilla\Firefox\Profiles\y4t325qd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://order.1and1.co.uk/xml/order/Home;jsessionid=AFEBCB27D6015C9C20025F8BA7AE66B4.TCpfix154b?__reuse=1287659687674
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb82246&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Alec_S\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 09:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1212)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\TrueSuite Access Manager\FpSuites.dll
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\authTpm.dll

- - - - - - - > 'explorer.exe'(876)
c:\windows\system32\WININET.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\ieframe.dll
c:\program files\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-10-28 09:14:01
ComboFix-quarantined-files.txt 2010-10-28 08:13

Pre-Run: 139,464,941,568 bytes free
Post-Run: 139,824,193,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg

- - End Of File - - C027A6ABF682BAEADEA1047838378D31

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 PM

Posted 28 October 2010 - 03:57 AM

Your log shows a DNS hijack. If you connect through a router, please reset it. Typically this is done by pushing the reset button for about 10 seconds when the router is powered off.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Alec300

Alec300
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 28 October 2010 - 02:09 PM

Hi Elise

Thanks so much for identifying the problem - have reset it and the redirect problem has gone away. Sorted!

What's the most common way to acquire this type of infection/hack problem, as I thought I'd protected the computer as much as I could (AVG file checker, avoiding automatic downloads, firewall on the router, don't use Microsoft Outlook, not clicking on links in emails etc) - I could do without getting other malware etc.

Thanks once again.

Rgds
Alec

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 PM

Posted 28 October 2010 - 03:43 PM

The infection was not on your computer, but your router was hacked.
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords
  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

Edited by elise025, 28 October 2010 - 03:45 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Alec300

Alec300
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 30 October 2010 - 05:31 PM

Hi

The link made interesting reading - I thought I had a strong enough password, but obviously not, since it was hacked. I have now used a stronger password and will be changing it again to an even stronger one!

Thanks for all your help - a wonderful service.

Do I (can I?) close this thread now, or do you?

Rgds
Alec

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 PM

Posted 31 October 2010 - 02:14 AM

Hi Alec, you cannot close the topic, so I will do it. However, before doing so, some last steps and information.

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
  • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Alec300

Alec300
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 01 November 2010 - 07:48 AM

Hello Elise

Thanks for that final message. I have implemented all that you recommended, and will be spending time reading those links too. Currently my computer is working properly, and faster than before, which is a bonus.

Once again, I am very grateful for all your help and the existence of this website. An amazing service.

Rgds
Alec

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:00 PM

Posted 01 November 2010 - 08:48 AM

You're most welcome Alec. :)

I will now close this topic. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users