Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having issues with hijacked links / blue screen of death


  • This topic is locked This topic is locked
17 replies to this topic

#1 amroczka6404

amroczka6404

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 01 March 2011 - 12:51 AM

Running vista ultimate. got some sort of malware/virus. used spybot and AVG free and they removed everything they could find with no problems. now when I search with google, some links are hijacked taking me somewhere else. Also every once and a while (like a few times a day)the whole screen will go blue displaying some error message forcing me to cut the power and reboot. I downloaded hijack this and am unsure on what to delete with it. here is the log it produced...




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:26 PM, on 2/28/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: GOM Player + Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTUxMzk3NjQzLVQxLVU4NSsxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNMTFDKzEtVVBHKzIwMTEtRjhNMTFFKzE"&"prod=90"&"ver=10.0.1204
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=GRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8805 bytes

Edited by Budapest, 01 March 2011 - 01:01 AM.
Moved from Vista ~BP


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:44 AM

Posted 06 March 2011 - 11:00 AM

Hi amroczka6404, and welcome to Bleeping Computer.

Firstly,
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Secondly,
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed.
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • >>Post the contents of both DDS.txt and Attach.txt into the thread.<<
  • Close the program window, and delete the program from your Desktop.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 amroczka6404

amroczka6404
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 March 2011 - 04:06 PM

Thanks for the reply!! I already posted a dds log above in the first post, but to save time going back and forth with messages I ran dds again after malwarebytes and here is both logs!


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5975

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/6/2011 1:02:44 PM
mbam-log-2011-03-06 (13-02-44).txt

Scan type: Quick scan
Objects scanned: 167614
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 80
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 74
Files Infected: 599

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.1.22.0 (Adware.HotBar) -> Value: ShopperReports 3.1.22.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879047EB2765C5032A095 (Malware.Trace) -> Value: SRS_IT_E879047EB2765C5032A095 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Anthony\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\shopperreports3\bin\3.1.22.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\Users\Anthony\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Anthony\downloads\clickpotatoinstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\Users\Anthony\AppData\Roaming\microsoft\Windows\start menu\Programs\thinkpoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
c:\Users\Anthony\AppData\Roaming\scgdfgasfbh.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\images.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\italy_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\mail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\music.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\networkicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\shopping.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\news.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\spain_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\technorati.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tvicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tv_icon3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\usa_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\web.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\zoom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics\folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingmid.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\inithtml.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupgames.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popuphtml.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popuprss.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupwidgets.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupabout.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupgames.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupwidgets.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-info.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingmid.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateff.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\components\windowmediator.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

#4 amroczka6404

amroczka6404
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 March 2011 - 04:16 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Anthony at 13:11:40.27 on Sun 03/06/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2237 [GMT -8:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\Anthony\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: iOpus Internet Macros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\internetmacros\imacros.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTUxMzk3NjQzLVQxLVU4NSsxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNMTFDKzEtVVBHKzIwMTEtRjhNMTFFKzE"&"prod=90"&"ver=10.0.1204
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=GRfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\internetmacros\imacros.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\c52o2jff.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d66fcdb&v=6.011.025.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\anthony\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\anthony\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: GOM Player + Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {546076F5-592A-4F99-A597-2B529F9164C8} - c:\windows\system32\config\systemprofile\appdata\local\{546076F5-592A-4F99-A597-2B529F9164C8}
FF - Ext: XULRunner: {FF20E45E-7CB5-4220-882B-A04EA1D7944A} - c:\users\anthony\appdata\local\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2006-11-13 77312]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-11 233472]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\61xx\svc\mvraidsvc.exe [2006-8-9 114688]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-23 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-11 36608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-2-24 517448]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-03-06 20:56:46 -------- d-----w- c:\users\anthony\appdata\roaming\Malwarebytes
2011-03-06 20:56:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 20:56:36 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-06 20:56:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 20:56:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-01 06:10:33 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-03-01 05:36:13 388096 ----a-r- c:\users\anthony\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-01 05:36:12 -------- d-----w- c:\program files\Trend Micro
2011-03-01 05:31:35 -------- d-----w- c:\program files\CCleaner
2011-02-25 06:35:24 -------- d-----w- c:\program files\Cisco Systems
2011-02-25 06:30:15 -------- d-----w- c:\progra~2\Cisco Systems
2011-02-25 00:51:31 -------- d-----w- c:\users\anthony\appdata\local\AVG Security Toolbar
2011-02-25 00:50:34 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-02-25 00:49:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-25 00:49:16 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{98cb521b-84c6-427c-a884-132287d6bcd1}\mpengine.dll
2011-02-24 20:23:12 -------- d-----w- c:\program files\Ask.com
2011-02-24 03:15:51 -------- d-----w- c:\users\anthony\appdata\roaming\AVG10
2011-02-24 03:14:54 -------- d--h--w- c:\progra~2\Common Files
2011-02-24 03:13:22 -------- d-----w- c:\progra~2\AVG10
2011-02-24 03:06:44 -------- d--h--w- C:\$AVG
2011-02-24 02:58:49 -------- d-----w- c:\progra~2\MFAData
2011-02-24 01:08:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-24 01:08:57 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-23 00:52:30 815104 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-23 00:52:30 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-23 00:52:30 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-23 00:52:30 -------- d-----w- c:\program files\Xvid
2011-02-11 22:55:05 0 ----a-w- c:\users\anthony\appdata\local\Qzececeweweciq.bin
2011-02-09 07:09:15 -------- d-----w- c:\users\anthony\appdata\local\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}

==================== Find3M ====================

2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-18 01:39:41 114688 ----a-w- c:\windows\system32\wpe.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: HDS722580VLSA80 rev.V32OA63A -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll tcpip.sys NETIO.SYS
1 ntkrnlpa!IofCallDriver[0x82482962] -> \Device\Harddisk0\DR0[0x869310A0]
3 CLASSPNP[0x8B5CF8B3] -> ntkrnlpa!IofCallDriver[0x82482962] -> [0x86061620]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskHDS722580VLSA80_________________________V32OA63A#5&51c40af&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85fd61f8
user != kernel MBR !!!
sectors 160836478 (+255): user != kernel

============= FINISH: 13:13:59.99 ===============

I just noticed that now windows cannot perform updates

Attached Files



#5 amroczka6404

amroczka6404
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 March 2011 - 04:19 PM

Windows Update cannot update!

CODE: 80072EFE Windows has encountered an unknown error


Also noticed when i restarted hijacked links werent a problem at first, but then after a few links it started redirecting me somewhere else. problem still exists.

Edited by amroczka6404, 06 March 2011 - 04:25 PM.


#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:44 AM

Posted 06 March 2011 - 05:47 PM

Hi again amroczka6404!!.. :)

CODE: 80072EFE Windows has encountered an unknown error

Both issues - the Windows Update problem, and search engine results redirects have the same source - the rootkit infection hiding in the system...

Please do the following:
Firstly,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

Secondly,
I recommend you uninstall unneeded toolbars from your system (use Start -> Control Panel -> Programs and Features):
Ask Toolbar
DAEMON Tools Toolbar


These are potentially unwanted applications, and not really needed for other programs to work... For the Ask Toolbar, see here: Products with Ask Toolbar

Please also choose Uninstall for this (it's probably just a leftover from an infection):
System Tool2011

Thirdly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 amroczka6404

amroczka6404
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 March 2011 - 11:13 PM

2011/03/06 19:00:21.0916 5272 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/06 19:00:23.0261 5272 ================================================================================
2011/03/06 19:00:23.0261 5272 SystemInfo:
2011/03/06 19:00:23.0261 5272
2011/03/06 19:00:23.0262 5272 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/06 19:00:23.0262 5272 Product type: Workstation
2011/03/06 19:00:23.0262 5272 ComputerName: ANTHONY-PC
2011/03/06 19:00:23.0262 5272 UserName: Anthony
2011/03/06 19:00:23.0262 5272 Windows directory: C:\Windows
2011/03/06 19:00:23.0262 5272 System windows directory: C:\Windows
2011/03/06 19:00:23.0262 5272 Processor architecture: Intel x86
2011/03/06 19:00:23.0262 5272 Number of processors: 4
2011/03/06 19:00:23.0262 5272 Page size: 0x1000
2011/03/06 19:00:23.0262 5272 Boot type: Normal boot
2011/03/06 19:00:23.0262 5272 ================================================================================
2011/03/06 19:00:26.0708 5272 Initialize success
2011/03/06 19:00:29.0443 3712 ================================================================================
2011/03/06 19:00:29.0443 3712 Scan started
2011/03/06 19:00:29.0443 3712 Mode: Manual;
2011/03/06 19:00:29.0443 3712 ================================================================================
2011/03/06 19:00:30.0435 3712 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/06 19:00:30.0479 3712 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/06 19:00:30.0507 3712 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/06 19:00:30.0531 3712 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/06 19:00:30.0596 3712 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/06 19:00:30.0715 3712 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/06 19:00:30.0796 3712 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/06 19:00:30.0847 3712 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/06 19:00:30.0990 3712 ALCXWDM (75d32999d2711f8a5ca49ffd0cbb9abb) C:\Windows\system32\drivers\RTKVAC.SYS
2011/03/06 19:00:31.0112 3712 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/06 19:00:31.0146 3712 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/06 19:00:31.0160 3712 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/06 19:00:31.0182 3712 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/06 19:00:31.0200 3712 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/06 19:00:31.0337 3712 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/06 19:00:31.0427 3712 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/06 19:00:31.0463 3712 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/06 19:00:31.0523 3712 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/06 19:00:31.0701 3712 atikmdag (4db423ba3fb384e47d5c143b813261d2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/06 19:00:31.0878 3712 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/06 19:00:31.0899 3712 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/03/06 19:00:31.0918 3712 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/06 19:00:31.0953 3712 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/03/06 19:00:32.0005 3712 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/03/06 19:00:32.0088 3712 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/03/06 19:00:32.0176 3712 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/03/06 19:00:32.0206 3712 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/03/06 19:00:32.0274 3712 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/06 19:00:32.0444 3712 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/06 19:00:32.0474 3712 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/06 19:00:32.0511 3712 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/06 19:00:32.0556 3712 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/06 19:00:32.0620 3712 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/06 19:00:32.0645 3712 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/06 19:00:32.0683 3712 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/06 19:00:32.0733 3712 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/06 19:00:32.0800 3712 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/06 19:00:32.0875 3712 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/06 19:00:32.0971 3712 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/06 19:00:33.0073 3712 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/06 19:00:33.0192 3712 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/06 19:00:33.0253 3712 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/06 19:00:33.0268 3712 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/03/06 19:00:33.0287 3712 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/06 19:00:33.0315 3712 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/06 19:00:33.0404 3712 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/03/06 19:00:33.0470 3712 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/06 19:00:33.0546 3712 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/06 19:00:33.0643 3712 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/06 19:00:33.0733 3712 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/06 19:00:33.0808 3712 e1express (9f3e3f19d28b3b4ff261a1e758f4ad26) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/03/06 19:00:33.0852 3712 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/06 19:00:33.0971 3712 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/06 19:00:34.0026 3712 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/06 19:00:34.0062 3712 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/06 19:00:34.0148 3712 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/06 19:00:34.0227 3712 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/06 19:00:34.0265 3712 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/06 19:00:34.0329 3712 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/06 19:00:34.0376 3712 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/06 19:00:34.0398 3712 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/06 19:00:34.0457 3712 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/06 19:00:34.0549 3712 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/03/06 19:00:34.0639 3712 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/06 19:00:34.0700 3712 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/06 19:00:34.0734 3712 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/06 19:00:34.0825 3712 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/06 19:00:34.0955 3712 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\Windows\system32\drivers\hardlock.sys
2011/03/06 19:00:35.0067 3712 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/03/06 19:00:35.0160 3712 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/06 19:00:35.0251 3712 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/06 19:00:35.0319 3712 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/06 19:00:35.0387 3712 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/06 19:00:35.0451 3712 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/06 19:00:35.0535 3712 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/06 19:00:35.0592 3712 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/06 19:00:35.0639 3712 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/06 19:00:35.0680 3712 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/06 19:00:35.0747 3712 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/06 19:00:35.0799 3712 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/06 19:00:35.0820 3712 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/06 19:00:35.0852 3712 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/06 19:00:35.0928 3712 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/06 19:00:35.0951 3712 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/06 19:00:35.0990 3712 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/06 19:00:36.0011 3712 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/06 19:00:36.0093 3712 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/06 19:00:36.0128 3712 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/06 19:00:36.0143 3712 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/06 19:00:36.0168 3712 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/06 19:00:36.0205 3712 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/06 19:00:36.0310 3712 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/06 19:00:36.0356 3712 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/06 19:00:36.0387 3712 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/06 19:00:36.0406 3712 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/06 19:00:36.0449 3712 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/06 19:00:36.0511 3712 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/06 19:00:36.0575 3712 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/06 19:00:36.0614 3712 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/06 19:00:36.0683 3712 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/06 19:00:36.0759 3712 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/06 19:00:36.0794 3712 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/06 19:00:36.0820 3712 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/06 19:00:36.0864 3712 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/06 19:00:36.0895 3712 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/06 19:00:36.0930 3712 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/06 19:00:36.0961 3712 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/06 19:00:37.0054 3712 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/06 19:00:37.0107 3712 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/06 19:00:37.0169 3712 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/06 19:00:37.0187 3712 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/06 19:00:37.0216 3712 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/06 19:00:37.0245 3712 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/06 19:00:37.0308 3712 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/06 19:00:37.0338 3712 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/06 19:00:37.0399 3712 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/06 19:00:37.0448 3712 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/06 19:00:37.0466 3712 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/06 19:00:37.0531 3712 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/06 19:00:37.0571 3712 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/06 19:00:37.0593 3712 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/06 19:00:37.0651 3712 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/06 19:00:37.0714 3712 mv61xx (d256e476c2e10b812fa549d884cbd330) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/03/06 19:00:37.0807 3712 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/06 19:00:37.0864 3712 NCHSSVAD (e78ce4b8e70ccc1a6e63008c3660867c) C:\Windows\system32\drivers\nchssvad.sys
2011/03/06 19:00:37.0964 3712 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/06 19:00:38.0079 3712 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/06 19:00:38.0192 3712 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/06 19:00:38.0292 3712 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/06 19:00:38.0333 3712 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/06 19:00:38.0398 3712 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/06 19:00:38.0452 3712 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/06 19:00:38.0485 3712 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/06 19:00:38.0580 3712 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/06 19:00:38.0658 3712 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/06 19:00:38.0791 3712 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/06 19:00:38.0835 3712 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/06 19:00:38.0905 3712 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/03/06 19:00:38.0956 3712 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/06 19:00:38.0981 3712 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/06 19:00:39.0006 3712 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/06 19:00:39.0022 3712 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/06 19:00:39.0139 3712 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/06 19:00:39.0250 3712 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/03/06 19:00:39.0322 3712 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/06 19:00:39.0341 3712 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/06 19:00:39.0422 3712 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/03/06 19:00:39.0508 3712 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/06 19:00:39.0529 3712 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/06 19:00:39.0591 3712 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/06 19:00:39.0686 3712 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/03/06 19:00:39.0731 3712 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/06 19:00:39.0837 3712 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/06 19:00:39.0866 3712 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/06 19:00:39.0938 3712 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/06 19:00:39.0992 3712 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/06 19:00:40.0065 3712 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/06 19:00:40.0097 3712 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/06 19:00:40.0260 3712 R300 (4db423ba3fb384e47d5c143b813261d2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/06 19:00:40.0346 3712 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/06 19:00:40.0373 3712 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/06 19:00:40.0433 3712 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/06 19:00:40.0489 3712 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/06 19:00:40.0547 3712 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/06 19:00:40.0610 3712 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/06 19:00:40.0689 3712 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/03/06 19:00:40.0711 3712 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/06 19:00:40.0771 3712 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/06 19:00:40.0805 3712 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/06 19:00:40.0849 3712 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/03/06 19:00:40.0913 3712 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/06 19:00:40.0973 3712 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/06 19:00:41.0005 3712 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/06 19:00:41.0046 3712 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/03/06 19:00:41.0100 3712 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/06 19:00:41.0153 3712 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/06 19:00:41.0169 3712 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/06 19:00:41.0193 3712 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/06 19:00:41.0217 3712 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/06 19:00:41.0248 3712 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/06 19:00:41.0301 3712 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/06 19:00:41.0326 3712 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/06 19:00:41.0391 3712 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/06 19:00:41.0434 3712 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/06 19:00:41.0554 3712 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/06 19:00:41.0555 3712 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/06 19:00:41.0560 3712 sptd - detected Locked file (1)
2011/03/06 19:00:41.0624 3712 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/06 19:00:41.0652 3712 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/06 19:00:41.0669 3712 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/06 19:00:41.0734 3712 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/03/06 19:00:41.0794 3712 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/03/06 19:00:41.0814 3712 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/03/06 19:00:41.0894 3712 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2011/03/06 19:00:41.0926 3712 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/06 19:00:41.0949 3712 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/06 19:00:42.0009 3712 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/06 19:00:42.0032 3712 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/06 19:00:42.0081 3712 tap0901 (c516b5cffb7c307fcb7df87d7d7fa200) C:\Windows\system32\DRIVERS\tap0901.sys
2011/03/06 19:00:42.0155 3712 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/06 19:00:42.0224 3712 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/06 19:00:42.0283 3712 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/06 19:00:42.0306 3712 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/06 19:00:42.0331 3712 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/06 19:00:42.0390 3712 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/06 19:00:42.0493 3712 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/06 19:00:42.0550 3712 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/06 19:00:42.0580 3712 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/06 19:00:42.0663 3712 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/06 19:00:42.0722 3712 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/06 19:00:42.0785 3712 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/06 19:00:42.0825 3712 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/06 19:00:42.0849 3712 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/06 19:00:42.0873 3712 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/06 19:00:42.0931 3712 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/06 19:00:42.0954 3712 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/06 19:00:43.0043 3712 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/06 19:00:43.0084 3712 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/06 19:00:43.0162 3712 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/06 19:00:43.0245 3712 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/06 19:00:43.0329 3712 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/06 19:00:43.0349 3712 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/06 19:00:43.0453 3712 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/06 19:00:43.0507 3712 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/06 19:00:43.0579 3712 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/06 19:00:43.0608 3712 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/06 19:00:43.0646 3712 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/06 19:00:43.0662 3712 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/06 19:00:43.0685 3712 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/06 19:00:43.0704 3712 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/06 19:00:43.0750 3712 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/06 19:00:43.0790 3712 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/06 19:00:43.0856 3712 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/06 19:00:43.0931 3712 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/06 19:00:43.0953 3712 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/06 19:00:44.0012 3712 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/06 19:00:44.0036 3712 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/06 19:00:44.0056 3712 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/06 19:00:44.0106 3712 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/06 19:00:44.0194 3712 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/06 19:00:44.0302 3712 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/03/06 19:00:44.0334 3712 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/06 19:00:44.0412 3712 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/06 19:00:44.0473 3712 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/06 19:00:44.0531 3712 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/06 19:00:44.0584 3712 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/06 19:00:44.0696 3712 ================================================================================
2011/03/06 19:00:44.0696 3712 Scan finished
2011/03/06 19:00:44.0696 3712 ================================================================================
2011/03/06 19:00:44.0705 4988 Detected object count: 2
2011/03/06 19:01:32.0201 4988 Locked file(sptd) - User select action: Skip
2011/03/06 19:01:32.0208 4988 \HardDisk1 - will be cured after reboot
2011/03/06 19:01:32.0209 4988 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/03/06 19:01:39.0828 4752 Deinitialize success

OTL Extras logfile created on: 3/6/2011 7:12:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Anthony\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 9.68 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 39.90 Gb Free Space | 17.13% Space Free | Partition Type: NTFS
Drive H: | 3.68 Gb Total Space | 3.41 Gb Free Space | 92.75% Space Free | Partition Type: FAT32

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC48D15-D132-42D8-88A2-F0798A0BB752}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0FE476E4-5BAB-4791-8DA7-EC313490875D}" = rport=137 | protocol=17 | dir=out | app=system |
"{10B9509E-7B3A-41E7-824D-5D8E92FE7671}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17E2D1D1-E113-4E64-A42A-07C136ADC0E3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1973D39A-2384-4C83-8306-CDAF2A6DC21C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1BB0FBFC-9522-430E-BD26-42CA2F81226C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B49F94E-3A09-44B1-BB63-CAC8BC8DB038}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B745E8D-9F62-4E81-9BA5-BD7E56CCD10A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2EC55CAC-0CB6-4FC3-A5F0-B64BF07F8B77}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4298DF1E-3B19-4BA6-90EC-9F504696809E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4419329A-1D43-43BA-8CFA-65CBD7291A75}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4721C87D-793F-40F7-9404-C3D4DBBB76ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AE261E7-947D-49FE-BF89-86E27DB998A5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4BA2F214-C135-478C-B6D8-47B67AEC0D8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59FB675C-912E-40F0-98F7-D9DA922B4B80}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5FD57F85-455B-47FB-87F0-A7E29B24B808}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{625C3115-D0B4-493E-A711-33B7198B8565}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63BB2211-B497-4AE3-A84C-7E8C47475D92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{65C205C5-0370-4D67-A4AA-B713A6F70A75}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{65DC5794-99D1-401A-AC4A-9BD7AEFC13C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{76D2DDF9-86A4-4A84-9706-73F3B5D26E48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F0E35DD-BB9C-4953-A124-5E034F7583D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{802CBC27-4F86-401D-82A5-AF514DC3A184}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8436F1CB-AE3B-4156-937C-C2611963B2E7}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{9B76C1FD-444A-4A25-ADBA-A040E4262011}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9D84A4B-CB49-4658-A9F0-4FDB31EBADB5}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C7C5D7C6-B4EB-4FDB-B1BB-382A0481722A}" = rport=139 | protocol=6 | dir=out | app=system |
"{CCA66A46-F79E-4B87-8461-21552924F7FC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D32A17F8-90F9-4524-A14E-54659DA623DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D76A98E4-0819-4D27-9619-42AE2E5BD2C1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DACB4C9A-1E0C-4647-9C21-2EA1803B7D0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DDE3523C-741A-457B-BE0A-A5B8FAEC0FEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE05974A-7D9A-4780-8FE8-F1DB5746DDAE}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EA9A80B0-F67E-4B51-A8C4-FFC49153A606}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE085E86-A885-42C4-93D1-B9FBDAA2AFFE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF85514A-79C2-424D-BBF6-5B7383151971}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3097A5E-AF8A-4C82-B9A9-14D181C69A57}" = rport=138 | protocol=17 | dir=out | app=system |
"{F94814EA-26C3-4B89-AF05-247E83F069BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{FED16C73-9515-4AE5-869D-12B566DD69F3}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016B2134-D98A-4690-A8FA-22A218FC453D}" = protocol=6 | dir=out | app=system |
"{0189F9DB-9D4D-4C3A-A855-B33440C3F960}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{0468FCA9-049D-475C-90EA-6F080302979B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05A00FF6-B31F-4035-BF6E-9F5448645A1D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0884EDEC-313C-4DAF-96F1-AF7C4B277EFF}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{0C932AAB-98FB-4D7C-8CB6-DC464815AF6B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0D2AAF12-5369-43A8-90D4-116C97538B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D669416-0B98-4B23-A102-42A739684B32}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{0F8D1CEE-3B47-4657-BBC7-570AD984FA5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{108829EC-26CB-4E9B-8F6F-E0C776D785B4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2AF22DBB-CF48-43AC-B4C6-1EFB4B246B5F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{31CE0AFA-8F4A-4A1F-B2B1-B4F761353CBE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{35F8F8F7-700D-4ABE-8D3D-44E520A24D03}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{3764A66A-9490-4BFD-8D0D-36FE13FF592B}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{4159D56A-2AAC-4A3A-AF3E-2F4B178C901B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47862060-B3B0-406B-9F5A-B49A6522756F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{480955A0-FB26-42C2-8C5B-D1635176EF50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48791E40-D8E6-41CC-B225-7579D6770BDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AA01A74-5CF9-468C-8EC6-D3D7BAE2C8D6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B434496-8F1A-4713-926D-958D7A60EEDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4DF3B702-E932-42FB-8B56-5C4B6C7E5B09}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{50AF535E-95E9-4647-B7A9-A636FDE8A782}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{538A5F58-AA96-4B26-BDDF-42646572C3BB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54F22D59-2434-4265-A0BA-8CDFC3774B9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CE5B8B2-1894-4417-B01B-94CB3806A3B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5E7CB58D-20D9-4EF2-8104-F1C0D5904CEB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{63BDF1BA-824E-4B43-925E-2B1E562F067E}" = protocol=17 | dir=in | app=c:\program files\satellite direct\satellitedirect.exe |
"{6CB92320-3934-4CAA-9549-229B80FCCE25}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{745D32CC-76F9-470B-8E75-31745A3BE4EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79EE4216-B70B-409B-9832-ABA19172FE97}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{7C835CFB-B048-40CF-8203-1728692441ED}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{8496F597-296D-4185-8336-D2D8F624FBCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89864F2E-5C8D-487A-8630-F31681A3053B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{930B3ADF-E474-4481-B013-B7E9FD8E4D56}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{96579E7D-FB3E-4954-A766-EEDCF0333B96}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{99EAA6DC-F9CE-4A56-80B1-A794F304ECE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2262CC7-CD29-413B-92EF-DBFE81620F85}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A58AD0D5-C6DB-45DF-B54D-3755730FA327}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFE36981-C20A-4FB6-AD0A-20ED5E481DB8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C2205038-BAD5-4B49-AE4B-E9A281D9F878}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CBD22530-FED2-4FFA-B7E6-380982F0AB64}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{CCAAA7B5-AC19-48CA-9A8C-E1ED0427370D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE29B67B-F27A-4A6D-9852-F3EBAF46E8D8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D9ACADD3-57B1-4973-80C2-64E8E93DA32B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC9C52F6-F961-4DB0-BF30-8479999C92F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4F52E28-AC0E-4DED-8B9B-1A8F56517405}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F072CC7B-1764-4C99-B875-6FCC8A9CA373}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F973CB45-4427-4652-86DF-4671F91CFE27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FA405F99-5B90-48CE-B830-9640E9D17970}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FC0769E3-DD37-4EB3-98E1-C2F406DBA48F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCE89D52-6A80-495F-A148-50E9476038B1}" = protocol=6 | dir=in | app=c:\program files\satellite direct\satellitedirect.exe |
"{FD7E0312-FAA3-4759-A504-3C28F5824C90}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"TCP Query User{00FDDBB2-1CE1-452C-A9F5-1990A5653422}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2033897D-5979-4075-8E4E-0BAA87268340}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2C647290-3269-466B-973F-508533815495}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{3720ACF6-2CDB-4107-BA01-655179DAA96B}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"TCP Query User{651B7F85-542B-4947-B71C-B54D8B870276}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{6F73B785-CC4F-4751-959E-632681F28CF0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{77BA66B8-565D-4A5D-916D-FB74C5333D8C}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |
"TCP Query User{A6F1BA21-3907-4D3D-8096-D847B3EB5BCA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B1E1B3C4-BFFE-4630-954D-79E1D7048B88}C:\program files\satellite direct\satellitedirect.exe" = protocol=6 | dir=in | app=c:\program files\satellite direct\satellitedirect.exe |
"UDP Query User{0227C5D0-6FCD-4CC8-94DE-70320F67CB85}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1D4A88F9-3662-426F-905A-A4BC757B2D86}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{204C98D6-912D-4BD2-9125-58D5DE369B1A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{2CF5404F-B74F-4D3E-827A-62B102B00F06}C:\program files\satellite direct\satellitedirect.exe" = protocol=17 | dir=in | app=c:\program files\satellite direct\satellitedirect.exe |
"UDP Query User{822EC737-91F6-40D2-9573-419283254556}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |
"UDP Query User{8716F15F-A5AA-4743-AC6F-61C2A3D849C7}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{9CED581C-200E-4689-ACCF-A8DB4178DDBD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B7DBB3AB-616B-48B3-A4CE-7BBD90C67D14}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C742E09B-7C21-45E3-851E-77BEBBB4E5D7}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1AA26528-BDD7-45F2-7B45-54709113E1C7}" = Catalyst Control Center Graphics Light
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{246F6C8F-66A3-4660-9B9E-EEFE73377EB3}" = Skins
"{2491208F-5357-062F-31C6-CD7AF06300E1}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2F703E06-43D9-6867-1387-7D293AA222A7}" = Catalyst Control Center Graphics Full New
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40CB0D72-3B19-9BFE-F1B9-896BC4022145}" = HydraVision
"{41099717-4508-5A0E-7672-5D254C2A372C}" = CCC Help English
"{41F00F2E-00DC-93D3-0DEE-E73C4A16CEEB}" = ccc-utility
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DC4D368-64B4-E266-6D8F-6CB90DF8A3F3}" = ccc-core-static
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745E24A-84A9-4754-9FFD-8FBE12CA0200}" = SolidWorks 2006 SP0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87777496-01BD-4858-B24C-D06C1FBD4009}_is1" = Satellite Direct v4.25.1.0
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{998EAED4-9AA5-6E47-B9EA-3BD1F43B0A33}" = Catalyst Control Center Core Implementation
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A46C4D3C-84D7-5244-BAD5-58BDA56A9B62}" = Catalyst Control Center Graphics Previews Vista
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A99411B5-760D-9035-EA58-B7CAED185446}" = ATI Catalyst Install Manager
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C3495A05-14AF-8FD1-FDA7-7554860BDC8B}" = Catalyst Control Center InstallProxy
"{C8D86898-0316-3CDE-B1DF-D2F260270696}" = Catalyst Control Center Graphics Previews Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F8624263-88D7-4F73-B60D-663C41EC637A}" = ezPaycheck
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE9CD338-1568-A3DF-D9DE-BFF0DE98303A}" = Catalyst Control Center HydraVision Full
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG" = AVG 2011
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBASE PLUS series1 Runtime Engine" = dBASE PLUS Runtime Engine
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"Electric Sheep" = Electric Sheep 2.7b27
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileStream Image Broadway" = FileStream Image Broadway
"Golden" = Golden Records Vinyl to CD Converter
"GOM Player" = GOM Player
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"mv61xxMRU" = Marvell 61xx MRU
"OpenVPN" = UltraVPN
"PayrollMaster_is1" = PayrollMaster
"PROSetDX" = Intel® PRO Network Connections 11.2.0.69
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"TomTom HOME" = TomTom HOME 2.6.2.1586
"UltSounds" = Windows Sound Schemes
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.1
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zulu" = Zulu DJ Software

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2011 4:00:10 AM | Computer Name = Anthony-PC | Source = SPP | ID = 16387
Description =

Error - 3/6/2011 4:00:10 AM | Computer Name = Anthony-PC | Source = System Restore | ID = 8193
Description =

Error - 3/6/2011 4:00:10 AM | Computer Name = Anthony-PC | Source = System Restore | ID = 8210
Description =

Error - 3/6/2011 5:09:25 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/6/2011 5:51:13 PM | Computer Name = Anthony-PC | Source = SPP | ID = 16387
Description =

Error - 3/6/2011 5:51:13 PM | Computer Name = Anthony-PC | Source = System Restore | ID = 8193
Description =

Error - 3/6/2011 5:51:13 PM | Computer Name = Anthony-PC | Source = System Restore | ID = 8210
Description =

Error - 3/6/2011 11:04:22 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/6/2011 11:07:36 PM | Computer Name = Anthony-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5,
exception code 0xc0000005, fault offset 0x00034ca6, process id 0x59c, application
start time 0x01cbdc744d0b0845.

Error - 3/6/2011 11:10:47 PM | Computer Name = Anthony-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5,
exception code 0xc0000005, fault offset 0x00034ca2, process id 0x1400, application
start time 0x01cbdc74d23670f9.

[ Media Center Events ]
Error - 8/19/2009 5:36:54 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/20/2009 5:31:07 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/21/2009 5:36:06 PM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/22/2009 5:42:07 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/28/2010 4:22:44 PM | Computer Name = Anthony-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/12/2010 8:55:06 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/15/2010 8:55:03 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/18/2010 8:55:53 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/19/2010 8:55:03 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/22/2010 8:55:03 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 2/27/2011 4:10:58 AM | Computer Name = Anthony-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:59:22 PM on 2/26/2011 was unexpected.

Error - 2/27/2011 4:11:33 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2/28/2011 7:37:51 PM | Computer Name = Anthony-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:20:44 PM on 2/28/2011 was unexpected.

Error - 2/28/2011 7:38:11 PM | Computer Name = Anthony-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.112 for the Network Card with network
address 001CC08A8C04 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/28/2011 7:39:00 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2/28/2011 11:39:18 PM | Computer Name = Anthony-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:23:26 PM on 2/28/2011 was unexpected.

Error - 2/28/2011 11:40:58 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/1/2011 6:32:37 PM | Computer Name = Anthony-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001CC08A8C04 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2011 5:09:26 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/6/2011 11:04:22 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >

OTL Extras logfile created on: 3/6/2011 7:12:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Anthony\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 9.68 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 39.90 Gb Free Space | 17.13% Space Free | Partition Type: NTFS
Drive H: | 3.68 Gb Total Space | 3.41 Gb Free Space | 92.75% Space Free | Partition Type: FAT32

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC48D15-D132-42D8-88A2-F0798A0BB752}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0FE476E4-5BAB-4791-8DA7-EC313490875D}" = rport=137 | protocol=17 | dir=out | app=system |
"{10B9509E-7B3A-41E7-824D-5D8E92FE7671}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17E2D1D1-E113-4E64-A42A-07C136ADC0E3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1973D39A-2384-4C83-8306-CDAF2A6DC21C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1BB0FBFC-9522-430E-BD26-42CA2F81226C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B49F94E-3A09-44B1-BB63-CAC8BC8DB038}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B745E8D-9F62-4E81-9BA5-BD7E56CCD10A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2EC55CAC-0CB6-4FC3-A5F0-B64BF07F8B77}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4298DF1E-3B19-4BA6-90EC-9F504696809E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4419329A-1D43-43BA-8CFA-65CBD7291A75}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4721C87D-793F-40F7-9404-C3D4DBBB76ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AE261E7-947D-49FE-BF89-86E27DB998A5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4BA2F214-C135-478C-B6D8-47B67AEC0D8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59FB675C-912E-40F0-98F7-D9DA922B4B80}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5FD57F85-455B-47FB-87F0-A7E29B24B808}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{625C3115-D0B4-493E-A711-33B7198B8565}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63BB2211-B497-4AE3-A84C-7E8C47475D92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{65C205C5-0370-4D67-A4AA-B713A6F70A75}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{65DC5794-99D1-401A-AC4A-9BD7AEFC13C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{76D2DDF9-86A4-4A84-9706-73F3B5D26E48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F0E35DD-BB9C-4953-A124-5E034F7583D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{802CBC27-4F86-401D-82A5-AF514DC3A184}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8436F1CB-AE3B-4156-937C-C2611963B2E7}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{9B76C1FD-444A-4A25-ADBA-A040E4262011}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9D84A4B-CB49-4658-A9F0-4FDB31EBADB5}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C7C5D7C6-B4EB-4FDB-B1BB-382A0481722A}" = rport=139 | protocol=6 | dir=out | app=system |
"{CCA66A46-F79E-4B87-8461-21552924F7FC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D32A17F8-90F9-4524-A14E-54659DA623DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D76A98E4-0819-4D27-9619-42AE2E5BD2C1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DACB4C9A-1E0C-4647-9C21-2EA1803B7D0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DDE3523C-741A-457B-BE0A-A5B8FAEC0FEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE05974A-7D9A-4780-8FE8-F1DB5746DDAE}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EA9A80B0-F67E-4B51-A8C4-FFC49153A606}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE085E86-A885-42C4-93D1-B9FBDAA2AFFE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF85514A-79C2-424D-BBF6-5B7383151971}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3097A5E-AF8A-4C82-B9A9-14D181C69A57}" = rport=138 | protocol=17 | dir=out | app=system |
"{F94814EA-26C3-4B89-AF05-247E83F069BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{FED16C73-9515-4AE5-869D-12B566DD69F3}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016B2134-D98A-4690-A8FA-22A218FC453D}" = protocol=6 | dir=out | app=system |
"{0189F9DB-9D4D-4C3A-A855-B33440C3F960}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{0468FCA9-049D-475C-90EA-6F080302979B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05A00FF6-B31F-4035-BF6E-9F5448645A1D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0884EDEC-313C-4DAF-96F1-AF7C4B277EFF}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{0C932AAB-98FB-4D7C-8CB6-DC464815AF6B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0D2AAF12-5369-43A8-90D4-116C97538B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D669416-0B98-4B23-A102-42A739684B32}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{0F8D1CEE-3B47-4657-BBC7-570AD984FA5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{108829EC-26CB-4E9B-8F6F-E0C776D785B4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2AF22DBB-CF48-43AC-B4C6-1EFB4B246B5F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{31CE0AFA-8F4A-4A1F-B2B1-B4F761353CBE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{35F8F8F7-700D-4ABE-8D3D-44E520A24D03}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{3764A66A-9490-4BFD-8D0D-36FE13FF592B}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{4159D56A-2AAC-4A3A-AF3E-2F4B178C901B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47862060-B3B0-406B-9F5A-B49A6522756F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{480955A0-FB26-42C2-8C5B-D1635176EF50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48791E40-D8E6-41CC-B225-7579D6770BDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AA01A74-5CF9-468C-8EC6-D3D7BAE2C8D6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B434496-8F1A-4713-926D-958D7A60EEDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4DF3B702-E932-42FB-8B56-5C4B6C7E5B09}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{50AF535E-95E9-4647-B7A9-A636FDE8A782}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{538A5F58-AA96-4B26-BDDF-42646572C3BB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54F22D59-2434-4265-A0BA-8CDFC3774B9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CE5B8B2-1894-4417-B01B-94CB3806A3B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5E7CB58D-20D9-4EF2-8104-F1C0D5904CEB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{63BDF1BA-824E-4B43-925E-2B1E562F067E}" = protocol=17 | dir=in | app=c:\program files\satellite direct\satellitedirect.exe |
"{6CB92320-3934-4CAA-9549-229B80FCCE25}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{745D32CC-76F9-470B-8E75-31745A3BE4EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79EE4216-B70B-409B-9832-ABA19172FE97}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{7C835CFB-B048-40CF-8203-1728692441ED}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{8496F597-296D-4185-8336-D2D8F624FBCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89864F2E-5C8D-487A-8630-F31681A3053B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{930B3ADF-E474-4481-B013-B7E9FD8E4D56}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{96579E7D-FB3E-4954-A766-EEDCF0333B96}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{99EAA6DC-F9CE-4A56-80B1-A794F304ECE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2262CC7-CD29-413B-92EF-DBFE81620F85}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A58AD0D5-C6DB-45DF-B54D-3755730FA327}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFE36981-C20A-4FB6-AD0A-20ED5E481DB8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C2205038-BAD5-4B49-AE4B-E9A281D9F878}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CBD22530-FED2-4FFA-B7E6-380982F0AB64}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{CCAAA7B5-AC19-48CA-9A8C-E1ED0427370D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE29B67B-F27A-4A6D-9852-F3EBAF46E8D8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D9ACADD3-57B1-4973-80C2-64E8E93DA32B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC9C52F6-F961-4DB0-BF30-8479999C92F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4F52E28-AC0E-4DED-8B9B-1A8F56517405}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F072CC7B-1764-4C99-B875-6FCC8A9CA373}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F973CB45-4427-4652-86DF-4671F91CFE27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FA405F99-5B90-48CE-B830-9640E9D17970}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FC0769E3-DD37-4EB3-98E1-C2F406DBA48F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCE89D52-6A80-495F-A148-50E9476038B1}" = protocol=6 | dir=in | app=c:\program files\satellite direct\satellitedirect.exe |
"{FD7E0312-FAA3-4759-A504-3C28F5824C90}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"TCP Query User{00FDDBB2-1CE1-452C-A9F5-1990A5653422}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2033897D-5979-4075-8E4E-0BAA87268340}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2C647290-3269-466B-973F-508533815495}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{3720ACF6-2CDB-4107-BA01-655179DAA96B}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"TCP Query User{651B7F85-542B-4947-B71C-B54D8B870276}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{6F73B785-CC4F-4751-959E-632681F28CF0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{77BA66B8-565D-4A5D-916D-FB74C5333D8C}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |
"TCP Query User{A6F1BA21-3907-4D3D-8096-D847B3EB5BCA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B1E1B3C4-BFFE-4630-954D-79E1D7048B88}C:\program files\satellite direct\satellitedirect.exe" = protocol=6 | dir=in | app=c:\program files\satellite direct\satellitedirect.exe |
"UDP Query User{0227C5D0-6FCD-4CC8-94DE-70320F67CB85}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1D4A88F9-3662-426F-905A-A4BC757B2D86}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{204C98D6-912D-4BD2-9125-58D5DE369B1A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{2CF5404F-B74F-4D3E-827A-62B102B00F06}C:\program files\satellite direct\satellitedirect.exe" = protocol=17 | dir=in | app=c:\program files\satellite direct\satellitedirect.exe |
"UDP Query User{822EC737-91F6-40D2-9573-419283254556}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |
"UDP Query User{8716F15F-A5AA-4743-AC6F-61C2A3D849C7}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{9CED581C-200E-4689-ACCF-A8DB4178DDBD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B7DBB3AB-616B-48B3-A4CE-7BBD90C67D14}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C742E09B-7C21-45E3-851E-77BEBBB4E5D7}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1AA26528-BDD7-45F2-7B45-54709113E1C7}" = Catalyst Control Center Graphics Light
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{246F6C8F-66A3-4660-9B9E-EEFE73377EB3}" = Skins
"{2491208F-5357-062F-31C6-CD7AF06300E1}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2F703E06-43D9-6867-1387-7D293AA222A7}" = Catalyst Control Center Graphics Full New
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40CB0D72-3B19-9BFE-F1B9-896BC4022145}" = HydraVision
"{41099717-4508-5A0E-7672-5D254C2A372C}" = CCC Help English
"{41F00F2E-00DC-93D3-0DEE-E73C4A16CEEB}" = ccc-utility
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DC4D368-64B4-E266-6D8F-6CB90DF8A3F3}" = ccc-core-static
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745E24A-84A9-4754-9FFD-8FBE12CA0200}" = SolidWorks 2006 SP0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87777496-01BD-4858-B24C-D06C1FBD4009}_is1" = Satellite Direct v4.25.1.0
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{998EAED4-9AA5-6E47-B9EA-3BD1F43B0A33}" = Catalyst Control Center Core Implementation
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A46C4D3C-84D7-5244-BAD5-58BDA56A9B62}" = Catalyst Control Center Graphics Previews Vista
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A99411B5-760D-9035-EA58-B7CAED185446}" = ATI Catalyst Install Manager
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C3495A05-14AF-8FD1-FDA7-7554860BDC8B}" = Catalyst Control Center InstallProxy
"{C8D86898-0316-3CDE-B1DF-D2F260270696}" = Catalyst Control Center Graphics Previews Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F8624263-88D7-4F73-B60D-663C41EC637A}" = ezPaycheck
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE9CD338-1568-A3DF-D9DE-BFF0DE98303A}" = Catalyst Control Center HydraVision Full
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG" = AVG 2011
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBASE PLUS series1 Runtime Engine" = dBASE PLUS Runtime Engine
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"Electric Sheep" = Electric Sheep 2.7b27
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileStream Image Broadway" = FileStream Image Broadway
"Golden" = Golden Records Vinyl to CD Converter
"GOM Player" = GOM Player
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"mv61xxMRU" = Marvell 61xx MRU
"OpenVPN" = UltraVPN
"PayrollMaster_is1" = PayrollMaster
"PROSetDX" = Intel® PRO Network Connections 11.2.0.69
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"TomTom HOME" = TomTom HOME 2.6.2.1586
"UltSounds" = Windows Sound Schemes
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.1
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zulu" = Zulu DJ Software

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2011 4:00:10 AM | Computer Name = Anthony-PC | Source = SPP | ID = 16387
Description =

Error - 3/6/2011 4:00:10 AM | Computer Name = Anthony-PC | Source = System Restore | ID = 8193
Description =

Error - 3/6/2011 4:00:10 AM | Computer Name = Anthony-PC | Source = System Restore | ID = 8210
Description =

Error - 3/6/2011 5:09:25 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/6/2011 5:51:13 PM | Computer Name = Anthony-PC | Source = SPP | ID = 16387
Description =

Error - 3/6/2011 5:51:13 PM | Computer Name = Anthony-PC | Source = System Restore | ID = 8193
Description =

Error - 3/6/2011 5:51:13 PM | Computer Name = Anthony-PC | Source = System Restore | ID = 8210
Description =

Error - 3/6/2011 11:04:22 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/6/2011 11:07:36 PM | Computer Name = Anthony-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5,
exception code 0xc0000005, fault offset 0x00034ca6, process id 0x59c, application
start time 0x01cbdc744d0b0845.

Error - 3/6/2011 11:10:47 PM | Computer Name = Anthony-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5,
exception code 0xc0000005, fault offset 0x00034ca2, process id 0x1400, application
start time 0x01cbdc74d23670f9.

[ Media Center Events ]
Error - 8/19/2009 5:36:54 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/20/2009 5:31:07 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/21/2009 5:36:06 PM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/22/2009 5:42:07 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/28/2010 4:22:44 PM | Computer Name = Anthony-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/12/2010 8:55:06 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/15/2010 8:55:03 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/18/2010 8:55:53 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/19/2010 8:55:03 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/22/2010 8:55:03 AM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 2/27/2011 4:10:58 AM | Computer Name = Anthony-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:59:22 PM on 2/26/2011 was unexpected.

Error - 2/27/2011 4:11:33 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2/28/2011 7:37:51 PM | Computer Name = Anthony-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:20:44 PM on 2/28/2011 was unexpected.

Error - 2/28/2011 7:38:11 PM | Computer Name = Anthony-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.112 for the Network Card with network
address 001CC08A8C04 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/28/2011 7:39:00 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2/28/2011 11:39:18 PM | Computer Name = Anthony-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:23:26 PM on 2/28/2011 was unexpected.

Error - 2/28/2011 11:40:58 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/1/2011 6:32:37 PM | Computer Name = Anthony-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001CC08A8C04 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2011 5:09:26 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/6/2011 11:04:22 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:44 AM

Posted 07 March 2011 - 08:20 AM

Hi again amroczka6404!!.. :)

Ok, the rootkit infection has been removed... There are still some things to do, though...

You pasted the Extras.txt logfile twice... I need to see the OTL.txt logfile, please paste it in your next reply - you'll probably find the log in the same directory you ran OTL.exe from (C:\Users\Anthony\Downloads)...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 amroczka6404

amroczka6404
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 07 March 2011 - 11:06 AM

OTL logfile created on: 3/6/2011 7:12:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Anthony\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 9.68 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 39.90 Gb Free Space | 17.13% Space Free | Partition Type: NTFS
Drive H: | 3.68 Gb Total Space | 3.41 Gb Free Space | 92.75% Space Free | Partition Type: FAT32

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/06 18:59:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony\Downloads\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/08 02:38:14 | 000,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/04/08 02:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/05 15:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 05:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/10/19 06:13:01 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2006/08/09 19:46:16 | 000,114,688 | ---- | M] () -- C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/03/06 18:59:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony\Downloads\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 08:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/03/29 04:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/04/08 02:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/19 05:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/17 00:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2008/04/07 05:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/20 18:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/19 06:13:01 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/08/09 19:46:16 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe -- (Marvell RAID)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/04 11:41:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/01/03 21:09:08 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)
DRV - [2009/04/10 20:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/02/19 05:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/20 20:54:08 | 003,928,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/08/20 20:54:08 | 003,928,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/31 14:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/03/25 17:15:30 | 004,137,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/10/19 06:15:51 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/10/19 06:13:04 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/17 11:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 12:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 12:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 12:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/11/13 21:36:00 | 000,077,312 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2006/11/01 23:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/11/05 07:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {546076F5-592A-4F99-A597-2B529F9164C8}:1.9.1
FF - prefs.js..extensions.enabledItems: {FF20E45E-7CB5-4220-882B-A04EA1D7944A}:1.9.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d66fcdb&v=6.011.025.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "222.181.55.56"
FF - prefs.js..network.proxy.http_port: 8080


FF - HKLM\software\mozilla\Firefox\Extensions\\{546076F5-592A-4F99-A597-2B529F9164C8}: C:\Windows\system32\config\systemprofile\AppData\Local\{546076F5-592A-4F99-A597-2B529F9164C8}\ [2011/02/02 17:01:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}: C:\Users\Anthony\AppData\Local\{FF20E45E-7CB5-4220-882B-A04EA1D7944A} [2011/02/08 23:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/24 16:49:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/02/24 16:50:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 13:09:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 13:09:46 | 000,000,000 | ---D | M]

[2010/02/12 04:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions
[2009/05/07 15:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/02/12 04:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/06 19:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\extensions
[2010/07/23 13:57:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/23 13:57:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/12 16:36:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2008/09/22 19:10:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/02/24 14:17:31 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\extensions\toolbar@ask.com
[2010/08/04 11:42:30 | 000,002,059 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\searchplugins\daemon-search.xml
[2011/03/06 13:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 09:30:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/24 16:49:54 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/02/24 16:50:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/02/08 23:09:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ANTHONY\APPDATA\LOCAL\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}
[2011/02/02 17:01:48 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{546076F5-592A-4F99-A597-2B529F9164C8}
[2010/04/12 13:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/02 19:19:54 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/02/23 22:02:42 | 000,430,015 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14804 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{605f851e-9c15-11de-a388-001cc08a8c04}\Shell - "" = AutoRun
O33 - MountPoints2\{605f851e-9c15-11de-a388-001cc08a8c04}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e7a6f828-f60a-11de-a063-001cc08a8c04}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{e7a6f828-f60a-11de-a063-001cc08a8c04}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{e7a6f828-f60a-11de-a063-001cc08a8c04}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
O33 - MountPoints2\{e7a6f828-f60a-11de-a063-001cc08a8c04}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
O33 - MountPoints2\{ef6443d1-8532-11dd-96a6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef6443d1-8532-11dd-96a6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/06 12:56:46 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Malwarebytes
[2011/03/06 12:56:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/06 12:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/06 12:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/06 12:56:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/06 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/28 22:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner Free
[2011/02/28 22:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2011/02/28 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/28 21:36:12 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/28 21:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/02/28 21:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/24 22:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011/02/24 22:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2011/02/24 16:51:31 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\AVG Security Toolbar
[2011/02/24 16:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/02/24 16:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/24 16:49:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/02/24 12:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/02/23 19:15:51 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\AVG10
[2011/02/23 19:14:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/23 19:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/23 19:06:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/02/23 18:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/23 17:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/23 17:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/23 17:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/22 16:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/02/22 16:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/02/08 23:09:15 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}
[2009/12/29 16:55:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Anthony\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/03/06 19:09:55 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/06 19:09:55 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/06 19:04:06 | 000,000,162 | ---- | M] () -- C:\Windows\System32\61xx.xml
[2011/03/06 19:03:50 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/06 19:03:50 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/06 19:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/06 19:03:26 | 3487,297,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 18:22:39 | 107,942,453 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/06 12:56:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/05 14:55:59 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/04 20:10:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/03/01 21:38:37 | 000,002,527 | ---- | M] () -- C:\Users\Anthony\Desktop\HiJackThis.lnk
[2011/03/01 20:58:11 | 000,624,128 | ---- | M] () -- C:\Users\Anthony\Desktop\dds.scr
[2011/03/01 20:50:38 | 000,296,448 | ---- | M] () -- C:\Users\Anthony\Desktop\gph72y82.exe
[2011/02/28 22:10:35 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/02/28 22:10:35 | 000,000,974 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/02/28 22:10:35 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/02/28 21:31:36 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/24 16:50:28 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/24 12:22:53 | 000,000,926 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/02/24 12:22:53 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2011/02/23 22:02:42 | 000,430,015 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/23 22:01:34 | 000,028,160 | ---- | M] () -- C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 17:36:06 | 000,004,638 | ---- | M] () -- C:\Windows\wininit.ini
[2011/02/23 17:35:10 | 000,010,974 | -HS- | M] () -- C:\Users\Anthony\AppData\Local\4052367242
[2011/02/23 17:35:10 | 000,010,974 | -HS- | M] () -- C:\ProgramData\4052367242
[2011/02/23 17:09:05 | 000,001,079 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/23 17:09:05 | 000,001,055 | ---- | M] () -- C:\Users\Anthony\Desktop\Spybot - Search & Destroy.lnk
[2011/02/22 17:06:57 | 000,000,000 | ---- | M] () -- C:\Users\Anthony\AppData\Local\Qzececeweweciq.bin
[2011/02/22 17:06:56 | 000,000,120 | ---- | M] () -- C:\Users\Anthony\AppData\Local\Cnuxid.dat
[2011/02/20 23:36:59 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/02/20 23:36:59 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/02/11 15:39:13 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

========== Files Created - No Company Name ==========

[2011/03/06 18:22:39 | 107,942,453 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/06 12:56:37 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/01 20:58:10 | 000,624,128 | ---- | C] () -- C:\Users\Anthony\Desktop\dds.scr
[2011/03/01 20:50:36 | 000,296,448 | ---- | C] () -- C:\Users\Anthony\Desktop\gph72y82.exe
[2011/02/28 22:10:35 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/02/28 22:10:35 | 000,000,974 | ---- | C] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/02/28 22:10:35 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/02/28 21:36:12 | 000,002,527 | ---- | C] () -- C:\Users\Anthony\Desktop\HiJackThis.lnk
[2011/02/28 21:31:36 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/24 22:35:49 | 000,001,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2011/02/24 16:50:28 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/23 17:38:19 | 3487,297,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/23 17:35:49 | 000,004,638 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/23 17:09:05 | 000,001,079 | ---- | C] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/23 17:09:05 | 000,001,055 | ---- | C] () -- C:\Users\Anthony\Desktop\Spybot - Search & Destroy.lnk
[2011/02/22 16:52:30 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/22 16:52:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/22 16:52:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/02/22 16:51:42 | 000,010,974 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\4052367242
[2011/02/22 16:51:42 | 000,010,974 | -HS- | C] () -- C:\ProgramData\4052367242
[2011/02/11 14:55:05 | 000,000,120 | ---- | C] () -- C:\Users\Anthony\AppData\Local\Cnuxid.dat
[2011/02/11 14:55:05 | 000,000,000 | ---- | C] () -- C:\Users\Anthony\AppData\Local\Qzececeweweciq.bin
[2011/01/17 17:39:41 | 000,114,688 | ---- | C] () -- C:\Windows\System32\wpe.dll
[2010/11/17 08:28:34 | 000,000,006 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\completescan
[2010/11/17 08:15:51 | 000,000,010 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\install
[2010/08/04 12:01:48 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/07/11 15:32:21 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/07/11 15:32:21 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/06/21 14:40:22 | 000,181,388 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/02/23 23:52:33 | 000,179,200 | ---- | C] () -- C:\Windows\System32\Un_dPLUSr.dll
[2009/12/29 16:55:28 | 000,087,608 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\inst.exe
[2009/12/29 16:55:28 | 000,007,887 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\pcouffin.cat
[2009/12/29 16:55:28 | 000,001,144 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\pcouffin.inf
[2009/12/29 02:29:49 | 000,000,042 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\default.pls
[2009/12/29 01:51:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/27 13:53:06 | 000,023,888 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\UserTile.png
[2009/09/10 15:52:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 15:52:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 15:52:06 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/03 12:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 12:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/26 19:49:01 | 000,000,051 | ---- | C] () -- C:\Windows\dxximx.dll
[2009/04/26 19:49:01 | 000,000,038 | ---- | C] () -- C:\Windows\dxximx.dll.exe
[2008/10/06 18:16:44 | 000,002,032 | ---- | C] () -- C:\Users\Anthony\AppData\Local\d3d9caps.dat
[2008/09/18 21:27:42 | 000,028,160 | ---- | C] () -- C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/18 09:52:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/09/17 17:56:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/09/17 17:28:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/17 04:23:36 | 000,174,818 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/06/02 23:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/05 20:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/01/20 18:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/10/25 13:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/08/21 17:51:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2007/08/21 15:36:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2006/11/02 04:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:46:27 | 000,396,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/17 22:53:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2006/06/07 22:27:18 | 000,047,430 | ---- | C] () -- C:\Windows\php.ini
[2004/02/20 12:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll
[2003/12/08 20:08:20 | 002,539,520 | ---- | C] () -- C:\Windows\System32\Bbgspdf.dll
[2003/12/02 09:39:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\InstallPrinter.dll
[2003/01/30 02:04:00 | 000,618,496 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2003/06/19 11:05:04 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/06/19 11:05:04 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/09/17 10:35:51 | 000,000,192 | -H-- | M] () -- C:\Boot.BAK
[2008/09/17 20:35:09 | 000,000,336 | RHS- | M] () -- C:\Boot.ini.saved
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/09/17 20:35:10 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/02/02 18:14:06 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/06 19:03:26 | 3487,297,536 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/17 10:38:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/17 10:38:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/17 11:15:44 | 000,034,724 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/17 11:15:44 | 000,214,432 | RHS- | M] () -- C:\ntldr
[2011/03/06 19:03:21 | 3800,985,600 | -HS- | M] () -- C:\pagefile.sys
[2009/01/27 12:52:02 | 000,000,172 | ---- | M] () -- C:\sigmatel.log
[2011/03/06 19:01:39 | 000,063,466 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_06.03.2011_19.00.21_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-16 11:01:30

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Users\Public\Documents\p2.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Public\Documents\p1.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Public\Documents\agree.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Anthony\Documents\p2.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Anthony\Documents\p1.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Anthony\Desktop\rxcbc.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Anthony\Desktop\agree.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAC2F271

< End of report >

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:44 AM

Posted 07 March 2011 - 12:29 PM

Hi again amroczka6404!!.. :)

Note: with the script below, I'm removing the following proxy settings in Firefox:
FF - prefs.js..network.proxy.http: "222.181.55.56"
FF - prefs.js..network.proxy.http_port: 8080


That IP address points to China, so it's highly suspicious to me... However, if it was set by you on purpose, remove those 2 lines (and only them) above from the script below or wait for my reply so that I can amend the script...

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - prefs.js..extensions.enabledItems: {546076F5-592A-4F99-A597-2B529F9164C8}:1.9.1
    FF - prefs.js..extensions.enabledItems: {FF20E45E-7CB5-4220-882B-A04EA1D7944A}:1.9.1
    FF - prefs.js..network.proxy.http: "222.181.55.56"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - HKLM\software\mozilla\Firefox\Extensions\\{546076F5-592A-4F99-A597-2B529F9164C8}: C:\Windows\system32\config\systemprofile\AppData\Local\{546076F5-592A-4F99-A597-2B529F9164C8}\ [2011/02/02 17:01:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}: C:\Users\Anthony\AppData\Local\{FF20E45E-7CB5-4220-882B-A04EA1D7944A} [2011/02/08 23:09:16 | 000,000,000 | ---D | M]
    [2010/08/04 11:42:30 | 000,002,059 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\searchplugins\daemon-search.xml
    [2011/02/08 23:09:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ANTHONY\APPDATA\LOCAL\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}
    [2011/02/02 17:01:48 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{546076F5-592A-4F99-A597-2B529F9164C8}
    [2011/02/02 19:19:54 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O9 - Extra Button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - File not found
    [2011/02/22 16:51:42 | 000,010,974 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\4052367242
    [2011/02/22 16:51:42 | 000,010,974 | -HS- | C] () -- C:\ProgramData\4052367242
    [2011/02/11 14:55:05 | 000,000,120 | ---- | C] () -- C:\Users\Anthony\AppData\Local\Cnuxid.dat
    [2011/02/11 14:55:05 | 000,000,000 | ---- | C] () -- C:\Users\Anthony\AppData\Local\Qzececeweweciq.bin
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please scan your computer with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 amroczka6404

amroczka6404
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 07 March 2011 - 06:44 PM

All processes killed
========== OTL ==========
Prefs.js: {546076F5-592A-4F99-A597-2B529F9164C8}:1.9.1 removed from extensions.enabledItems
Prefs.js: {FF20E45E-7CB5-4220-882B-A04EA1D7944A}:1.9.1 removed from extensions.enabledItems
Prefs.js: "222.181.55.56" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{546076F5-592A-4F99-A597-2B529F9164C8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{546076F5-592A-4F99-A597-2B529F9164C8}\ not found.
C:\Windows\system32\config\systemprofile\AppData\Local\{546076F5-592A-4F99-A597-2B529F9164C8}\chrome\content folder moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\{546076F5-592A-4F99-A597-2B529F9164C8}\chrome folder moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\{546076F5-592A-4F99-A597-2B529F9164C8} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FF20E45E-7CB5-4220-882B-A04EA1D7944A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}\ not found.
C:\Users\Anthony\AppData\Local\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}\chrome\content folder moved successfully.
C:\Users\Anthony\AppData\Local\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}\chrome folder moved successfully.
C:\Users\Anthony\AppData\Local\{FF20E45E-7CB5-4220-882B-A04EA1D7944A} folder moved successfully.
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\c52o2jff.default\searchplugins\daemon-search.xml moved successfully.
Folder C:\USERS\ANTHONY\APPDATA\LOCAL\{FF20E45E-7CB5-4220-882B-A04EA1D7944A}\ not found.
Folder C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{546076F5-592A-4F99-A597-2B529F9164C8}\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ deleted successfully.
C:\Users\Anthony\AppData\Local\4052367242 moved successfully.
C:\ProgramData\4052367242 moved successfully.
C:\Users\Anthony\AppData\Local\Cnuxid.dat moved successfully.
C:\Users\Anthony\AppData\Local\Qzececeweweciq.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anthony
->Temp folder emptied: 23894446 bytes
->Temporary Internet Files folder emptied: 4563260 bytes
->Java cache emptied: 51241563 bytes
->FireFox cache emptied: 64787102 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2815581 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 47835602 bytes
->Temporary Internet Files folder emptied: 1595376 bytes
->Java cache emptied: 13690431 bytes
->FireFox cache emptied: 79455174 bytes
->Flash cache emptied: 2371 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 359424 bytes
RecycleBin emptied: 696590 bytes

Total Files Cleaned = 277.00 mb


[EMPTYFLASH]

User: All Users

User: Anthony
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03072011_130531

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


















ESET SCAN:

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\10a11793-1f51b96a a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\d6429c3-518b3db1 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\38e85eb0-15f0573e a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\33af523f-26d62d0b a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
F:\PROGRAMS\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso Win32/Toolbar.AskSBar application deleted - quarantined
F:\PROGRAMS\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
F:\PROGRAMS\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application deleted - quarantined

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:44 AM

Posted 08 March 2011 - 10:48 AM

Hi again amroczka6404!!.. :)

That looks much better!!.. Does any problem remain??..

Please do the following:

Firstly,
Your scan showed one of more viruses in your Sun Java Runtime Environment (JRE) cache. Delete those by clearing the JRE cache.
To clear the Java Runtime Environment (JRE) cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
    -The Java Control Panel appears.
  • Click Settings under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    -The Delete Temporary Files dialog box appears.
    -There are two options on this window to clear the cache.
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.
  • Close the Java Control Panel

Secondly,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 9.2 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 20

Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 6 Update 24".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe that you downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Thirdly,
Please run a fresh scan with DDS (links and instructions in the FAQ) - post the DDS.txt in your reply (no need for Attach.txt, though!)... Please also let me know if any problem remains!.. :)
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 amroczka6404

amroczka6404
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 08 March 2011 - 03:55 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Anthony at 12:54:36.81 on Tue 03/08/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1661 [GMT -8:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Anthony\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {0483894E-2422-45E0-8384-021AFF1AF3CD} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTUxMzk3NjQzLVQxLVU4NSsxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNMTFDKzEtVVBHKzIwMTEtRjhNMTFFKzE"&"prod=90"&"ver=10.0.1204
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=GRfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\c52o2jff.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d66fcdb&v=6.011.025.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\users\anthony\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\anthony\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\c52o2jff.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: GOM Player + Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2006-11-13 77312]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-11 233472]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\61xx\svc\mvraidsvc.exe [2006-8-9 114688]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-23 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-11 36608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-2-24 517448]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-03-07 21:11:53 -------- d-----w- c:\program files\ESET
2011-03-07 21:05:31 -------- d-----w- C:\_OTL
2011-03-07 07:25:17 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-03-07 07:24:59 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-03-06 20:56:46 -------- d-----w- c:\users\anthony\appdata\roaming\Malwarebytes
2011-03-06 20:56:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 20:56:36 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-06 20:56:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 20:56:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-01 06:10:33 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-03-01 05:36:13 388096 ----a-r- c:\users\anthony\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-01 05:36:12 -------- d-----w- c:\program files\Trend Micro
2011-03-01 05:31:35 -------- d-----w- c:\program files\CCleaner
2011-02-25 06:35:24 -------- d-----w- c:\program files\Cisco Systems
2011-02-25 06:30:15 -------- d-----w- c:\progra~2\Cisco Systems
2011-02-25 00:51:31 -------- d-----w- c:\users\anthony\appdata\local\AVG Security Toolbar
2011-02-25 00:50:34 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-02-25 00:49:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-25 00:49:16 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{98cb521b-84c6-427c-a884-132287d6bcd1}\mpengine.dll
2011-02-24 20:23:12 -------- d-----w- c:\program files\Ask.com
2011-02-24 03:15:51 -------- d-----w- c:\users\anthony\appdata\roaming\AVG10
2011-02-24 03:14:54 -------- d--h--w- c:\progra~2\Common Files
2011-02-24 03:13:22 -------- d-----w- c:\progra~2\AVG10
2011-02-24 03:06:44 -------- d--h--w- C:\$AVG
2011-02-24 02:58:49 -------- d-----w- c:\progra~2\MFAData
2011-02-24 01:08:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-24 01:08:57 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-23 00:52:30 815104 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-23 00:52:30 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-23 00:52:30 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-23 00:52:30 -------- d-----w- c:\program files\Xvid

==================== Find3M ====================

2011-03-08 20:49:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-18 01:39:41 114688 ----a-w- c:\windows\system32\wpe.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

============= FINISH: 12:55:12.84 ===============

#14 amroczka6404

amroczka6404
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 08 March 2011 - 03:58 PM

seems to me that the malware/viruses are gone now. Thank you so much! However, im getting this message of windows explorer having unexpected shutdown and then it restarts. This happened to me about 5 time while doing what you told me in your last post. What could b causing this?

#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:44 AM

Posted 09 March 2011 - 05:20 AM

Hi again amroczka6404!!.. :)

seems to me that the malware/viruses are gone now. Thank you so much!

:thumbup2:

However, im getting this message of windows explorer having unexpected shutdown and then it restarts.

Hmmm, there is no clear answer for that, let's try this first:

Run the System File Checker (SFC) as instructed:
- open an elevated command prompt,
- and execute this command: sfc /scannow

Let me know if the problem still appears...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users