View Full Version : dynamet problem
I keep getting pop ups and banners showing ads from dymanet. Would apprecaite any help on offer, here is my HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:43:33 PM, on 25/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Graham\Desktop\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdFirewall] C:\Program Files\AdFirewall\AdFirewall.exe -Startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c985f3866ccc10) (gupdate1c985f3866ccc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 10063 bytes
Hello and :welcome: to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
1 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
2 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
Thanks peku006
Logfile of random's system information tool 1.06 (written by random/random)
Run by Graham at 2010-04-28 21:35:02
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 78 GB (54%) free of 145 GB
Total RAM: 893 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:39 PM, on 28/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Graham\Desktop\RSIT.exe
C:\Program Files\trend micro\Graham.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdFirewall] C:\Program Files\AdFirewall\AdFirewall.exe -Startup -AutoScan
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c985f3866ccc10) (gupdate1c985f3866ccc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 9254 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-22 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"NDSTray.exe"=NDSTray.exe []
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-15 102400]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-30 411192]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-08 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-06-16 448080]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-23 538744]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-05-23 413696]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-29 1086856]
"AdFirewall"=C:\Program Files\AdFirewall\AdFirewall.exe [2010-04-26 878592]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"TOSCDSPD"=TOSCDSPD.EXE []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-22 39408]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []
"S60 PC Suite Tray"=C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe [2008-12-06 699392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-14 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-11 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYTIEM]
C:\Users\Graham\AppData\Local\Temp\csrss.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5226556b-6066-11de-9965-00a0d19c58a0}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2b96596-1758-11df-8a5c-00a0d19c58a0}]
shell\AutoRun\command - E:\Setup.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-04-28 21:35:05 ----D---- C:\Program Files\trend micro
2010-04-28 21:35:02 ----D---- C:\rsit
2010-04-25 13:59:26 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-04-25 13:57:26 ----D---- C:\Users\Graham\AppData\Roaming\SUPERAntiSpyware.com
2010-04-25 13:57:26 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-24 15:22:40 ----A---- C:\Windows\system32\nshhttp.dll
2010-04-24 15:22:38 ----A---- C:\Windows\system32\httpapi.dll
2010-04-24 15:12:37 ----A---- C:\Windows\system32\vbscript.dll
2010-04-24 15:12:34 ----A---- C:\Windows\system32\cabview.dll
2010-04-24 15:12:26 ----A---- C:\Windows\system32\mshtml.dll
2010-04-24 15:12:25 ----A---- C:\Windows\system32\iertutil.dll
2010-04-24 15:12:25 ----A---- C:\Windows\system32\ieframe.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\wininet.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\urlmon.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\occache.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\mstime.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\msfeeds.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\iedkcs32.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\msfeedssync.exe
2010-04-24 15:12:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\jsproxy.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\ieUnatt.exe
2010-04-24 15:12:23 ----A---- C:\Windows\system32\ieui.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\iesysprep.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\iesetup.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\iernonce.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\iepeers.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\ie4uinit.exe
2010-04-24 15:12:13 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-24 15:12:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-24 15:12:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-24 15:11:18 ----A---- C:\Windows\system32\wintrust.dll
2010-04-24 15:11:11 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-04-24 15:11:11 ----A---- C:\Windows\system32\RMActivate.exe
2010-04-24 15:11:08 ----A---- C:\Windows\system32\secproc_isv.dll
2010-04-24 15:11:08 ----A---- C:\Windows\system32\secproc.dll
2010-04-24 15:11:08 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-04-24 15:11:08 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-04-24 15:11:03 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-04-24 15:11:03 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-04-24 15:11:03 ----A---- C:\Windows\system32\msdrm.dll
2010-04-24 15:10:58 ----A---- C:\Windows\system32\quartz.dll
2010-04-24 15:10:58 ----A---- C:\Windows\system32\msyuv.dll
2010-04-24 15:10:58 ----A---- C:\Windows\system32\msvidc32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\tsbyuv.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\msvfw32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\msrle32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\mciavi32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\iyuv_32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\avifil32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\avicap32.dll
2010-04-24 15:10:51 ----A---- C:\Windows\system32\winhttp.dll
2010-04-24 15:10:48 ----A---- C:\Windows\system32\jscript.dll
2010-04-24 15:10:46 ----A---- C:\Windows\system32\msxml6.dll
2010-04-24 15:10:45 ----A---- C:\Windows\system32\msxml3.dll
2010-04-24 15:10:41 ----A---- C:\Windows\system32\t2embed.dll
2010-04-24 15:10:41 ----A---- C:\Windows\system32\fontsub.dll
2010-04-24 15:10:30 ----A---- C:\Windows\system32\tzres.dll
2010-04-24 15:09:55 ----A---- C:\Windows\system32\rastls.dll
2010-04-24 15:09:55 ----A---- C:\Windows\system32\raschap.dll
2010-04-24 15:09:49 ----A---- C:\Windows\system32\WSDApi.dll
2010-04-24 14:59:06 ----A---- C:\Windows\system32\wmp.dll
2010-04-24 14:59:05 ----A---- C:\Windows\system32\unregmp2.exe
2010-04-24 14:58:55 ----A---- C:\Windows\system32\wmploc.DLL
2010-04-22 16:47:44 ----D---- C:\ProgramData\SlySoft
2010-04-22 16:41:17 ----D---- C:\Program Files\SlySoft
2010-04-21 23:36:03 ----D---- C:\Program Files\AdFirewall
2010-04-21 22:56:23 ----A---- C:\Windows\ntbtlog.txt
2010-04-20 21:44:23 ----D---- C:\Users\Graham\AppData\Roaming\iTunes Agent
2010-04-20 21:30:46 ----D---- C:\Users\Graham\AppData\Roaming\Jaran Nilsen
2010-04-20 21:30:26 ----D---- C:\Program Files\iTunes Agent
2010-04-20 18:29:32 ----D---- C:\ProgramData\PC Suite
2010-04-20 18:29:27 ----D---- C:\Users\Graham\AppData\Roaming\PC Suite
2010-04-20 18:09:31 ----D---- C:\Users\Graham\AppData\Roaming\Samsung
2010-04-20 18:05:26 ----D---- C:\Program Files\Common Files\PCSuite
2010-04-20 17:41:32 ----D---- C:\Program Files\DIFX
2010-04-20 17:39:16 ----D---- C:\Program Files\PC Connectivity Solution
2010-04-20 17:34:51 ----D---- C:\Program Files\Samsung
2010-04-20 08:10:42 ----D---- C:\Program Files\JRE
2010-04-19 22:40:10 ----D---- C:\Users\Graham\AppData\Roaming\Malwarebytes
2010-04-19 22:39:47 ----D---- C:\ProgramData\Malwarebytes
2010-04-19 22:39:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-19 20:36:17 ----A---- C:\Windows\system32\javaws.exe
2010-04-19 20:36:17 ----A---- C:\Windows\system32\javaw.exe
2010-04-19 20:36:16 ----A---- C:\Windows\system32\java.exe
2010-04-18 13:59:07 ----D---- C:\Windows\Sun
2010-04-11 15:16:33 ----D---- C:\Program Files\FrostWire
2010-04-11 15:11:41 ----D---- C:\Program Files\Incomplete
2010-04-02 05:50:43 ----D---- C:\ProgramData\Sun
======List of files/folders modified in the last 1 months======
2010-04-28 21:35:18 ----D---- C:\Windows\Prefetch
2010-04-28 21:35:11 ----D---- C:\Windows\Temp
2010-04-28 21:35:05 ----RD---- C:\Program Files
2010-04-28 20:38:49 ----SHD---- C:\System Volume Information
2010-04-28 16:08:31 ----D---- C:\Windows\Tasks
2010-04-26 14:17:22 ----D---- C:\Windows\system32\drivers
2010-04-26 14:06:46 ----AD---- C:\Windows\System32
2010-04-26 14:03:36 ----AD---- C:\Windows
2010-04-26 14:03:31 ----D---- C:\ProgramData\avg9
2010-04-26 14:03:29 ----HD---- C:\ProgramData
2010-04-26 07:18:05 ----HD---- C:\Config.Msi
2010-04-25 19:22:37 ----D---- C:\Program Files\Yahoo!
2010-04-25 19:21:22 ----SHD---- C:\Windows\Installer
2010-04-25 19:21:21 ----D---- C:\Program Files\Common Files
2010-04-25 19:18:49 ----D---- C:\Program Files\HP
2010-04-25 19:16:58 ----D---- C:\Program Files\Juice
2010-04-25 16:25:32 ----D---- C:\Users\Graham\AppData\Roaming\FrostWire
2010-04-25 14:04:35 ----D---- C:\Windows\system32\catroot2
2010-04-24 16:16:05 ----D---- C:\Windows\winsxs
2010-04-24 16:15:30 ----D---- C:\Windows\rescache
2010-04-24 15:48:30 ----D---- C:\Windows\system32\catroot
2010-04-24 15:46:10 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-24 15:43:32 ----D---- C:\Program Files\Internet Explorer
2010-04-24 15:43:31 ----D---- C:\Windows\system32\migration
2010-04-24 15:43:31 ----D---- C:\Program Files\Windows Mail
2010-04-24 15:43:31 ----D---- C:\Program Files\Movie Maker
2010-04-24 15:43:29 ----D---- C:\Windows\system32\en-US
2010-04-24 15:43:26 ----D---- C:\Program Files\Windows Media Player
2010-04-24 15:43:25 ----RSD---- C:\Windows\Fonts
2010-04-24 15:37:27 ----D---- C:\ProgramData\Microsoft Help
2010-04-24 15:29:46 ----D---- C:\Windows\Debug
2010-04-21 23:20:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-04-21 19:04:54 ----D---- C:\Users\Graham\AppData\Roaming\GetRightToGo
2010-04-20 23:11:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-20 23:11:53 ----D---- C:\Windows\inf
2010-04-20 17:41:29 ----DC---- C:\Windows\system32\DRVSTORE
2010-04-20 17:32:57 ----D---- C:\ProgramData\Installations
2010-04-20 08:24:02 ----D---- C:\Users\Graham\AppData\Roaming\OpenOffice.org
2010-04-20 08:10:36 ----D---- C:\Program Files\OpenOffice.org 3
2010-04-20 07:49:08 ----D---- C:\Users\Graham\AppData\Roaming\ZoomBrowser EX
2010-04-20 07:48:52 ----D---- C:\Users\Graham\AppData\Roaming\CameraWindowDC
2010-04-19 20:49:21 ----RSD---- C:\Windows\assembly
2010-04-19 20:35:03 ----D---- C:\Program Files\Java
2010-04-19 06:11:50 ----D---- C:\Users\Graham\AppData\Roaming\Skype
2010-04-19 06:05:19 ----D---- C:\Users\Graham\AppData\Roaming\skypePM
2010-04-09 07:03:03 ----D---- C:\Program Files\Google
2010-04-06 10:52:56 ----A---- C:\Windows\system32\mrt.exe
2010-04-03 10:44:32 ----D---- C:\Program Files\Mozilla Firefox
2010-04-02 05:50:39 ----D---- C:\Program Files\Common Files\Java
2010-04-01 00:00:31 ----D---- C:\Windows\system32\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AdFirewall;AdFirewall Driver; \??\C:\Windows\system32\drivers\AdFirewall.SYS [2010-04-26 44032]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-01-02 26024]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-25 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-04-07 104768]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 737280]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 2929664]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-21 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-15 190384]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-19 16128]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-17 11776]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 nmwcdsa;Samsung USB Phone Parent; C:\Windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
S3 nmwcdsac;Samsung USB Generic; C:\Windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
S3 nmwcdsacj;Samsung USB Port; C:\Windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
S3 nmwcdsacm;Samsung USB Modem; C:\Windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SndTAudio;SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [2010-02-18 23096]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-24 9216]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-19 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 wrssweep;Webroots Volume Access Driver; \??\C:\Program Files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-27 610304]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-15 40960]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-08-02 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-26 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2007-03-30 427576]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 125048]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-24 49152]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c985f3866ccc10;Google Update Service (gupdate1c985f3866ccc10); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 190448]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 STSService;STSService; C:\Program Files\SoundTaxi Media Suite\STSService.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
-----------------EOF-----------------
here is the other file thanks
info.txt logfile of random's system information tool 1.06 2010-04-28 21:35:46
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
AdFirewall 4.6.4-->"C:\Program Files\AdFirewall\unins000.exe"
AdFirewall 4.6.6-->"C:\Program Files\AdFirewall\unins001.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{922E8525-AC7E-4294-ACAA-43712D4423C0}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Business Contact Manager for Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP2-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Catalyst Control Center - Branding-->MsiExec.exe /I{22543949-70E8-45D0-A938-F38143EB8BF8}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\SETUP.exe -runfromtemp -l0x0009 -removeonly
CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
D-i-v-X AVI Codec Pack Pro 2.2.0-->C:\Windows\system32\C2MP\Uninst.exe
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\SETUP.EXE" -l0x9
Eraser 5.3-->C:\Windows\system32\stuninstall.exe C:\Program Files\Eraser\uninstall.dat
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
FrostWire 4.20.3-->C:\Program Files\FrostWire\Uninstall.exe
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}\setup\hpzscr01.exe -datfile hposcr44.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018F0}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NASA World Wind 1.4-->"C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
Samsung PC Studio 7-->C:\ProgramData\Installations\{AB6F6C80-1C35-4672-BDEF-F26FF214C409}\Samsung PC Studio 7.2.24.9.exe
Samsung PC Studio 7-->MsiExec.exe /I{AB6F6C80-1C35-4672-BDEF-F26FF214C409}
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\SETUP.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\SETUP.EXE -runfromtemp -l0x0409
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}\setup.exe" -l0x9
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb981433)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}
USB File Transfer 1.11A-->C:\Windows\IsUninst.exe -f"C:\Program Files\Genesys Logic\USB File Transfer 1.11A\Uninst.isu" -c"C:\Program Files\Genesys Logic\USB File Transfer 1.11A\uninst.dll"
Window Washer-->C:\Windows\Unwash6.exe
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo!7 Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo!7 Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Security center information======
AS: Spybot - Search and Destroy (outdated)
AS: Windows Defender
======System event log======
Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Bus/Interconnect Error
Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 3
Transaction Type: N/A
Processor Participation: Generic
Request Type: Data Read
Memory/Io: I/O
Memory Hierarchy Level: Level 0
Timeout: No
Record Number: 223764
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428094136.008200-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Memory Hierarchy Error
Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 0
Transaction Type: Data
Processor Participation: N/A
Request Type: Evict
Memory/Io: N/A
Memory Hierarchy Level: Level 1
Timeout: N/A
Record Number: 223771
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428110111.459200-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Bus/Interconnect Error
Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 1
Transaction Type: N/A
Processor Participation: Generic
Request Type: 14
Memory/Io: Generic
Memory Hierarchy Level: Generic
Timeout: No
Record Number: 223777
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428110208.355800-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Bus/Interconnect Error
Processor ID Valid: Yes
Processor ID: 0x0
Bank Number: 2
Transaction Type: N/A
Processor Participation: Generic
Request Type: Generic Read
Memory/Io: Generic
Memory Hierarchy Level: Level 0
Timeout: No
Record Number: 223778
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428110307.167800-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Bus/Interconnect Error
Processor ID Valid: Yes
Processor ID: 0x0
Bank Number: 3
Transaction Type: N/A
Processor Participation: Generic
Request Type: Data Read
Memory/Io: I/O
Memory Hierarchy Level: Level 0
Timeout: No
Record Number: 223779
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428110408.007800-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
=====Application event log=====
Computer Name: Graham-PC
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Record Number: 36180
Source Name: SQLBrowser
Time Written: 20100426060714.000000-000
Event Type: Warning
User:
Computer Name: Graham-PC
Event Code: 1002
Message: The program WinRAR.exe version 3.71.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 218 Start Time: 01cae5c474a77250 Termination Time: 4
Record Number: 36210
Source Name: Application Hang
Time Written: 20100427044850.000000-000
Event Type: Error
User:
Computer Name: Graham-PC
Event Code: 1002
Message: The program firefox.exe version 1.9.2.3743 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: dc0 Start Time: 01cae59299a6ecc0 Termination Time: 238
Record Number: 36217
Source Name: Application Hang
Time Written: 20100427045301.000000-000
Event Type: Error
User:
Computer Name: Graham-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 36226
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100427085808.000000-000
Event Type: Error
User:
Computer Name: Graham-PC
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Record Number: 36242
Source Name: SQLBrowser
Time Written: 20100427172316.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55972
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.314600-000
Event Type: Audit Failure
User:
Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55973
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.501800-000
Event Type: Audit Failure
User:
Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55974
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.611000-000
Event Type: Audit Failure
User:
Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55975
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.735800-000
Event Type: Audit Failure
User:
Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55976
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.845000-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Hi grubbit
Looking over your log, it seems you don't have any evidence of anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://files.avast.com/iavs4pro/setupeng.exe) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) Microsoft Security Essentials (http://www.microsoft.com/security_essentials/default.aspx?mkt=en-us) - Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
Your computer must have only ONE anti-virus program installed at any time. Having more than one anti-virus program installed & active will cause program conflicts, false virus alerts, and system crashes.
1 - Run Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
Thanks peku006
Did everything you said but found nothing, here are the logs as requested.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4046
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904
28/04/2010 11:53:44 PM
mbam-log-2010-04-28 (23-53-44).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 248670
Time elapsed: 57 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:57 AM, on 29/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\mobsync.exe
C:\Users\Graham\Desktop\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdFirewall] C:\Program Files\AdFirewall\AdFirewall.exe -Startup -AutoScan
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c985f3866ccc10) (gupdate1c985f3866ccc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 8916 bytes
Hi grubbit
Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.
Right click on gmer.zip and select Extract All....
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
Click on the Browse button. Click on Desktop. Then click OK.
Click Next. It will start extracting.
Once done, check (tick) the Show extracted files box and click Finish.
Double click on gmer.exe to run it.
Select the Rootkit tab.
On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
Select all drives that are connected to your system to be scanned.
Click on the Scan button.
When the scan is finished, click Copy to save the scan log to the Windows clipboard.
Open Notepad or a similar text editor.
Paste the clipboard contents into the text editor.
Save the Gmer scan log and post it in your next reply.
Close Gmer.
Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
In Command Prompt, type in net stop gmer. Press Enter.
Type in exit to close Command Prompt.
Note: Do not run any programs while Gmer is running.
Thanks peku006
It seems that Gmer is very unstable, when I try to do a scan it has locked my computer a couple of times and when I did get it to scan it was extremely slow, is this normal?
Hi grubbit
no it is not normal....
let´s try this
1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.
2 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
Thanks peku006
Hi Sorry for the delay but trying to run one of the previous files gave me problems, I ran ComboFix and all was well until it cam to the log file, I got the blue windows screen telling me there was a fatal error and was shutting down. I have searched but no log file although it did run through the check, when complete I thought it was fixed as I got no pop ups at all, however today when I logged on there they were again. Should I run ComboFix again
Hi grubbit
we can use another tool
Download OTS.exe here (http://oldtimer.geekstogo.com/OTS.exe) & save it to your Desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS
Double click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator)
In the Drivers section click on Non-Microsoft
Under Additional Scans click the checkboxes in front of the following items to select them:
Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings
Now click the Run Scan button on the toolbar
Let it run unhindered until it finishes
When the scan is complete Notepad will open with the report file loaded in it
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it
Copy & paste the information in your next reply making sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].
If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Thanks peku006
The things you asked me to check werent there on the scan page,so I ran the scan and this is what I got
[code]
OTS logfile created on: 6/05/2010 12:36:26 AM - Run 1
OTS by OldTimer - Version 3.1.31.0 Folder = C:\Users\Graham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
893.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.02 Gb Total Space | 83.49 Gb Free Space | 58.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GRAHAM-PC
Current User Name: Graham
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Users\Graham\Desktop\OTS.exe -> [2010/05/06 00:31:13 | 000,640,000 | ---- | M] (OldTimer Tools)
optus wireless broadband.exe -> C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe -> [2010/05/03 18:25:12 | 000,114,688 | ---- | M] ()
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/04/03 10:44:05 | 000,910,296 | ---- | M] (Mozilla Corporation)
wmplayer.exe -> C:\Program Files\Windows Media Player\wmplayer.exe -> [2009/09/10 23:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
pcsuite.exe -> C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe -> [2008/12/06 01:48:08 | 000,699,392 | ---- | M] ()
sqlwriter.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 20:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation)
sqlbrowser.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/11/24 20:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation)
servicelayer.exe -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.)
ncltobtsrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe -> [2008/11/04 09:10:14 | 000,137,728 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
nclmsbtsrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe -> [2008/10/27 14:08:04 | 000,128,000 | ---- | M] ()
adobeupdater.exe -> C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe -> [2008/09/26 09:02:04 | 002,356,088 | R--- | M] (Adobe Systems Incorporated)
nclusbsrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [2008/09/19 08:52:04 | 000,130,560 | ---- | M] ()
nclrssrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe -> [2008/06/03 08:02:34 | 000,119,808 | ---- | M] ()
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2008/01/19 15:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
bcmsqlstartupsvc.exe -> C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -> [2008/01/12 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation)
washersvc.exe -> C:\Program Files\Webroot\Washer\WasherSvc.exe -> [2007/11/26 12:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.)
syntpstart.exe -> C:\Program Files\Synaptics\SynTP\SynTPStart.exe -> [2007/08/15 15:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.)
syntoshiba.exe -> C:\Program Files\Synaptics\SynTP\SynToshiba.exe -> [2007/08/15 14:58:02 | 000,200,704 | ---- | M] (Synaptics, Inc.)
rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2007/08/09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor)
tnavisrv.exe -> C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2007/08/02 06:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation)
ndstray.exe -> C:\Program Files\Toshiba\ConfigFree\NDSTray.exe -> [2007/07/21 11:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION)
cfswmgr.exe -> C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe -> [2007/06/20 06:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION)
smoothview.exe -> C:\Program Files\Toshiba\SmoothView\SmoothView.exe -> [2007/06/16 13:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation)
cec_main.exe -> C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe -> [2007/06/12 04:10:04 | 004,762,624 | ---- | M] ()
tcrdmain.exe -> C:\Program Files\Toshiba\FlashCards\TCrdMain.exe -> [2007/05/23 08:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation)
traybar.exe -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe -> [2007/05/23 02:50:02 | 000,413,696 | ---- | M] (Chicony)
toscdspd.exe -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe -> [2007/05/18 18:43:00 | 000,430,080 | ---- | M] ()
toscosrv.exe -> C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -> [2007/03/30 02:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation)
tpwrmain.exe -> C:\Program Files\Toshiba\Power Saver\TPwrMain.exe -> [2007/03/30 02:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation)
tosbtsrv.exe -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/26 12:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION)
cfsvcs.exe -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2006/11/15 11:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
agrsmsvc.exe -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems)
ulcdrsvr.exe -> C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/24 07:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.)
toddsrv.exe -> C:\Windows\System32\TODDSrv.exe -> [2006/05/26 09:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation)
[Modules - Safe List]
ots.exe -> C:\Users\Graham\Desktop\OTS.exe -> [2010/05/06 00:31:13 | 000,640,000 | ---- | M] (OldTimer Tools)
msscript.ocx -> C:\Windows\System32\msscript.ocx -> [2008/01/19 15:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/19 15:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(STSService) STSService [On_Demand | Stopped] -> -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Auto | Stopped] -> -> File not found
(MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) [On_Demand | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2009/05/27 01:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
(SQLWriter) SQL Server VSS Writer [Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 20:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation)
(SQLBrowser) SQL Server Browser [Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/11/24 20:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) SQL Server Active Directory Helper [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -> [2008/11/24 20:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation)
(ServiceLayer) ServiceLayer [On_Demand | Running] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
(BcmSqlStartupSvc) Business Contact Manager SQL Server Startup Service [Auto | Running] -> C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -> [2008/01/12 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation)
(wwEngineSvc) Window Washer Engine [Auto | Running] -> C:\Program Files\Webroot\Washer\WasherSvc.exe -> [2007/11/26 12:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.)
(TNaviSrv) TOSHIBA Navi Support Service [Auto | Running] -> C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2007/08/02 06:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation)
(TosCoSrv) TOSHIBA Power Saver [Auto | Running] -> C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -> [2007/03/30 02:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation)
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Auto | Running] -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/26 12:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION)
(CFSvcs) ConfigFree Service [Auto | Running] -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2006/11/15 11:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Running] -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems)
(UleadBurningHelper) Ulead Burning Helper [Auto | Running] -> C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/24 07:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.)
(TODDSrv) TOSHIBA Optical Disc Drive Service [Auto | Running] -> C:\Windows\System32\TODDSrv.exe -> [2006/05/26 09:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation)
(MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -> [2005/11/24 15:03:22 | 000,053,337 | ---- | M] (Sony Corporation)
(PACSPTISVR) PACSPTISVR [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> [2005/11/24 14:57:44 | 000,053,337 | ---- | M] (Sony Corporation)
(SPTISRV) Sony SPTI Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> [2005/11/24 14:47:30 | 000,069,718 | ---- | M] (Sony Corporation)
[Driver Services - Safe List]
(AdFirewall) AdFirewall Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\AdFirewall.SYS -> [2010/04/26 07:43:43 | 000,044,032 | ---- | M] (FYSecurity Tech Inc.)
(AdFirewallDriver) AdFirewall Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\AdFirewallDriver.SYS -> [2010/04/26 07:43:43 | 000,009,728 | ---- | M] (FYSecurity Tech Inc.)
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AnyDVD.sys -> [2010/04/07 22:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.)
(SndTAudio) SndTAudio [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\SndTAudio.sys -> [2010/02/18 08:01:26 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\ElbyCDIO.sys -> [2010/01/02 01:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG)
(ewusbnet) HUAWEI USB-NDIS miniport [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ewusbnet.sys -> [2009/10/20 18:47:56 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.)
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ewusbmdm.sys -> [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.)
(nmwcdnsu) Nokia USB Flashing Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdnsu.sys -> [2009/03/19 12:48:18 | 000,136,704 | ---- | M] (Nokia)
(nmwcdnsuc) Nokia USB Flashing Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdnsuc.sys -> [2009/03/19 12:48:12 | 000,008,320 | ---- | M] (Nokia)
(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbser_lowerfltj.sys -> [2009/02/09 06:37:56 | 000,007,808 | ---- | M] (Nokia)
(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbser_lowerflt.sys -> [2009/02/09 06:37:48 | 000,007,808 | ---- | M] (Nokia)
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmbo.sys -> [2009/02/09 06:37:46 | 000,022,016 | ---- | M] (Nokia)
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmb.sys -> [2009/02/09 06:37:46 | 000,017,664 | ---- | M] (Nokia)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pccsmcfd.sys -> [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia)
(wrssweep) Webroots Volume Access Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Webroot\Washer\wrSSweep.sys -> [2007/11/26 12:47:44 | 000,021,832 | ---- | M] (Webroot Software Inc (www.webroot.com))
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2007/08/15 17:03:36 | 000,190,384 | ---- | M] (Synaptics, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2007/08/10 13:49:16 | 001,941,848 | ---- | M] (Realtek Semiconductor Corp.)
(tos_sps32) TOSHIBA tos_sps32 Service [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\tos_sps32.sys -> [2007/08/02 06:37:20 | 000,285,184 | ---- | M] (TOSHIBA Corporation)
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2007/07/27 23:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.)
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athr.sys -> [2007/06/19 10:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.)
(nmwcdsa) Samsung USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdsa.sys -> [2007/05/02 16:32:34 | 000,135,680 | ---- | M] (Nokia)
(nmwcdsacm) Samsung USB Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdsacm.sys -> [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia)
(nmwcdsacj) Samsung USB Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdsacj.sys -> [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia)
(nmwcdsac) Samsung USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdsac.sys -> [2007/05/02 16:31:54 | 000,008,320 | ---- | M] (Nokia)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2007/04/30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation )
(UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\UVCFTR_S.SYS -> [2007/04/17 02:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/03/22 13:02:04 | 000,037,376 | ---- | M] (REDC)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/02/25 05:42:22 | 000,039,936 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/01/24 07:40:20 | 000,042,496 | ---- | M] (REDC)
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AGRSM.sys -> [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems)
(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\FwLnk.sys -> [2006/11/21 05:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 17:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 17:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 17:51:34 | 000,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 17:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 17:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 17:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 17:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 17:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 17:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 17:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 17:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 17:50:10 | 000,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 17:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 17:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 17:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 17:50:05 | 000,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 17:50:04 | 000,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 17:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 17:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 17:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 17:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 15:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\AtiPcie.sys -> [2006/10/30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.)
(tosrfec) Bluetooth ACPI [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tosrfec.sys -> [2006/10/24 07:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation)
(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tdcmdpst.sys -> [2006/10/19 02:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.)
(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\TVALZ_O.SYS -> [2006/10/06 14:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\Graham\AppData\Roaming\Mozilla\FireFox\Profiles\ubsdp1tb.default\prefs.js ->
browser.search.defaultenginename -> "Search" ->
browser.search.defaulturl -> "http://www.dymasearch.com/search.php?src=tops&q=" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com.au" ->
extensions.enabledItems -> {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3 ->
keyword.URL -> "http://www.dymasearch.com/search.php?src=tops&q=" ->
network.proxy.ftp_port -> 8118 ->
network.proxy.gopher_port -> 8118 ->
network.proxy.http -> "127.0.0.1" ->
network.proxy.http_port -> 8118 ->
network.proxy.socks -> "127.0.0.1" ->
network.proxy.socks_port -> 9050 ->
network.proxy.socks_remote_dns -> true ->
network.proxy.ssl -> "127.0.0.1" ->
network.proxy.ssl_port -> 8118 ->
network.proxy.type -> 4 ->
< FireFox Settings [User.js] > -> C:\Users\Graham\AppData\Roaming\Mozilla\FireFox\Profiles\ubsdp1tb.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Graham\AppData\Roaming\Mozilla\Extensions -> [2008/09/01 03:39:43 | 000,000,000 | ---D | M]
-> C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions -> [2010/05/05 23:36:43 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/03 03:43:00 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
bing.xml -> C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\bing.xml -> [2009/06/05 20:30:14 | 000,002,164 | ---- | M] ()
Search.xml -> C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\Search.xml -> [2010/04/18 13:01:30 | 000,000,254 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/19 20:36:24 | 000,000,000 | ---D | M]
z -> C:\Program Files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15} -> [2010/04/18 13:01:20 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/19 05:41:30 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 21:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 13:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2010/04/29 01:07:40 | 000,764,912 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"00TCrdMain" -> C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> [2007/05/23 08:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation)
"Camera Assistant Software" -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe ["C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"] -> [2007/05/23 02:50:02 | 000,413,696 | ---- | M] (Chicony)
"HSON" -> C:\Program Files\Toshiba\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> [2006/12/08 08:49:20 | 000,055,416 | ---- | M] (TOSHIBA Corporation)
"NDSTray.exe" -> [NDSTray.exe] -> File not found
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2007/08/09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007/08/03 13:22:02 | 001,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"SmoothView" -> C:\Program Files\Toshiba\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> [2007/06/16 13:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation)
"SynTPStart" -> C:\Program Files\Synaptics\SynTP\SynTPStart.exe [C:\Program Files\Synaptics\SynTP\SynTPStart.exe] -> [2007/08/15 15:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.)
"TPwrMain" -> C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> [2007/03/30 02:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 15:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"S60 PC Suite Tray" -> C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ["C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray] -> [2008/12/06 01:48:08 | 000,699,392 | ---- | M] ()
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/07/22 20:10:48 | 000,039,408 | ---- | M] (Google Inc.)
"TOSCDSPD" -> [TOSCDSPD.EXE] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/10 04:48:18 | 003,600,384 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2010/01/15 00:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 02:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 13:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Java Plug-in 1.6.0_04] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 198.142.0.51 61.88.88.88 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{59BE24AF-1E48-49A8-8EB8-BCED384D676C}\\DhcpNameServer -> 192.168.100.2 203.121.192.4 203.121.192.254 (Atheros AR5007EG Wireless Network Adapter) ->
{62A9B811-E6C9-4CE8-A0C5-527E635698AA}\\DhcpNameServer -> 198.142.0.51 61.88.88.88 (HUAWEI Mobile Connect - 3G Network Card) ->
{71C5F77F-13DD-4BE5-A1B4-F1EF9995436E}\\DhcpNameServer -> 10.1.1.1 (Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/19 05:43:36 | 000,000,024 | ---- | M] ()
E:\AutoRun.exe [MZ | ] -> E:\AutoRun.exe [ CDFS ] -> [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
E:\AutoRun.ico [] -> E:\AutoRun.ico [ CDFS ] -> [2008/11/28 00:03:32 | 000,004,286 | R--- | M] ()
E:\AUTORUN.INF [[AutoRun] | open=AutoRun.exe | icon=AutoRun.ico | ] -> E:\AUTORUN.INF [ CDFS ] -> [2007/08/25 01:04:06 | 000,000,047 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell
\E\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command
\E\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
\{061c7615-5590-11df-a45c-001e101f3da8}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061c7615-5590-11df-a45c-001e101f3da8}\shell
\{061c7615-5590-11df-a45c-001e101f3da8}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061c7615-5590-11df-a45c-001e101f3da8}\shell\AutoRun\command
\{061c7615-5590-11df-a45c-001e101f3da8}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
part 2
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Graham\Desktop\OTS.exe -> [2010/05/06 00:31:03 | 000,640,000 | ---- | C] (OldTimer Tools)
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/05/03 23:12:21 | 000,000,000 | -HSD | C]
temp -> C:\Windows\temp -> [2010/05/03 23:04:03 | 000,000,000 | ---D | C]
temp -> C:\Users\Graham\AppData\Local\temp -> [2010/05/03 23:04:03 | 000,000,000 | ---D | C]
SWREG.exe -> C:\Windows\SWREG.exe -> [2010/05/03 22:52:38 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2010/05/03 22:52:38 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/05/03 22:52:38 | 000,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\Windows\ERDNT -> [2010/05/03 22:52:31 | 000,000,000 | ---D | C]
ComboFix -> C:\ComboFix -> [2010/05/03 22:52:30 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/05/03 22:51:26 | 000,000,000 | ---D | C]
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/05/03 22:51:02 | 000,212,480 | ---- | C] (SteelWerX)
ewusbnet.sys -> C:\Windows\System32\drivers\ewusbnet.sys -> [2010/05/03 18:25:28 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.)
ewusbmdm.sys -> C:\Windows\System32\drivers\ewusbmdm.sys -> [2010/05/03 18:25:28 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.)
ewusbdev.sys -> C:\Windows\System32\drivers\ewusbdev.sys -> [2010/05/03 18:25:28 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.)
ewdcsc.sys -> C:\Windows\System32\drivers\ewdcsc.sys -> [2010/05/03 18:25:28 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.)
Optus Wireless Broadband -> C:\Program Files\Optus Wireless Broadband -> [2010/05/03 18:25:06 | 000,000,000 | ---D | C]
trend micro -> C:\Program Files\trend micro -> [2010/04/28 21:35:05 | 000,000,000 | ---D | C]
rsit -> C:\rsit -> [2010/04/28 21:35:02 | 000,000,000 | ---D | C]
hijackthis.exe -> C:\Users\Graham\Desktop\hijackthis.exe -> [2010/04/25 15:52:39 | 000,388,608 | ---- | C] (Trend Micro Inc.)
SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/04/25 13:59:26 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Users\Graham\AppData\Roaming\SUPERAntiSpyware.com -> [2010/04/25 13:57:26 | 000,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/04/25 13:57:26 | 000,000,000 | ---D | C]
nshhttp.dll -> C:\Windows\System32\nshhttp.dll -> [2010/04/24 15:22:40 | 000,024,064 | ---- | C] (Microsoft Corporation)
httpapi.dll -> C:\Windows\System32\httpapi.dll -> [2010/04/24 15:22:38 | 000,031,232 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\System32\vbscript.dll -> [2010/04/24 15:12:37 | 000,420,352 | ---- | C] (Microsoft Corporation)
l3codeca.acm -> C:\Windows\System32\l3codeca.acm -> [2010/04/24 15:12:31 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2010/04/24 15:12:24 | 001,469,440 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\System32\mstime.dll -> [2010/04/24 15:12:24 | 000,611,840 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2010/04/24 15:12:24 | 000,594,432 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2010/04/24 15:12:24 | 000,387,584 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2010/04/24 15:12:23 | 001,638,912 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2010/04/24 15:12:23 | 000,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2010/04/24 15:12:23 | 000,173,056 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\System32\ieui.dll -> [2010/04/24 15:12:23 | 000,164,352 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2010/04/24 15:12:23 | 000,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2010/04/24 15:12:23 | 000,109,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2010/04/24 15:12:23 | 000,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2010/04/24 15:12:23 | 000,055,808 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2010/04/24 15:12:23 | 000,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2010/04/24 15:12:23 | 000,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2010/04/24 15:12:23 | 000,013,312 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2010/04/24 15:12:01 | 003,598,216 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2010/04/24 15:12:01 | 003,545,992 | ---- | C] (Microsoft Corporation)
win32k.sys -> C:\Windows\System32\win32k.sys -> [2010/04/24 15:11:25 | 002,035,712 | ---- | C] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\System32\RMActivate_isv.exe -> [2010/04/24 15:11:11 | 000,523,776 | ---- | C] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\System32\RMActivate.exe -> [2010/04/24 15:11:11 | 000,511,488 | ---- | C] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\System32\secproc_isv.dll -> [2010/04/24 15:11:08 | 000,472,576 | ---- | C] (Microsoft Corporation)
secproc.dll -> C:\Windows\System32\secproc.dll -> [2010/04/24 15:11:08 | 000,472,064 | ---- | C] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\System32\RMActivate_ssp.exe -> [2010/04/24 15:11:08 | 000,347,136 | ---- | C] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\System32\RMActivate_ssp_isv.exe -> [2010/04/24 15:11:08 | 000,346,624 | ---- | C] (Microsoft Corporation)
msdrm.dll -> C:\Windows\System32\msdrm.dll -> [2010/04/24 15:11:03 | 000,329,216 | ---- | C] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\System32\secproc_ssp_isv.dll -> [2010/04/24 15:11:03 | 000,151,040 | ---- | C] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\System32\secproc_ssp.dll -> [2010/04/24 15:11:03 | 000,151,040 | ---- | C] (Microsoft Corporation)
quartz.dll -> C:\Windows\System32\quartz.dll -> [2010/04/24 15:10:58 | 001,314,816 | ---- | C] (Microsoft Corporation)
msvfw32.dll -> C:\Windows\System32\msvfw32.dll -> [2010/04/24 15:10:57 | 000,123,904 | ---- | C] (Microsoft Corporation)
avifil32.dll -> C:\Windows\System32\avifil32.dll -> [2010/04/24 15:10:57 | 000,091,136 | ---- | C] (Microsoft Corporation)
mciavi32.dll -> C:\Windows\System32\mciavi32.dll -> [2010/04/24 15:10:57 | 000,082,944 | ---- | C] (Microsoft Corporation)
avicap32.dll -> C:\Windows\System32\avicap32.dll -> [2010/04/24 15:10:57 | 000,065,024 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\System32\jscript.dll -> [2010/04/24 15:10:48 | 000,726,528 | ---- | C] (Microsoft Corporation)
t2embed.dll -> C:\Windows\System32\t2embed.dll -> [2010/04/24 15:10:41 | 000,156,672 | ---- | C] (Microsoft Corporation)
fontsub.dll -> C:\Windows\System32\fontsub.dll -> [2010/04/24 15:10:41 | 000,072,704 | ---- | C] (Microsoft Corporation)
tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/04/24 15:10:30 | 000,002,048 | ---- | C] (Microsoft Corporation)
timedate.cpl -> C:\Windows\System32\timedate.cpl -> [2010/04/24 15:09:59 | 000,714,240 | ---- | C] (Microsoft Corporation)
raschap.dll -> C:\Windows\System32\raschap.dll -> [2010/04/24 15:09:55 | 000,281,600 | ---- | C] (Microsoft Corporation)
rastls.dll -> C:\Windows\System32\rastls.dll -> [2010/04/24 15:09:55 | 000,244,224 | ---- | C] (Microsoft Corporation)
WSDApi.dll -> C:\Windows\System32\WSDApi.dll -> [2010/04/24 15:09:49 | 000,351,232 | ---- | C] (Microsoft Corporation)
unregmp2.exe -> C:\Windows\System32\unregmp2.exe -> [2010/04/24 14:59:05 | 000,310,784 | ---- | C] (Microsoft Corporation)
wmploc.DLL -> C:\Windows\System32\wmploc.DLL -> [2010/04/24 14:58:55 | 008,147,456 | ---- | C] (Microsoft Corporation)
AnyDVDHD -> C:\Users\Graham\Documents\AnyDVDHD -> [2010/04/22 16:49:59 | 000,000,000 | ---D | C]
SlySoft -> C:\ProgramData\SlySoft -> [2010/04/22 16:47:44 | 000,000,000 | ---D | C]
SlySoft -> C:\Program Files\SlySoft -> [2010/04/22 16:41:17 | 000,000,000 | ---D | C]
AdFirewall.SYS -> C:\Windows\System32\drivers\AdFirewall.SYS -> [2010/04/21 23:36:03 | 000,044,032 | ---- | C] (FYSecurity Tech Inc.)
AdFirewallDriver.SYS -> C:\Windows\System32\drivers\AdFirewallDriver.SYS -> [2010/04/21 23:36:03 | 000,009,728 | ---- | C] (FYSecurity Tech Inc.)
AdFirewall -> C:\Program Files\AdFirewall -> [2010/04/21 23:36:03 | 000,000,000 | ---D | C]
iTunes Agent -> C:\Users\Graham\AppData\Roaming\iTunes Agent -> [2010/04/20 21:44:23 | 000,000,000 | ---D | C]
Jaran Nilsen -> C:\Users\Graham\AppData\Roaming\Jaran Nilsen -> [2010/04/20 21:30:46 | 000,000,000 | ---D | C]
iTunes Agent -> C:\Program Files\iTunes Agent -> [2010/04/20 21:30:26 | 000,000,000 | ---D | C]
PC Suite -> C:\ProgramData\PC Suite -> [2010/04/20 18:29:32 | 000,000,000 | ---D | C]
PC Suite -> C:\Users\Graham\AppData\Roaming\PC Suite -> [2010/04/20 18:29:27 | 000,000,000 | ---D | C]
Samsung -> C:\Users\Graham\AppData\Roaming\Samsung -> [2010/04/20 18:09:31 | 000,000,000 | ---D | C]
PCSuite -> C:\Program Files\Common Files\PCSuite -> [2010/04/20 18:05:26 | 000,000,000 | ---D | C]
DIFX -> C:\Program Files\DIFX -> [2010/04/20 17:41:32 | 000,000,000 | ---D | C]
pccsmcfd.sys -> C:\Windows\System32\drivers\pccsmcfd.sys -> [2010/04/20 17:41:29 | 000,018,816 | ---- | C] (Nokia)
PC Connectivity Solution -> C:\Program Files\PC Connectivity Solution -> [2010/04/20 17:39:16 | 000,000,000 | ---D | C]
Samsung -> C:\Program Files\Samsung -> [2010/04/20 17:34:51 | 000,000,000 | ---D | C]
JRE -> C:\Program Files\JRE -> [2010/04/20 08:10:42 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\Graham\AppData\Roaming\Malwarebytes -> [2010/04/19 22:40:10 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/04/19 22:39:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/04/19 22:39:47 | 000,000,000 | ---D | C]
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/04/19 22:39:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/04/19 22:39:46 | 000,000,000 | ---D | C]
javaws.exe -> C:\Windows\System32\javaws.exe -> [2010/04/19 20:36:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\System32\javaw.exe -> [2010/04/19 20:36:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2010/04/19 20:36:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
Monthly Quote Reports -> C:\Users\Graham\Documents\Monthly Quote Reports -> [2010/04/19 09:54:52 | 000,000,000 | ---D | C]
Sun -> C:\Windows\Sun -> [2010/04/18 13:59:07 | 000,000,000 | ---D | C]
frost -> C:\Users\Graham\frost -> [2010/04/11 15:19:17 | 000,000,000 | ---D | C]
FrostWire -> C:\Program Files\FrostWire -> [2010/04/11 15:16:33 | 000,000,000 | ---D | C]
Incomplete -> C:\Program Files\Incomplete -> [2010/04/11 15:11:41 | 000,000,000 | ---D | C]
Incomplete -> C:\Users\Graham\Incomplete -> [2010/04/11 14:40:47 | 000,000,000 | ---D | C]
GPhotos.scr -> C:\Windows\System32\GPhotos.scr -> [2010/04/10 04:48:18 | 003,600,384 | ---- | C] (Google Inc.)
AnyDVD.sys -> C:\Windows\System32\drivers\AnyDVD.sys -> [2010/04/07 22:28:12 | 000,104,768 | ---- | C] (SlySoft, Inc.)
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\Graham\ntuser.dat -> [2010/05/06 00:39:04 | 003,670,016 | -HS- | M] ()
OTS.exe -> C:\Users\Graham\Desktop\OTS.exe -> [2010/05/06 00:31:13 | 000,640,000 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/05/05 23:57:01 | 000,000,886 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/05/05 23:57:00 | 000,000,882 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 23:05:43 | 000,003,168 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 23:05:43 | 000,003,168 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/05 21:05:35 | 000,067,584 | --S- | M] ()
Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2010/05/05 07:13:31 | 000,000,868 | ---- | M] ()
User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job -> C:\Windows\tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job -> [2010/05/05 07:02:15 | 000,000,420 | -H-- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Graham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/05/04 06:32:54 | 000,150,016 | ---- | M] ()
i(2).wmv -> C:\Users\Graham\Desktop\i(2).wmv -> [2010/05/04 06:32:53 | 006,923,310 | ---- | M] ()
i.wmv -> C:\Users\Graham\Desktop\i.wmv -> [2010/05/04 06:31:29 | 001,754,980 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/05/03 23:12:08 | 203,159,363 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/03 23:11:41 | 000,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/05/03 23:11:32 | 937,476,096 | -HS- | M] ()
system.ini -> C:\Windows\system.ini -> [2010/05/03 23:04:23 | 000,000,215 | ---- | M] ()
ComboFix.exe -> C:\Users\Graham\Desktop\ComboFix.exe -> [2010/05/03 22:27:46 | 003,926,394 | R--- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/05/03 20:46:56 | 000,766,414 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/05/03 20:46:56 | 000,649,990 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/05/03 20:46:56 | 000,124,218 | ---- | M] ()
Optus Wireless Broadband.lnk -> C:\Users\Public\Desktop\Optus Wireless Broadband.lnk -> [2010/05/03 18:25:34 | 000,001,007 | ---- | M] ()
NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/02 10:11:05 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> [2010/05/02 10:11:05 | 000,065,536 | -HS- | M] ()
ClientQuote.pdf -> C:\Users\Graham\Documents\ClientQuote.pdf -> [2010/04/30 08:40:14 | 000,194,835 | ---- | M] ()
Terms and conditions.pdf -> C:\Users\Graham\Documents\Terms and conditions.pdf -> [2010/04/30 08:40:14 | 000,038,408 | ---- | M] ()
d3d9caps.dat -> C:\Users\Graham\AppData\Local\d3d9caps.dat -> [2010/04/29 17:57:35 | 000,001,356 | ---- | M] ()
Removal List.xls -> C:\Users\Graham\Documents\Removal List.xls -> [2010/04/27 14:19:04 | 000,009,216 | ---- | M] ()
PEV.exe -> C:\Windows\PEV.exe -> [2010/04/26 15:58:12 | 000,256,512 | ---- | M] ()
AdFirewall.lnk -> C:\Users\Graham\Desktop\AdFirewall.lnk -> [2010/04/26 07:46:22 | 000,000,839 | ---- | M] ()
AdFirewall.SYS -> C:\Windows\System32\drivers\AdFirewall.SYS -> [2010/04/26 07:43:43 | 000,044,032 | ---- | M] (FYSecurity Tech Inc.)
AdFirewallDriver.SYS -> C:\Windows\System32\drivers\AdFirewallDriver.SYS -> [2010/04/26 07:43:43 | 000,009,728 | ---- | M] (FYSecurity Tech Inc.)
hijackthis.exe -> C:\Users\Graham\Desktop\hijackthis.exe -> [2010/04/25 15:53:00 | 000,388,608 | ---- | M] (Trend Micro Inc.)
GDIPFONTCACHEV1.DAT -> C:\Users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/04/24 16:01:07 | 000,118,744 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/04/24 15:47:20 | 000,420,936 | ---- | M] ()
NMM-MetaData.db -> C:\Users\Graham\AppData\Roaming\NMM-MetaData.db -> [2010/04/22 20:47:21 | 000,022,207 | ---- | M] ()
.zreglib -> C:\ProgramData\.zreglib -> [2010/04/22 19:44:41 | 000,000,040 | -HS- | M] ()
AnyDVD.lnk -> C:\Users\Public\Desktop\AnyDVD.lnk -> [2010/04/22 16:41:28 | 000,000,905 | ---- | M] ()
0802-A01 REV 0.PDF -> C:\Users\Graham\Desktop\0802-A01 REV 0.PDF -> [2010/04/22 10:25:44 | 000,868,342 | ---- | M] ()
i8910_um_open_eng_rev10_090518.pdf -> C:\Users\Graham\Desktop\i8910_um_open_eng_rev10_090518.pdf -> [2010/04/22 00:08:59 | 002,277,842 | ---- | M] ()
cfe393d2dd4b95ef3753547a6cdde755.ita -> C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita -> [2010/04/20 22:59:37 | 000,000,000 | ---- | M] ()
iTunes Agent.lnk -> C:\Users\Graham\Desktop\iTunes Agent.lnk -> [2010/04/20 21:44:07 | 000,000,863 | ---- | M] ()
Samsung PC Studio 7.lnk -> C:\Users\Public\Desktop\Samsung PC Studio 7.lnk -> [2010/04/20 18:46:01 | 000,002,535 | ---- | M] ()
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [2010/04/20 18:31:32 | 000,000,000 | -H-- | M] ()
OpenOffice.org 3.2.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk -> [2010/04/20 08:14:16 | 000,001,005 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/19 22:39:54 | 000,000,829 | ---- | M] ()
Monthly Quote Report.xls -> C:\Users\Graham\Documents\Monthly Quote Report.xls -> [2010/04/19 08:59:46 | 000,016,384 | ---- | M] ()
Picasa 3.lnk -> C:\Users\Public\Desktop\Picasa 3.lnk -> [2010/04/17 11:04:43 | 000,000,910 | ---- | M] ()
img-4091431-0001.pdf -> C:\Users\Graham\Documents\img-4091431-0001.pdf -> [2010/04/12 06:26:04 | 000,057,381 | ---- | M] ()
FrostWire 4.20.3.lnk -> C:\Users\Graham\Desktop\FrostWire 4.20.3.lnk -> [2010/04/11 15:16:59 | 000,001,025 | ---- | M] ()
GPhotos.scr -> C:\Windows\System32\GPhotos.scr -> [2010/04/10 04:48:18 | 003,600,384 | ---- | M] (Google Inc.)
(WGR) - Graham Rickman.PDF -> C:\Users\Graham\Documents\(WGR) - Graham Rickman.PDF -> [2010/04/08 08:12:32 | 000,173,481 | ---- | M] ()
AnyDVD.sys -> C:\Windows\System32\drivers\AnyDVD.sys -> [2010/04/07 22:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.)
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
[Files - No Company Name]
i(2).wmv -> C:\Users\Graham\Desktop\i(2).wmv -> [2010/05/04 06:32:40 | 006,923,310 | ---- | C] ()
i.wmv -> C:\Users\Graham\Desktop\i.wmv -> [2010/05/04 06:31:18 | 001,754,980 | ---- | C] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/05/03 23:11:35 | 203,159,363 | ---- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2010/05/03 22:52:38 | 000,256,512 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2010/05/03 22:52:38 | 000,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2010/05/03 22:52:38 | 000,080,412 | ---- | C] ()
MBR.exe -> C:\Windows\MBR.exe -> [2010/05/03 22:52:38 | 000,077,312 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2010/05/03 22:52:38 | 000,068,096 | ---- | C] ()
ComboFix.exe -> C:\Users\Graham\Desktop\ComboFix.exe -> [2010/05/03 22:27:37 | 003,926,394 | R--- | C] ()
Optus Wireless Broadband.lnk -> C:\Users\Public\Desktop\Optus Wireless Broadband.lnk -> [2010/05/03 18:25:34 | 000,001,007 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/05/02 10:11:45 | 937,476,096 | -HS- | C] ()
Terms and conditions.pdf -> C:\Users\Graham\Documents\Terms and conditions.pdf -> [2010/04/30 08:40:14 | 000,038,408 | ---- | C] ()
ClientQuote.pdf -> C:\Users\Graham\Documents\ClientQuote.pdf -> [2010/04/30 08:40:08 | 000,194,835 | ---- | C] ()
Removal List.xls -> C:\Users\Graham\Documents\Removal List.xls -> [2010/04/27 13:20:27 | 000,009,216 | ---- | C] ()
.zreglib -> C:\ProgramData\.zreglib -> [2010/04/22 16:47:44 | 000,000,040 | -HS- | C] ()
AnyDVD.lnk -> C:\Users\Public\Desktop\AnyDVD.lnk -> [2010/04/22 16:41:28 | 000,000,905 | ---- | C] ()
0802-A01 REV 0.PDF -> C:\Users\Graham\Desktop\0802-A01 REV 0.PDF -> [2010/04/22 10:25:39 | 000,868,342 | ---- | C] ()
i8910_um_open_eng_rev10_090518.pdf -> C:\Users\Graham\Desktop\i8910_um_open_eng_rev10_090518.pdf -> [2010/04/22 00:08:41 | 002,277,842 | ---- | C] ()
AdFirewall.lnk -> C:\Users\Graham\Desktop\AdFirewall.lnk -> [2010/04/21 23:36:04 | 000,000,839 | ---- | C] ()
cfe393d2dd4b95ef3753547a6cdde755.ita -> C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita -> [2010/04/20 22:59:37 | 000,000,000 | ---- | C] ()
iTunes Agent.lnk -> C:\Users\Graham\Desktop\iTunes Agent.lnk -> [2010/04/20 21:30:32 | 000,000,863 | ---- | C] ()
NMM-MetaData.db -> C:\Users\Graham\AppData\Roaming\NMM-MetaData.db -> [2010/04/20 19:11:16 | 000,022,207 | ---- | C] ()
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [2010/04/20 18:31:32 | 000,000,000 | -H-- | C] ()
Samsung PC Studio 7.lnk -> C:\Users\Public\Desktop\Samsung PC Studio 7.lnk -> [2010/04/20 18:06:02 | 000,002,535 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/19 22:39:54 | 000,000,829 | ---- | C] ()
OpenOffice.org 3.2.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk -> [2010/04/19 20:49:11 | 000,001,005 | ---- | C] ()
Picasa 3.lnk -> C:\Users\Public\Desktop\Picasa 3.lnk -> [2010/04/17 11:04:42 | 000,000,910 | ---- | C] ()
img-4091431-0001.pdf -> C:\Users\Graham\Documents\img-4091431-0001.pdf -> [2010/04/12 06:26:01 | 000,057,381 | ---- | C] ()
FrostWire 4.20.3.lnk -> C:\Users\Graham\Desktop\FrostWire 4.20.3.lnk -> [2010/04/11 15:10:35 | 000,001,025 | ---- | C] ()
(WGR) - Graham Rickman.PDF -> C:\Users\Graham\Documents\(WGR) - Graham Rickman.PDF -> [2010/04/08 08:12:29 | 000,173,481 | ---- | C] ()
usbhsb.sys -> C:\Windows\System32\drivers\usbhsb.sys -> [2010/02/22 17:22:03 | 000,018,690 | ---- | C] ()
cpwmon2k.dll -> C:\Windows\System32\cpwmon2k.dll -> [2009/09/11 05:56:26 | 000,087,552 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 13:07:42 | 000,403,816 | ---- | C] ()
libavcodec.dll -> C:\Windows\System32\libavcodec.dll -> [2008/12/29 00:59:44 | 004,377,500 | ---- | C] ()
ff_theora.dll -> C:\Windows\System32\ff_theora.dll -> [2008/12/28 23:51:00 | 000,239,247 | ---- | C] ()
libmpeg2_ff.dll -> C:\Windows\System32\libmpeg2_ff.dll -> [2008/12/28 23:50:50 | 000,145,609 | ---- | C] ()
libmplayer.dll -> C:\Windows\System32\libmplayer.dll -> [2008/12/28 23:49:08 | 000,560,802 | ---- | C] ()
ff_liba52.dll -> C:\Windows\System32\ff_liba52.dll -> [2008/12/13 00:57:38 | 000,142,848 | ---- | C] ()
ff_samplerate.dll -> C:\Windows\System32\ff_samplerate.dll -> [2008/12/10 02:57:26 | 000,183,296 | ---- | C] ()
ff_libmad.dll -> C:\Windows\System32\ff_libmad.dll -> [2008/12/10 02:57:18 | 000,178,688 | ---- | C] ()
ff_unrar.dll -> C:\Windows\System32\ff_unrar.dll -> [2008/12/10 02:57:02 | 000,113,152 | ---- | C] ()
ff_tremor.dll -> C:\Windows\System32\ff_tremor.dll -> [2008/12/10 02:56:42 | 000,146,944 | ---- | C] ()
ff_libdts.dll -> C:\Windows\System32\ff_libdts.dll -> [2008/12/10 02:56:34 | 000,257,024 | ---- | C] ()
ff_libfaad2.dll -> C:\Windows\System32\ff_libfaad2.dll -> [2008/12/10 02:56:22 | 000,485,888 | ---- | C] ()
ff_x264.dll -> C:\Windows\System32\ff_x264.dll -> [2008/12/08 21:37:04 | 000,884,237 | ---- | C] ()
xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2008/12/08 21:34:42 | 000,791,742 | ---- | C] ()
ff_wmv9.dll -> C:\Windows\System32\ff_wmv9.dll -> [2008/12/08 20:53:40 | 000,093,184 | ---- | C] ()
ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2008/12/08 20:53:32 | 000,057,344 | ---- | C] ()
xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2008/12/05 05:46:08 | 000,180,224 | ---- | C] ()
ff_kernelDeint.dll -> C:\Windows\System32\ff_kernelDeint.dll -> [2008/11/27 03:55:22 | 000,683,520 | ---- | C] ()
TomsMoComp_ff.dll -> C:\Windows\System32\TomsMoComp_ff.dll -> [2008/11/27 02:49:10 | 000,238,080 | ---- | C] ()
qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2008/08/06 06:02:12 | 003,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\Windows\System32\dtu100.dll.manifest -> [2008/08/06 05:59:04 | 000,000,416 | ---- | C] ()
dpl100.dll.manifest -> C:\Windows\System32\dpl100.dll.manifest -> [2008/08/06 05:59:04 | 000,000,416 | ---- | C] ()
dxr.dll -> C:\Windows\System32\dxr.dll -> [2008/03/29 23:42:22 | 000,245,248 | ---- | C] ()
avss.dll -> C:\Windows\System32\avss.dll -> [2008/03/29 23:42:14 | 000,102,400 | ---- | C] ()
mkx.dll -> C:\Windows\System32\mkx.dll -> [2008/03/29 23:42:08 | 000,148,992 | ---- | C] ()
mp4.dll -> C:\Windows\System32\mp4.dll -> [2008/03/29 23:42:04 | 000,141,312 | ---- | C] ()
avi.dll -> C:\Windows\System32\avi.dll -> [2008/03/29 23:42:04 | 000,108,032 | ---- | C] ()
ogm.dll -> C:\Windows\System32\ogm.dll -> [2008/03/29 23:42:02 | 000,120,832 | ---- | C] ()
ts.dll -> C:\Windows\System32\ts.dll -> [2008/03/29 23:42:00 | 000,163,840 | ---- | C] ()
avs.dll -> C:\Windows\System32\avs.dll -> [2008/03/29 23:41:54 | 000,097,280 | ---- | C] ()
mkzlib.dll -> C:\Windows\System32\mkzlib.dll -> [2008/03/29 23:41:52 | 000,079,360 | ---- | C] ()
mkunicode.dll -> C:\Windows\System32\mkunicode.dll -> [2008/03/29 23:41:52 | 000,023,552 | ---- | C] ()
csellang.ini -> C:\Windows\System32\csellang.ini -> [2008/02/24 02:51:47 | 000,128,113 | ---- | C] ()
csellang.dll -> C:\Windows\System32\csellang.dll -> [2008/02/24 02:51:47 | 000,045,056 | ---- | C] ()
tosmreg.ini -> C:\Windows\System32\tosmreg.ini -> [2008/02/24 02:51:47 | 000,010,150 | ---- | C] ()
cseltbl.ini -> C:\Windows\System32\cseltbl.ini -> [2008/02/24 02:51:47 | 000,007,671 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2008/02/03 02:28:25 | 000,000,376 | ---- | C] ()
Registration.ini -> C:\Windows\System32\Registration.ini -> [2007/10/13 17:30:20 | 000,000,137 | ---- | C] ()
NDSTray.INI -> C:\Windows\NDSTray.INI -> [2007/08/24 03:32:22 | 000,000,000 | ---- | C] ()
IVIresizeW7.dll -> C:\Windows\System32\IVIresizeW7.dll -> [2007/08/24 03:29:19 | 000,204,800 | ---- | C] ()
IVIresizeA6.dll -> C:\Windows\System32\IVIresizeA6.dll -> [2007/08/24 03:29:19 | 000,200,704 | ---- | C] ()
IVIresizeP6.dll -> C:\Windows\System32\IVIresizeP6.dll -> [2007/08/24 03:29:19 | 000,192,512 | ---- | C] ()
IVIresizeM6.dll -> C:\Windows\System32\IVIresizeM6.dll -> [2007/08/24 03:29:19 | 000,192,512 | ---- | C] ()
IVIresizePX.dll -> C:\Windows\System32\IVIresizePX.dll -> [2007/08/24 03:29:19 | 000,188,416 | ---- | C] ()
IVIresize.dll -> C:\Windows\System32\IVIresize.dll -> [2007/08/24 03:29:19 | 000,020,480 | ---- | C] ()
rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2007/08/24 03:13:48 | 000,016,480 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2007/08/24 02:30:51 | 001,060,424 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2007/08/24 02:29:59 | 000,159,744 | ---- | C] ()
ff_vfw.dll.manifest -> C:\Windows\System32\ff_vfw.dll.manifest -> [2007/07/11 01:10:12 | 000,000,547 | ---- | C] ()
TosBtAcc.dll -> C:\Windows\System32\TosBtAcc.dll -> [2006/12/06 04:05:04 | 000,114,688 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 20:37:35 | 000,030,808 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 20:37:35 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 20:37:35 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 20:37:35 | 000,026,040 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 20:35:32 | 000,005,632 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 15:40:29 | 000,013,750 | ---- | C] ()
wceprv.dll -> C:\Windows\System32\wceprv.dll -> [2006/07/07 01:53:56 | 000,003,584 | ---- | C] ()
TosCommAPI.dll -> C:\Windows\System32\TosCommAPI.dll -> [2005/07/23 12:30:18 | 000,065,536 | ---- | C] ()
< End of report >
[/code]
Hi grubbit
Run OTS
Under the Paste Fix Here box on the right, paste in the following
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Graham\AppData\Roaming\Mozilla\FireFox\Profiles\ubsdp1tb.default\prefs.js
YN -> browser.search.defaulturl -> "http://www.dymasearch.com/search.php?src=tops&q="
YN -> extensions.enabledItems -> {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3
YN -> keyword.URL -> "http://www.dymasearch.com/search.php?src=tops&q="
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.
Thanks peku006
The filw you mentioned did not exist, the only one found was this
[Registry - Safe List]
Prefs.js: "http://www.dymasearch.com/search.php?src=tops&q=" removed from browser.search.defaulturl
Prefs.js: {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3 removed from extensions.enabledItems
Prefs.js: "http://www.dymasearch.com/search.php?src=tops&q=" removed from keyword.URL
< End of fix log >
OTS by OldTimer - Version 3.1.31.0 fix logfile created on 05062010_220336
Hi grubbit
1 - Clean temp files
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.
NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
2 - Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Eset online scannner report
2. a fresh HijackThis log
Thanks peku006
ESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cabErr:The operation completed successfully.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f59e92ee02886b4a805ba4070d3715af
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-07 01:24:07
# local_time=2010-05-07 09:24:07 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 763970 763970 0 0
# compatibility_mode=1024 16777215 100 0 15421028 15421028 0 0
# compatibility_mode=5892 16776573 100 100 324956 110754837 0 0
# compatibility_mode=8192 67108863 100 0 526 526 0 0
# scanned=143061
# found=4
# cleaned=0
# scan_time=12937
C:\Users\Graham\Documents\FrostWire\Incomplete\Saved\xavier rudd [new album].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Users\Graham\Documents\FrostWire\Incomplete\Saved\z cars.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Users\Graham\Documents\FrostWire\Incomplete\Saved\z cars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Users\Graham\Music\take me my heart.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:38 PM, on 7/05/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Users\Graham\Desktop\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c985f3866ccc10) (gupdate1c985f3866ccc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 7943 bytes
Hi grubbit
Delete this folder
C:\Users\Graham\Documents\FrostWire\Incomplete\Saved
How's the computer running now? Any problems?
Thanks peku006
Hi again,
I just used my laptop for a few hours and nothing, then when I logged on to your site i got 2 pop ups straight away. Seems we have tried everything besides a format and it just reappears every time. when I am not connected to the net and try to open a web page the URL is always www.dymanet at the beginning and then a the link to the page I am looking for.
Hi grubbit
let´s try this
Close Firefox.
On your keyboard hit the Windows key and R simultaneously.
In the Run box type in this command and hit enter.
"%PROGRAMFILES%\Mozilla Firefox\firefox.exe" -safe-mode
Don't make any changes.
Click on Continue in Safe Mode
Firefox should start up. It may look unusual but it will work.
Let me know if your issue happens with Firefox in this mode.
Thanks peku006
Hi Peku,
I have been surfing for over an hour in the mode you suggested and not one pop up, hope this helps you.
Hi grubbit
yes it helped, some problems with Firefox are caused by extensions or themes.
Please read this (http://support.mozilla.com/fi/kb/troubleshooting+extensions+and+themes) page and post back if it helped.
Thanks peku006
Hi Peku,
I did all what you said and it is still here. Banners at the top of the page and sometimes redirection to an ad site. It is all getting too much and I think I have no alternative other than to format. We have tried everything and each time it comes back, are we running out of ideas???
Hi grubbit
we need to find it
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:regfind
*dymanet*
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:55 on 11/05/2010 by Graham (Administrator - Elevation successful)
========== regfind ==========
Searching for "*dymanet*"
No data found.
-=End Of File=-
When I got a popup ad I checked with Firefox and it said the source was here
www.wwwadcntr.com/vsphp?pid=183&cid=0&crid=0&t=0(9)&ccsaid
is this what we are looking for?
Hi TMJ1968
it's not what we're looking for.......
1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.
2 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
Thanks peku006
ComboFix 10-05-10.05 - Graham 12/05/2010 10:12:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.893.244 [GMT 8:00]
Running from: c:\users\Graham\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AbaleZip.dll
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-1731352543-3892579127-1766459742-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\Install.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\Graham\AppData\Roaming\Microsoft\Windows\Recent\fix.txt.URL
.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.
2010-05-12 02:24 . 2010-05-12 02:24 -------- d-----w- c:\users\Graham\AppData\Local\temp
2010-05-12 02:24 . 2010-05-12 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 02:07 . 2010-05-12 02:08 -------- d-----w- C:\32788R22FWJFW
2010-05-08 13:55 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-08 13:55 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-08 13:55 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-08 13:55 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-08 13:55 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-08 13:54 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-08 13:54 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-08 13:53 . 2010-05-08 13:53 -------- d-----w- c:\programdata\Alwil Software
2010-05-08 13:53 . 2010-05-08 13:53 -------- d-----w- c:\program files\Alwil Software
2010-05-07 09:39 . 2010-05-07 09:39 -------- d-----w- c:\program files\ESET
2010-05-06 14:03 . 2010-05-06 14:03 -------- d-----w- C:\_OTS
2010-05-03 10:25 . 2009-10-20 10:47 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-05-03 10:25 . 2009-10-12 07:22 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-05-03 10:25 . 2009-09-10 06:55 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-05-03 10:25 . 2007-08-08 20:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-05-03 10:25 . 2010-05-03 10:29 -------- d-----w- c:\program files\Optus Wireless Broadband
2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- c:\program files\trend micro
2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- C:\rsit
2010-04-25 06:00 . 2010-04-25 06:00 52224 ----a-w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 06:00 . 2010-04-25 06:00 117760 ----a-w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 05:59 . 2010-04-25 05:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-25 05:57 . 2010-04-25 11:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-25 05:57 . 2010-04-25 05:57 -------- d-----w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com
2010-04-24 07:22 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-24 07:22 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-24 07:22 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-24 07:11 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 07:10 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-24 07:09 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-04-24 07:09 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-04-24 07:09 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-24 06:59 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-24 06:58 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-22 11:53 . 2009-05-26 16:43 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-22 11:53 . 2009-02-27 11:07 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe
2010-04-22 08:47 . 2010-04-22 08:47 -------- d-----w- c:\programdata\SlySoft
2010-04-22 08:41 . 2010-04-22 08:41 -------- d-----w- c:\program files\SlySoft
2010-04-21 15:36 . 2010-04-28 13:13 -------- d-----w- c:\program files\AdFirewall
2010-04-21 15:36 . 2010-04-25 23:43 9728 ----a-w- c:\windows\system32\drivers\AdFirewallDriver.SYS
2010-04-21 15:36 . 2010-04-25 23:43 44032 ----a-w- c:\windows\system32\drivers\AdFirewall.SYS
2010-04-20 13:44 . 2010-04-20 13:44 -------- d-----w- c:\users\Graham\AppData\Roaming\iTunes Agent
2010-04-20 13:30 . 2010-04-20 13:30 -------- d-----w- c:\users\Graham\AppData\Roaming\Jaran Nilsen
2010-04-20 13:30 . 2010-04-20 13:44 -------- d-----w- c:\program files\iTunes Agent
2010-04-20 10:29 . 2010-04-20 10:30 -------- d-----w- c:\programdata\PC Suite
2010-04-20 10:29 . 2010-04-20 10:31 -------- d-----w- c:\users\Graham\AppData\Roaming\PC Suite
2010-04-20 10:09 . 2010-04-22 12:42 -------- d-----w- c:\users\Graham\AppData\Roaming\Samsung
2010-04-20 10:05 . 2010-04-20 10:05 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-20 09:41 . 2010-04-20 09:41 -------- d-----w- c:\program files\DIFX
2010-04-20 09:41 . 2008-08-26 01:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-20 09:39 . 2010-04-20 09:39 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 09:34 . 2010-04-20 10:05 -------- d-----w- c:\program files\Samsung
2010-04-20 00:10 . 2010-04-20 00:10 -------- d-----w- c:\program files\JRE
2010-04-19 14:40 . 2010-04-19 14:40 -------- d-----w- c:\users\Graham\AppData\Roaming\Malwarebytes
2010-04-19 14:39 . 2010-03-29 07:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 14:39 . 2010-04-19 14:39 -------- d-----w- c:\programdata\Malwarebytes
2010-04-19 14:39 . 2010-04-19 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 14:39 . 2010-03-29 07:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 05:59 . 2010-04-18 05:59 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 00:14 . 2008-02-28 05:27 -------- d-----w- c:\program files\Google
2010-05-09 23:36 . 2009-01-18 22:41 1 ----a-w- c:\users\Graham\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-09 02:43 . 2009-03-16 14:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-06 09:35 . 2009-03-01 04:01 1356 ----a-w- c:\users\Graham\AppData\Local\d3d9caps.dat
2010-05-04 09:25 . 2009-03-06 23:50 -------- d-----w- c:\users\Graham\AppData\Roaming\Skype
2010-05-04 09:16 . 2009-03-06 23:52 -------- d-----w- c:\users\Graham\AppData\Roaming\skypePM
2010-04-26 06:03 . 2009-11-09 22:11 -------- d-----w- c:\programdata\avg9
2010-04-25 11:22 . 2008-02-03 05:17 -------- d-----w- c:\program files\Yahoo!
2010-04-25 11:18 . 2010-02-23 09:34 -------- d-----w- c:\program files\HP
2010-04-25 11:16 . 2009-07-03 23:23 -------- d-----w- c:\program files\Juice
2010-04-25 08:25 . 2008-09-26 08:00 -------- d-----w- c:\users\Graham\AppData\Roaming\FrostWire
2010-04-24 08:01 . 2008-02-01 22:10 118744 ----a-w- c:\users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 07:46 . 2008-04-12 18:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-24 07:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-24 07:37 . 2007-09-02 11:39 -------- d-----w- c:\programdata\Microsoft Help
2010-04-21 11:04 . 2010-03-22 10:51 -------- d-----w- c:\users\Graham\AppData\Roaming\GetRightToGo
2010-04-20 10:31 . 2010-04-20 10:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-04-20 09:32 . 2009-09-15 11:32 -------- d-----w- c:\programdata\Installations
2010-04-20 00:24 . 2009-01-18 22:40 -------- d-----w- c:\users\Graham\AppData\Roaming\OpenOffice.org
2010-04-20 00:10 . 2008-12-21 00:53 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-19 23:49 . 2008-10-13 14:13 -------- d-----w- c:\users\Graham\AppData\Roaming\ZoomBrowser EX
2010-04-19 23:48 . 2009-01-26 13:58 -------- d-----w- c:\users\Graham\AppData\Roaming\CameraWindowDC
2010-04-19 12:35 . 2007-08-23 18:56 -------- d-----w- c:\program files\Java
2010-04-11 08:47 . 2010-04-11 07:11 -------- d-----w- c:\program files\Incomplete
2010-04-11 08:47 . 2010-04-11 07:16 -------- d-----w- c:\program files\FrostWire
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-07 14:28 . 2010-04-07 14:28 104768 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-04-01 21:50 . 2007-08-23 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 08:41 . 2009-04-26 13:31 -------- d-----w- c:\users\Graham\AppData\Roaming\mIRC
2010-03-19 13:31 . 2010-03-19 13:31 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-03-16 23:47 . 2010-03-16 23:47 -------- d-----w- c:\program files\Defraggler
2010-03-16 23:45 . 2008-07-12 12:41 -------- d-----w- c:\program files\CCleaner
2010-03-16 14:35 . 2010-03-16 14:31 -------- d-----w- c:\users\Graham\AppData\Roaming\Apple Computer
2010-03-16 14:29 . 2010-03-16 14:27 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 14:29 . 2010-03-16 14:27 -------- d-----w- c:\program files\iTunes
2010-03-16 14:28 . 2010-03-16 14:28 -------- d-----w- c:\program files\iPod
2010-03-16 14:28 . 2009-11-03 07:01 -------- d-----w- c:\program files\Common Files\Apple
2010-03-16 14:27 . 2010-03-16 14:23 -------- d-----w- c:\programdata\Apple Computer
2010-03-16 14:24 . 2010-03-16 14:24 -------- d-----w- c:\program files\Bonjour
2010-03-16 14:24 . 2010-03-16 14:23 -------- d-----w- c:\program files\QuickTime
2010-03-08 20:28 . 2008-11-26 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 14:01 . 2010-04-24 07:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 02:16 . 2009-10-02 22:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 11:32 . 2010-04-24 07:11 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:32 . 2010-04-24 07:11 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:32 . 2010-04-24 07:11 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 09:53 . 2010-02-23 09:31 160876 ----a-w- c:\windows\hpoins44.dat
2010-02-23 06:39 . 2010-04-24 07:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-24 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-24 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-24 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 14:49 . 2010-04-24 07:12 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:49 . 2010-04-24 07:12 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:49 . 2010-04-24 07:12 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:11 . 2010-04-24 07:12 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:52 . 2010-04-24 07:12 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 00:01 . 2010-03-22 10:57 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2010-02-15 10:41 . 2010-02-15 10:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="TOSCDSPD.EXE" [BU]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]
"S60 PC Suite Tray"="c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-05 699392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdFirewall]
2010-04-25 23:43 878592 ----a-w- c:\program files\AdFirewall\AdFirewall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 08:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 10:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 07:24 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60 PC Suite Tray]
2008-12-05 17:48 699392 ----a-w- c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
c:\program files\Search Settings\SearchSettings.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 06:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYTIEM]
c:\users\Graham\AppData\Local\Temp\csrss.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
c:\program files\Vidalia Bundle\Vidalia\vidalia.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 gupdate1c985f3866ccc10;Google Update Service (gupdate1c985f3866ccc10);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-20 112640]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-02-18 23096]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [x]
S0 AdFirewallDriver;AdFirewall Driver; [x]
S1 AdFirewall;AdFirewall Driver;c:\windows\system32\drivers\AdFirewall.SYS [2010-04-25 44032]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{233807B5-2H70-13D0-A31Q-00BB00B32C03}]
c:\users\Graham\AppData\Local\Temp\csrss.exe [BU]
.
Contents of the 'Scheduled Tasks' folder
2010-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 12:10]
2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 11:35]
2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 11:35]
2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
- c:\windows\system32\msfeedssync.exe [2010-04-24 04:54]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}\components\36994292-eab8-0275-0c21-165a85a15760.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 10:24
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-12 10:29:45
ComboFix-quarantined-files.txt 2010-05-12 02:29
Pre-Run: 89,878,331,392 bytes free
Post-Run: 89,619,156,992 bytes free
- - End Of File - - 3446D0961202427CD6B3D03FF2A87879
Hi grubbit
Run CFScript
Open Notepad and copy/paste the text in the box into the window:
Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}\components\36994292-eab8-0275-0c21-165a85a15760.dll
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Please reply with
the ComboFix log(C:\ComboFix.txt)
Thanks peku006
ComboFix 10-05-10.05 - Graham 12/05/2010 16:15:59.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.893.189 [GMT 8:00]
Running from: c:\users\Graham\Desktop\ComboFix.exe
Command switches used :: c:\users\Graham\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}\components\36994292-eab8-0275-0c21-165a85a15760.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.
2010-05-12 08:28 . 2010-05-12 08:28 -------- d-----w- c:\users\Graham\AppData\Local\temp
2010-05-12 08:28 . 2010-05-12 08:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-12 08:28 . 2010-05-12 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 13:55 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-08 13:55 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-08 13:55 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-08 13:55 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-08 13:55 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-08 13:54 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-08 13:54 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-08 13:53 . 2010-05-08 13:53 -------- d-----w- c:\programdata\Alwil Software
2010-05-08 13:53 . 2010-05-08 13:53 -------- d-----w- c:\program files\Alwil Software
2010-05-07 09:39 . 2010-05-07 09:39 -------- d-----w- c:\program files\ESET
2010-05-06 14:03 . 2010-05-06 14:03 -------- d-----w- C:\_OTS
2010-05-03 10:25 . 2009-10-20 10:47 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-05-03 10:25 . 2009-10-12 07:22 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-05-03 10:25 . 2009-09-10 06:55 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-05-03 10:25 . 2007-08-08 20:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-05-03 10:25 . 2010-05-03 10:29 -------- d-----w- c:\program files\Optus Wireless Broadband
2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- c:\program files\trend micro
2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- C:\rsit
2010-04-25 06:00 . 2010-04-25 06:00 52224 ----a-w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 06:00 . 2010-04-25 06:00 117760 ----a-w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 05:59 . 2010-04-25 05:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-25 05:57 . 2010-04-25 11:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-25 05:57 . 2010-04-25 05:57 -------- d-----w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com
2010-04-24 07:22 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-24 07:22 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-24 07:22 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-24 07:11 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 07:10 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-24 07:09 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-04-24 07:09 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-04-24 07:09 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-24 06:59 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-24 06:58 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-22 11:53 . 2009-05-26 16:43 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-22 11:53 . 2009-02-27 11:07 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe
2010-04-22 08:47 . 2010-04-22 08:47 -------- d-----w- c:\programdata\SlySoft
2010-04-22 08:41 . 2010-04-22 08:41 -------- d-----w- c:\program files\SlySoft
2010-04-21 15:36 . 2010-04-28 13:13 -------- d-----w- c:\program files\AdFirewall
2010-04-21 15:36 . 2010-04-25 23:43 9728 ----a-w- c:\windows\system32\drivers\AdFirewallDriver.SYS
2010-04-21 15:36 . 2010-04-25 23:43 44032 ----a-w- c:\windows\system32\drivers\AdFirewall.SYS
2010-04-20 13:44 . 2010-04-20 13:44 -------- d-----w- c:\users\Graham\AppData\Roaming\iTunes Agent
2010-04-20 13:30 . 2010-04-20 13:30 -------- d-----w- c:\users\Graham\AppData\Roaming\Jaran Nilsen
2010-04-20 13:30 . 2010-04-20 13:44 -------- d-----w- c:\program files\iTunes Agent
2010-04-20 10:29 . 2010-04-20 10:30 -------- d-----w- c:\programdata\PC Suite
2010-04-20 10:29 . 2010-04-20 10:31 -------- d-----w- c:\users\Graham\AppData\Roaming\PC Suite
2010-04-20 10:09 . 2010-04-22 12:42 -------- d-----w- c:\users\Graham\AppData\Roaming\Samsung
2010-04-20 10:05 . 2010-04-20 10:05 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-20 09:41 . 2010-04-20 09:41 -------- d-----w- c:\program files\DIFX
2010-04-20 09:41 . 2008-08-26 01:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-20 09:39 . 2010-04-20 09:39 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 09:34 . 2010-04-20 10:05 -------- d-----w- c:\program files\Samsung
2010-04-20 00:10 . 2010-04-20 00:10 -------- d-----w- c:\program files\JRE
2010-04-19 14:40 . 2010-04-19 14:40 -------- d-----w- c:\users\Graham\AppData\Roaming\Malwarebytes
2010-04-19 14:39 . 2010-03-29 07:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 14:39 . 2010-04-19 14:39 -------- d-----w- c:\programdata\Malwarebytes
2010-04-19 14:39 . 2010-04-19 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 14:39 . 2010-03-29 07:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 05:59 . 2010-04-18 05:59 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 00:14 . 2008-02-28 05:27 -------- d-----w- c:\program files\Google
2010-05-09 23:36 . 2009-01-18 22:41 1 ----a-w- c:\users\Graham\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-09 02:43 . 2009-03-16 14:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-06 09:35 . 2009-03-01 04:01 1356 ----a-w- c:\users\Graham\AppData\Local\d3d9caps.dat
2010-05-04 09:25 . 2009-03-06 23:50 -------- d-----w- c:\users\Graham\AppData\Roaming\Skype
2010-05-04 09:16 . 2009-03-06 23:52 -------- d-----w- c:\users\Graham\AppData\Roaming\skypePM
2010-04-26 06:03 . 2009-11-09 22:11 -------- d-----w- c:\programdata\avg9
2010-04-25 11:22 . 2008-02-03 05:17 -------- d-----w- c:\program files\Yahoo!
2010-04-25 11:18 . 2010-02-23 09:34 -------- d-----w- c:\program files\HP
2010-04-25 11:16 . 2009-07-03 23:23 -------- d-----w- c:\program files\Juice
2010-04-25 08:25 . 2008-09-26 08:00 -------- d-----w- c:\users\Graham\AppData\Roaming\FrostWire
2010-04-24 08:01 . 2008-02-01 22:10 118744 ----a-w- c:\users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 07:46 . 2008-04-12 18:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-24 07:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-24 07:37 . 2007-09-02 11:39 -------- d-----w- c:\programdata\Microsoft Help
2010-04-21 11:04 . 2010-03-22 10:51 -------- d-----w- c:\users\Graham\AppData\Roaming\GetRightToGo
2010-04-20 10:31 . 2010-04-20 10:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-04-20 09:32 . 2009-09-15 11:32 -------- d-----w- c:\programdata\Installations
2010-04-20 00:24 . 2009-01-18 22:40 -------- d-----w- c:\users\Graham\AppData\Roaming\OpenOffice.org
2010-04-20 00:10 . 2008-12-21 00:53 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-19 23:49 . 2008-10-13 14:13 -------- d-----w- c:\users\Graham\AppData\Roaming\ZoomBrowser EX
2010-04-19 23:48 . 2009-01-26 13:58 -------- d-----w- c:\users\Graham\AppData\Roaming\CameraWindowDC
2010-04-19 12:35 . 2007-08-23 18:56 -------- d-----w- c:\program files\Java
2010-04-11 08:47 . 2010-04-11 07:11 -------- d-----w- c:\program files\Incomplete
2010-04-11 08:47 . 2010-04-11 07:16 -------- d-----w- c:\program files\FrostWire
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-07 14:28 . 2010-04-07 14:28 104768 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-04-01 21:50 . 2007-08-23 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 08:41 . 2009-04-26 13:31 -------- d-----w- c:\users\Graham\AppData\Roaming\mIRC
2010-03-19 13:31 . 2010-03-19 13:31 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-03-16 23:47 . 2010-03-16 23:47 -------- d-----w- c:\program files\Defraggler
2010-03-16 23:45 . 2008-07-12 12:41 -------- d-----w- c:\program files\CCleaner
2010-03-16 14:35 . 2010-03-16 14:31 -------- d-----w- c:\users\Graham\AppData\Roaming\Apple Computer
2010-03-16 14:29 . 2010-03-16 14:27 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 14:29 . 2010-03-16 14:27 -------- d-----w- c:\program files\iTunes
2010-03-16 14:28 . 2010-03-16 14:28 -------- d-----w- c:\program files\iPod
2010-03-16 14:28 . 2009-11-03 07:01 -------- d-----w- c:\program files\Common Files\Apple
2010-03-16 14:27 . 2010-03-16 14:23 -------- d-----w- c:\programdata\Apple Computer
2010-03-16 14:24 . 2010-03-16 14:24 -------- d-----w- c:\program files\Bonjour
2010-03-16 14:24 . 2010-03-16 14:23 -------- d-----w- c:\program files\QuickTime
2010-03-08 20:28 . 2008-11-26 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 14:01 . 2010-04-24 07:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 02:16 . 2009-10-02 22:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 11:32 . 2010-04-24 07:11 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:32 . 2010-04-24 07:11 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:32 . 2010-04-24 07:11 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 09:53 . 2010-02-23 09:31 160876 ----a-w- c:\windows\hpoins44.dat
2010-02-23 06:39 . 2010-04-24 07:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-24 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-24 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-24 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 14:49 . 2010-04-24 07:12 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:49 . 2010-04-24 07:12 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:49 . 2010-04-24 07:12 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:11 . 2010-04-24 07:12 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:52 . 2010-04-24 07:12 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 00:01 . 2010-03-22 10:57 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2010-02-15 10:41 . 2010-02-15 10:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="TOSCDSPD.EXE" [BU]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]
"S60 PC Suite Tray"="c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-05 699392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdFirewall]
2010-04-25 23:43 878592 ----a-w- c:\program files\AdFirewall\AdFirewall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 08:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 10:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 07:24 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60 PC Suite Tray]
2008-12-05 17:48 699392 ----a-w- c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
c:\program files\Search Settings\SearchSettings.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 06:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYTIEM]
c:\users\Graham\AppData\Local\Temp\csrss.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
c:\program files\Vidalia Bundle\Vidalia\vidalia.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 gupdate1c985f3866ccc10;Google Update Service (gupdate1c985f3866ccc10);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-02-18 23096]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [x]
R3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
S0 AdFirewallDriver;AdFirewall Driver; [x]
S1 AdFirewall;AdFirewall Driver;c:\windows\system32\drivers\AdFirewall.SYS [2010-04-25 44032]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-20 112640]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{233807B5-2H70-13D0-A31Q-00BB00B32C03}]
c:\users\Graham\AppData\Local\Temp\csrss.exe [BU]
.
Contents of the 'Scheduled Tasks' folder
2010-05-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 12:10]
2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 11:35]
2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 11:35]
2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
- c:\windows\system32\msfeedssync.exe [2010-04-24 04:54]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 16:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-12 16:34:29
ComboFix-quarantined-files.txt 2010-05-12 08:34
ComboFix2.txt 2010-05-12 02:29
Pre-Run: 94,396,633,088 bytes free
Post-Run: 94,368,886,784 bytes free
- - End Of File - - 2F8FF2E1F1B8F55BDF7E23BADB653CED
Hi grubbit
this is still there : browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=..........why
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer and save it to your Desktop.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.
Thanks peku006
OTL logfile created on: 13/05/2010 9:06:25 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Graham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
893.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.02 Gb Total Space | 85.96 Gb Free Space | 60.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GRAHAM-PC
Current User Name: Graham
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Graham\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Graham\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (STSService) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia)
DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia)
DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia)
DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www.dymasearch.com/search.php?src=tops&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3
FF - prefs.js..keyword.URL: "http://www.dymasearch.com/search.php?src=tops&q="
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
[2008/09/01 03:39:43 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Mozilla\Extensions
[2010/05/12 23:04:22 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions
[2009/09/03 03:43:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/05 20:30:14 | 000,002,164 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\bing.xml
[2010/04/18 13:01:30 | 000,000,254 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\Search.xml
[2010/04/19 20:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:01:20 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}
[2010/03/24 22:09:45 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/24 22:09:45 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/24 22:09:45 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/24 22:09:45 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\Graham\AppData\Local\Temp\cpes_clean_launcher.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003..\Run: [S60 PC Suite Tray] C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O4 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003..\Run: [TOSCDSPD] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.0.51 61.88.88.88
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Graham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Graham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/11/28 00:03:32 | 000,004,286 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/08/25 01:04:06 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{689ce48d-5d99-11df-94c4-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{689ce48d-5d99-11df-94c4-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fafd151c-5dac-11df-9796-00a0d19c58a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fafd151c-5dac-11df-9796-00a0d19c58a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/05/13 21:05:01 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Graham\Desktop\OTL.exe
[2010/05/13 20:59:44 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Users\Graham\Desktop\ccsetup231.exe
[2010/05/12 21:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2010/05/12 17:51:12 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/05/12 17:51:12 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/05/12 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\ForceField Shared Files
[2010/05/12 17:50:23 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\CheckPoint
[2010/05/12 17:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/12 17:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/05/12 16:34:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/12 16:34:33 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Local\temp
[2010/05/12 16:13:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/12 16:13:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/08 21:55:51 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/08 21:55:51 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/08 21:55:49 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/08 21:55:47 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/08 21:55:43 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/08 21:54:10 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/08 21:54:10 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/08 21:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/06 22:03:36 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/05/03 23:04:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/03 22:52:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/03 22:52:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/03 22:52:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/03 22:52:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/03 22:51:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/03 18:25:28 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/05/03 18:25:28 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/05/03 18:25:28 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010/05/03 18:25:28 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010/05/03 18:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Wireless Broadband
[2010/04/28 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/04/28 21:35:02 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/25 15:52:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Graham\Desktop\hijackthis.exe
[2010/04/25 13:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/25 13:57:26 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/25 13:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/24 15:22:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/04/24 15:22:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/04/24 15:12:37 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/24 15:12:31 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/24 15:12:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/24 15:12:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/24 15:12:24 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/24 15:12:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/24 15:12:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/24 15:12:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/24 15:12:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/24 15:12:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/24 15:12:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/24 15:12:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/24 15:12:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/24 15:12:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/24 15:12:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/24 15:12:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/24 15:12:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/24 15:12:14 | 000,220,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/04/24 15:12:14 | 000,098,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/04/24 15:12:13 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/04/24 15:12:01 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/24 15:12:01 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/24 15:11:25 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/04/24 15:11:11 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/04/24 15:11:11 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/04/24 15:11:08 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/04/24 15:11:08 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/04/24 15:11:08 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/04/24 15:11:08 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/04/24 15:11:03 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/04/24 15:11:03 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/04/24 15:11:03 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/04/24 15:10:58 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/04/24 15:10:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/04/24 15:10:57 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/04/24 15:10:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/04/24 15:10:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/04/24 15:10:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/24 15:10:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/04/24 15:10:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/04/24 15:10:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/04/24 15:09:59 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/04/24 15:09:55 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/24 15:09:55 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/04/24 15:09:49 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/04/24 14:59:05 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/04/24 14:58:55 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/04/22 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\AnyDVDHD
[2010/04/22 16:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/04/22 16:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/04/21 23:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\AdFirewall
[2010/04/20 21:44:23 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\iTunes Agent
[2010/04/20 21:30:46 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Jaran Nilsen
[2010/04/20 21:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes Agent
[2010/04/20 18:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/04/20 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\PC Suite
[2010/04/20 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Samsung
[2010/04/20 18:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/04/20 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/04/20 17:41:29 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/04/20 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/20 17:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/04/20 08:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/19 22:40:10 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Malwarebytes
[2010/04/19 22:39:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/19 22:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/19 22:39:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/19 20:36:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/19 20:36:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/19 20:36:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/19 09:54:52 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\Monthly Quote Reports
[2010/04/18 13:59:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
========== Files - Modified Within 30 Days ==========
[2010/05/13 21:05:35 | 003,670,016 | -HS- | M] () -- C:\Users\Graham\ntuser.dat
[2010/05/13 21:05:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Graham\Desktop\OTL.exe
[2010/05/13 21:00:27 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\Graham\Desktop\ccsetup231.exe
[2010/05/13 20:57:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/13 20:47:28 | 000,760,648 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/13 20:47:28 | 000,650,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/13 20:47:28 | 000,124,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/13 20:36:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 20:36:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 20:36:22 | 000,001,356 | ---- | M] () -- C:\Users\Graham\AppData\Local\d3d9caps.dat
[2010/05/13 20:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/13 07:17:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/13 07:14:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 07:14:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/13 07:14:08 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 23:44:35 | 000,524,288 | -HS- | M] () -- C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 23:44:35 | 000,065,536 | -HS- | M] () -- C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/12 23:44:30 | 003,248,858 | -H-- | M] () -- C:\Users\Graham\AppData\Local\IconCache.db
[2010/05/12 21:35:57 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
[2010/05/12 16:28:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/12 09:58:01 | 003,686,521 | R--- | M] () -- C:\Users\Graham\Desktop\ComboFix.exe
[2010/05/10 08:15:42 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 07:34:50 | 000,000,474 | ---- | M] () -- C:\Users\Graham\Documents\hijackthis.exe - Shortcut.lnk
[2010/05/09 07:32:36 | 000,154,112 | ---- | M] () -- C:\Users\Graham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 21:55:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/07 04:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/07 04:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/07 04:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/07 04:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/07 04:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/07 04:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/07 04:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/03 18:25:34 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/04/30 08:40:14 | 000,194,835 | ---- | M] () -- C:\Users\Graham\Documents\ClientQuote.pdf
[2010/04/30 08:40:14 | 000,038,408 | ---- | M] () -- C:\Users\Graham\Documents\Terms and conditions.pdf
[2010/04/27 14:19:04 | 000,009,216 | ---- | M] () -- C:\Users\Graham\Documents\Removal List.xls
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/25 15:53:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Graham\Desktop\hijackthis.exe
[2010/04/24 16:01:07 | 000,118,744 | ---- | M] () -- C:\Users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/24 15:47:20 | 000,420,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/22 20:47:21 | 000,022,207 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\NMM-MetaData.db
[2010/04/22 19:44:41 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/04/22 10:25:44 | 000,868,342 | ---- | M] () -- C:\Users\Graham\Documents\0802-A01 REV 0.PDF
[2010/04/22 00:08:59 | 002,277,842 | ---- | M] () -- C:\Users\Graham\Documents\i8910_um_open_eng_rev10_090518.pdf
[2010/04/20 22:59:37 | 000,000,000 | ---- | M] () -- C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita
[2010/04/20 21:44:07 | 000,000,863 | ---- | M] () -- C:\Users\Graham\Desktop\iTunes Agent.lnk
[2010/04/20 18:46:01 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/04/20 18:31:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/20 08:14:16 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/19 08:59:46 | 000,016,384 | ---- | M] () -- C:\Users\Graham\Documents\Monthly Quote Report.xls
[2010/04/17 11:04:43 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
========== Files Created - No Company Name ==========
[2010/05/12 09:57:21 | 003,686,521 | R--- | C] () -- C:\Users\Graham\Desktop\ComboFix.exe
[2010/05/10 08:15:42 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 07:34:50 | 000,000,474 | ---- | C] () -- C:\Users\Graham\Documents\hijackthis.exe - Shortcut.lnk
[2010/05/07 21:31:31 | 000,000,910 | ---- | C] () -- C:\Users\Graham\AppData\Local\log.txt.lnk
[2010/05/03 22:52:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/03 22:52:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/03 22:52:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/03 22:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/03 22:52:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/03 18:25:34 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/05/02 10:11:45 | 937,476,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/30 08:40:14 | 000,038,408 | ---- | C] () -- C:\Users\Graham\Documents\Terms and conditions.pdf
[2010/04/30 08:40:08 | 000,194,835 | ---- | C] () -- C:\Users\Graham\Documents\ClientQuote.pdf
[2010/04/27 13:20:27 | 000,009,216 | ---- | C] () -- C:\Users\Graham\Documents\Removal List.xls
[2010/04/24 15:12:14 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/04/22 16:47:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/22 10:25:39 | 000,868,342 | ---- | C] () -- C:\Users\Graham\Documents\0802-A01 REV 0.PDF
[2010/04/22 00:08:41 | 002,277,842 | ---- | C] () -- C:\Users\Graham\Documents\i8910_um_open_eng_rev10_090518.pdf
[2010/04/20 22:59:37 | 000,000,000 | ---- | C] () -- C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita
[2010/04/20 21:30:32 | 000,000,863 | ---- | C] () -- C:\Users\Graham\Desktop\iTunes Agent.lnk
[2010/04/20 19:11:16 | 000,022,207 | ---- | C] () -- C:\Users\Graham\AppData\Roaming\NMM-MetaData.db
[2010/04/20 18:31:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/20 18:06:02 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/04/19 20:49:11 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/17 11:04:42 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/22 17:22:03 | 000,018,690 | ---- | C] () -- C:\Windows\System32\drivers\usbhsb.sys
[2009/09/11 05:56:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/29 00:59:44 | 004,377,500 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/28 23:51:00 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/28 23:50:50 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/12/28 23:49:08 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/12/13 00:57:38 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/12/10 02:57:26 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/12/10 02:57:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/12/10 02:57:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/12/10 02:56:42 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/12/10 02:56:34 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/12/10 02:56:22 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/12/08 21:37:04 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/08 21:34:42 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/08 20:53:40 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/08 20:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/05 05:46:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/27 03:55:22 | 000,683,520 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008/11/27 02:49:10 | 000,238,080 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/08/06 06:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/06 05:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/08/06 05:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/03/29 23:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2008/03/29 23:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2008/03/29 23:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2008/03/29 23:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2008/03/29 23:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2008/03/29 23:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2008/03/29 23:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2008/03/29 23:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2008/03/29 23:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2008/03/29 23:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/02/24 02:51:47 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/24 02:51:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/24 02:51:47 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/24 02:51:47 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/03 02:28:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/13 17:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/08/24 03:32:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/24 03:29:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/24 03:29:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/24 03:29:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/24 03:29:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/24 03:29:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/24 03:29:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/24 03:13:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/24 02:30:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/24 02:29:59 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/11 01:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/12/06 04:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/07 01:53:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2005/07/23 12:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >
OTL Extras logfile created on: 13/05/2010 9:06:25 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Graham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
893.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.02 Gb Total Space | 85.96 Gb Free Space | 60.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GRAHAM-PC
Current User Name: Graham
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0076ADB6-89F3-41F6-B3B3-85425591BB8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4DB00C4-752E-4660-BC22-C57C66B7E5D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F220A67B-A726-441C-9FAD-473677DE7ED7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8F5B29-1CD4-4AB8-89DD-17F2FD2A86B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{18B98BAE-B04B-4B3F-9B7C-BDD289F08FF8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{1CC68277-98DB-42FF-AC22-C0E33F9EC4F5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{1F8ED8D0-24C8-40E4-B822-5A616616F72B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A9EEDCB-EA4B-4FD1-9E07-7E7FB4047E21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{2E87BA1B-7ECE-40DA-B0C6-00485135916C}" = protocol=17 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{3829C623-1E2E-4456-A485-747779EF2D00}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{3C5D7F97-17C8-4B11-A4F2-91FD0A107EAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3CF9F197-499D-47F9-A8A4-2E8C6D078D2D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4B9EC26A-C8A7-405A-A204-A76699D51AB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{5FC42096-381C-4282-B275-30AB9215240F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{737D00B7-7001-4044-B9FF-3BEA0C8ECDA8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7AA0E304-E0D9-45BA-9949-399A415A1FB9}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{8756146F-9348-4C84-B33C-CEE5D7963B4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8956741E-FEE0-4A4A-BF3B-5A04ACE9353A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8AA3AF5F-082C-489C-82F2-B02095051D89}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F2D769E-1508-4E3C-AA34-08CFD1724326}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{A2154110-3718-45E1-A1F4-00DC73D840D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A66BAD35-972A-4622-9E1D-7362643A50E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{AA132448-B425-4337-88B1-990A80C1A25D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B265112B-B9E1-4E8A-AB63-19D7A7CAAC46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{B68213DB-79E3-4737-9997-92F4C827316A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C8463275-6CBF-4195-81CC-26E2195D66D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB0CBF6B-B193-47E7-8140-C22B813CAA04}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CF81AF1C-156A-45A3-AF91-B72CE90A9100}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{CF9528AB-4EAE-4EC8-A9CC-3283C128B022}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D64EB970-2121-4AFA-AEF0-985A10D792C7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{D8A1A599-3962-4FCD-AE10-96AA011B7962}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{EA250B63-7756-4964-A035-1EE2F2F2EF17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F68B6598-0221-49C7-AA9A-E4A0AD5CE9AE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F8CFE85C-04D3-431B-A435-0A675415C74B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{F9AE1137-2FB9-46CA-8B8B-1E6AA879EEFD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{1F44E990-F310-43D3-818D-D9913ADDE5DF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{437EB848-5E7E-4A3A-8021-592C049DD337}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{47BCD43B-215A-4D67-A17B-82EB6CD839FB}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{603CEEB1-084D-4B5F-A4F4-D4D50A24CB4D}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{6FE770D7-A8CD-46EB-A8B2-3199629077B3}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{7F7275F9-AF82-4A0B-BC6B-8BF9146BAC4E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{9BD152DA-B2B7-4825-A0B0-5E3F5CF18167}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{C4218740-3D7A-4A7B-B8F0-DE4D1B7F857E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EF7D2227-5EEB-4D86-B0F0-0BE3516F2D60}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{0EFA90D7-7D33-4C35-A193-F2380EB7683A}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{0F0D72DA-530D-4550-969F-92551143A566}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3A2C92B7-713B-4032-9D79-EB1D8ED86EF7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{56A01849-40A2-4938-B7D8-F0E0FD61E84C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{96F0912F-0E95-4FF9-80B6-502EB0CC4D14}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{C26FA0E3-7947-4C35-80F3-08EE68756A94}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{D0787402-FA9B-4E4E-B1F6-925F5BB37BC9}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{DD267053-B983-4229-96CD-24E283A92E79}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{FB24F6F4-C6DE-4874-988F-57E69FEE755D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0221A397-962E-6D84-F786-64E445617999}" = CCC Help English
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08CB1B3E-D42C-3ED5-7896-F8BC31839315}" = Catalyst Control Center Localization Czech
"{0A8C7880-F199-4807-ABD4-6E695B71A3D7}" = e-tax 2009
"{0C9B3E29-3B8B-295E-773B-82F3516F17DD}" = CCC Help Thai
"{0D99E1E9-D28C-6806-0820-13E10082CE7B}" = CCC Help Italian
"{0DC5B855-1CE2-9EA3-AA12-78C8939F68EF}" = Catalyst Control Center Core Implementation
"{0E2C948E-44D6-9A1C-54E7-05217E7DCC13}" = CCC Help Dutch
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B5AB0D6-4F7C-9B93-5323-9037F1E61142}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21EA2A28-3146-E63D-16EE-0BF9FA3D6F5E}" = Catalyst Control Center Localization German
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 19
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{31C97472-E522-A760-F46D-FC0648F77E9C}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40E3BE50-51A6-F8A0-DB5F-7C2698FA5E1F}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{432DC370-01EF-F2D8-34C3-27DCC9B13083}" = CCC Help Norwegian
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44151656-ECAC-99DC-1AC5-1F06A1A62939}" = Catalyst Control Center Graphics Light
"{454AB369-FABF-EB84-FBC1-CA4E8FBD3926}" = Catalyst Control Center Localization Hungarian
"{497268C1-AE62-4A1D-1129-1D03183538B0}" = Catalyst Control Center Localization Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CE6623E-C867-81B3-8B94-A4FE021782BF}" = CCC Help Portuguese
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55FE1E6B-4E8A-0F2B-5B36-8F4363A0AEBC}" = Catalyst Control Center Localization Chinese Traditional
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59DC42FB-13A7-45E1-BCC3-37CE5977951E}" = CCC Help Japanese
"{59DF97C6-3144-FA5A-4380-6B891BB44812}" = CCC Help German
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BBE3EAB-D749-0560-2C39-53DC8531CB01}" = Catalyst Control Center Localization Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{608738F2-51B4-CD53-C1CC-220363513ED7}" = CCC Help Czech
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{649C3B52-AA90-1F36-3D36-CE7F2BB1CB8C}" = Catalyst Control Center Localization Chinese Standard
"{654CABFA-4289-9EC0-F088-34BFCC84A798}" = Catalyst Control Center Localization Turkish
"{65CC9CE1-AAF1-866B-B07E-FECC0B53277E}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9DF7EE-E7B9-E4F1-204A-FE72F47231CB}" = CCC Help Finnish
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7163A2F1-2DED-9EF4-24FC-06D607D2A9C9}" = Catalyst Control Center Graphics Full New
"{731341F3-55AA-8488-A3F1-3D4C43412C87}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A929336-7D2E-C4E3-2AC9-CA80FBEB5701}" = Catalyst Control Center Localization Spanish
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C7D852-CDF6-7006-91C7-E6A54519E5D5}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E850D2A-F5E9-C322-ABFF-683C69686C13}" = Catalyst Control Center Localization Russian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{93FE0FBE-23F5-7BF4-9085-6E046D609F22}" = CCC Help Chinese Traditional
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A74BE9F1-1129-FB71-DA7B-96F5D99CA330}" = Catalyst Control Center Localization Finnish
"{A762A897-3E65-E264-5188-CBAD303064C2}" = Skins
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AB79C30D-A920-D219-B4FD-C9552A0419D3}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AD6A78C4-AD77-448D-4F9D-43AD80C8D8FF}" = Catalyst Control Center Localization French
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEE482BA-1731-499C-346D-B5F498B7DBF8}" = CCC Help Turkish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3E356C8-CEB3-467C-EA92-8FC2CA15AD51}" = Catalyst Control Center Localization Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BBD408BC-486B-9857-C805-945F8F083877}" = CCC Help Swedish
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE044C42-908B-4952-5140-E2B8FD67F267}" = CCC Help Danish
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C29D1033-0247-FFC6-7895-204ABABA0F20}" = ccc-utility
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C643EEE3-A55A-58D1-D543-ED46726288CB}" = CCC Help Greek
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D0B87CB2-8599-4975-0E50-DB2F8E6B9AE6}" = Catalyst Control Center Localization Thai
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA401137-8791-F77A-591C-F0BC3E7ED04E}" = Catalyst Control Center Localization Greek
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC9B7572-50C6-180D-916D-3E2CBD00C0C7}" = Catalyst Control Center Localization Japanese
"{DFCFF0F1-005D-E317-733D-8D19D54FBF08}" = Catalyst Control Center Localization Swedish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E748D6A5-D03D-BDE1-C094-DAE3F5BCEEF6}" = Catalyst Control Center Graphics Previews Vista
"{E8316038-8C38-52A8-9014-FD35536567E8}" = Catalyst Control Center Localization Dutch
"{E96A0335-C6EA-D11A-3A49-8586A8FED544}" = ccc-core-static
"{E9E6642B-0714-37B4-0248-D036B60F8F12}" = CCC Help Korean
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F05E0039-D2A7-198B-B79E-285395EBB5BB}" = Catalyst Control Center Localization Italian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F734CA55-0939-1F1A-A8B5-19B91B3D4B1F}" = Catalyst Control Center Localization Norwegian
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FE4C0830-A0F3-B67E-93BC-21C4B0BB0267}" = CCC Help Hungarian
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"avast5" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.2.0
"Eraser 5.3" = Eraser 5.3
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0, build 24
"FrostWire" = FrostWire 4.20.3
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NASA World Wind 1.4" = NASA World Wind 1.4
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"Optus Wireless Broadband" = Optus Wireless Broadband
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung PC Studio 7" = Samsung PC Studio 7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"USB File Transfer 1.11A" = USB File Transfer 1.11A
"Window Washer" = Window Washer
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Customizations" = Yahoo!7 Extras
"Yahoo!7 Messenger" = Yahoo!7 Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iTunes Agent 1.3.1" = iTunes Agent 1.3.1
"iTunes Agent 1.3.3" = iTunes Agent 1.3.3
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22/04/2010 4:52:06 AM | Computer Name = Graham-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 22/04/2010 7:07:56 AM | Computer Name = Graham-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 22/04/2010 7:54:39 AM | Computer Name = Graham-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 23/04/2010 8:57:06 PM | Computer Name = Graham-PC | Source = Google Update | ID = 20
Description =
Error - 23/04/2010 11:55:31 PM | Computer Name = Graham-PC | Source = EventSystem | ID = 4609
Description =
Error - 24/04/2010 4:28:17 AM | Computer Name = Graham-PC | Source = EventSystem | ID = 4621
Description =
Error - 25/04/2010 1:57:34 AM | Computer Name = Graham-PC | Source = ESENT | ID = 490
Description = Catalog Database (1744) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for
read / write access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 25/04/2010 1:57:39 AM | Computer Name = Graham-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =
Error - 25/04/2010 1:58:01 AM | Computer Name = Graham-PC | Source = ESENT | ID = 490
Description = Catalog Database (1744) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for
read / write access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 25/04/2010 1:58:01 AM | Computer Name = Graham-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =
[ Media Center Events ]
Error - 9/03/2010 5:31:41 PM | Computer Name = Graham-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
[ OSession Events ]
Error - 3/06/2009 8:32:31 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/06/2009 8:32:42 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 5/06/2009 1:48:06 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/06/2009 7:30:08 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/06/2009 2:57:57 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/06/2009 2:58:59 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/06/2009 3:06:34 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12/05/2010 9:24:39 AM | Computer Name = Graham-PC | Source = HTTP | ID = 15016
Description =
Error - 12/05/2010 9:25:02 AM | Computer Name = Graham-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/05/2010 9:25:02 AM | Computer Name = Graham-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12/05/2010 11:19:11 AM | Computer Name = Graham-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 114.74.230.182 for the Network Card with network
address 001E101F4DA1 has been denied by the DHCP server 114.74.251.129 (The DHCP
Server sent a DHCPNACK message).
Error - 12/05/2010 11:19:11 AM | Computer Name = Graham-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 114.74.230.182
with the system having network hardware address 02-50-F3-00-00-00. Network operations
on this system may be disrupted as a result.
Error - 12/05/2010 11:44:28 AM | Computer Name = Graham-PC | Source = DCOM | ID = 10010
Description =
Error - 12/05/2010 7:14:30 PM | Computer Name = Graham-PC | Source = HTTP | ID = 15016
Description =
Error - 12/05/2010 7:15:00 PM | Computer Name = Graham-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/05/2010 7:15:00 PM | Computer Name = Graham-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 13/05/2010 8:36:03 AM | Computer Name = Graham-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Hi grubbit
We need to run an OTL Fix
Double-click OTL.exe to start the program.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code
:OTL
FF - prefs.js..browser.search.defaulturl: "http://www.dymasearch.com/search.php?src=tops&q="
FF - prefs.js..keyword.URL: "http://www.dymasearch.com/search.php?src=tops&q="
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Thanks peku006
Hi Peku,
So sorry we got all this way and I accidently deleted the log file, but I have been surfing for a few days now and not one pop up or banner! Just to say a big thank you for saving my sanity.If there is a way I can retrieve it just let me know, I tried running the script again and it just says error etc
Hi grubbit
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Thanks peku006
OTL logfile created on: 18/05/2010 11:21:21 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Graham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
893.00 Mb Total Physical Memory | 184.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 33.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.02 Gb Total Space | 83.80 Gb Free Space | 59.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GRAHAM-PC
Current User Name: Graham
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Graham\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Graham\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (STSService) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia)
DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia)
DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia)
DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
[2008/09/01 03:39:43 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Mozilla\Extensions
[2010/05/18 09:30:28 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions
[2009/09/03 03:43:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/05 20:30:14 | 000,002,164 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\bing.xml
[2010/04/18 13:01:30 | 000,000,254 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\Search.xml
[2010/04/19 20:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:01:20 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}
[2010/03/24 22:09:45 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/24 22:09:45 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/24 22:09:45 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/24 22:09:45 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\Graham\AppData\Local\Temp\cpes_clean_launcher.exe File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [S60 PC Suite Tray] C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.0.51 61.88.88.88
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Graham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Graham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/11/28 00:03:32 | 000,004,286 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/08/25 01:04:06 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{689ce48d-5d99-11df-94c4-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{689ce48d-5d99-11df-94c4-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fafd151c-5dac-11df-9796-00a0d19c58a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fafd151c-5dac-11df-9796-00a0d19c58a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/05/16 09:22:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/13 21:05:01 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Graham\Desktop\OTL.exe
[2010/05/12 21:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2010/05/12 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\ForceField Shared Files
[2010/05/12 17:50:23 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\CheckPoint
[2010/05/12 17:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/12 17:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/05/12 16:34:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/12 16:34:33 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Local\temp
[2010/05/12 16:13:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/12 16:13:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/08 21:55:51 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/08 21:55:51 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/08 21:55:49 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/08 21:55:47 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/08 21:55:43 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/08 21:54:10 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/08 21:54:10 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/08 21:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/06 22:03:36 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/05/03 23:04:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/03 22:52:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/03 22:52:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/03 22:52:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/03 22:52:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/03 22:51:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/03 18:25:28 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/05/03 18:25:28 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/05/03 18:25:28 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010/05/03 18:25:28 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010/05/03 18:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Wireless Broadband
[2010/04/28 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/04/28 21:35:02 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/25 15:52:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Graham\Desktop\hijackthis.exe
[2010/04/25 13:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/25 13:57:26 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/25 13:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/22 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\AnyDVDHD
[2010/04/22 16:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/04/22 16:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/04/21 23:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\AdFirewall
[2010/04/20 21:44:23 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\iTunes Agent
[2010/04/20 21:30:46 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Jaran Nilsen
[2010/04/20 21:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes Agent
[2010/04/20 18:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/04/20 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\PC Suite
[2010/04/20 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Samsung
[2010/04/20 18:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/04/20 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/04/20 17:41:29 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/04/20 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/20 17:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/04/20 08:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/19 22:40:10 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Malwarebytes
[2010/04/19 22:39:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/19 22:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/19 22:39:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/19 09:54:52 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\Monthly Quote Reports
[2010/04/18 13:59:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/11 15:19:17 | 000,000,000 | ---D | C] -- C:\Users\Graham\frost
[2010/04/11 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/04/11 15:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Incomplete
[2010/04/11 14:40:47 | 000,000,000 | ---D | C] -- C:\Users\Graham\Incomplete
[2010/04/07 22:28:12 | 000,104,768 | ---- | C] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys
[2010/04/02 05:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/22 19:00:41 | 000,000,000 | ---D | C] -- C:\Converted
[2010/03/22 18:57:04 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SndTAudio.sys
[2010/03/22 18:51:40 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\GetRightToGo
[2010/03/19 21:31:57 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\Windows\System32\ElbyCDIO.dll
[2010/03/17 07:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/03/16 22:31:08 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Apple Computer
[2010/03/16 22:29:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/03/16 22:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/16 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/16 22:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/16 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/16 22:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/16 22:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/03/11 11:24:28 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\Stegbar Quotes
[2010/03/04 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\Rejuvenation Report
[2010/02/23 17:58:03 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\My Scans
[2010/02/23 17:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/02/23 17:50:12 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\HP
[2010/02/23 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Local\HP
[2010/02/23 17:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/02/23 17:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/02/23 17:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/02/23 17:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/02/23 17:34:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/23 17:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/02/22 17:36:11 | 000,234,496 | ---- | C] (Canon) -- C:\Windows\System32\UCS32.DLL
[2010/02/22 17:36:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\COLOR
[2010/02/22 17:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Genesys Logic
[2010/02/18 23:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
========== Files - Modified Within 90 Days ==========
[2010/05/18 23:28:09 | 003,670,016 | -HS- | M] () -- C:\Users\Graham\ntuser.dat
[2010/05/18 23:23:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
[2010/05/18 23:19:53 | 000,760,648 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/18 23:19:53 | 000,650,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/18 23:19:53 | 000,124,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/18 23:12:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/18 23:03:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 23:03:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 23:03:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 11:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 09:10:39 | 000,152,576 | ---- | M] () -- C:\Users\Graham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 21:05:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Graham\Desktop\OTL.exe
[2010/05/13 20:36:22 | 000,001,356 | ---- | M] () -- C:\Users\Graham\AppData\Local\d3d9caps.dat
[2010/05/13 07:14:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 07:14:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/13 07:14:08 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 23:44:35 | 000,524,288 | -HS- | M] () -- C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 23:44:35 | 000,065,536 | -HS- | M] () -- C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/12 23:44:30 | 003,248,858 | -H-- | M] () -- C:\Users\Graham\AppData\Local\IconCache.db
[2010/05/12 16:28:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/12 09:58:01 | 003,686,521 | R--- | M] () -- C:\Users\Graham\Desktop\ComboFix.exe
[2010/05/10 08:15:42 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 07:34:50 | 000,000,474 | ---- | M] () -- C:\Users\Graham\Documents\hijackthis.exe - Shortcut.lnk
[2010/05/08 21:55:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/07 04:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/07 04:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/07 04:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/07 04:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/07 04:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/07 04:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/07 04:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/03 18:25:34 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/04/30 08:40:14 | 000,194,835 | ---- | M] () -- C:\Users\Graham\Documents\ClientQuote.pdf
[2010/04/30 08:40:14 | 000,038,408 | ---- | M] () -- C:\Users\Graham\Documents\Terms and conditions.pdf
[2010/04/27 14:19:04 | 000,009,216 | ---- | M] () -- C:\Users\Graham\Documents\Removal List.xls
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/25 15:53:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Graham\Desktop\hijackthis.exe
[2010/04/24 16:01:07 | 000,118,744 | ---- | M] () -- C:\Users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/24 15:47:20 | 000,420,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/22 20:47:21 | 000,022,207 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\NMM-MetaData.db
[2010/04/22 19:44:41 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/04/22 10:25:44 | 000,868,342 | ---- | M] () -- C:\Users\Graham\Documents\0802-A01 REV 0.PDF
[2010/04/22 00:08:59 | 002,277,842 | ---- | M] () -- C:\Users\Graham\Documents\i8910_um_open_eng_rev10_090518.pdf
[2010/04/20 22:59:37 | 000,000,000 | ---- | M] () -- C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita
[2010/04/20 21:44:07 | 000,000,863 | ---- | M] () -- C:\Users\Graham\Desktop\iTunes Agent.lnk
[2010/04/20 18:46:01 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/04/20 18:31:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/20 08:14:16 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/19 08:59:46 | 000,016,384 | ---- | M] () -- C:\Users\Graham\Documents\Monthly Quote Report.xls
[2010/04/17 11:04:43 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/04/12 06:26:04 | 000,057,381 | ---- | M] () -- C:\Users\Graham\Documents\img-4091431-0001.pdf
[2010/04/08 08:12:32 | 000,173,481 | ---- | M] () -- C:\Users\Graham\Documents\(WGR) - Graham Rickman.PDF
[2010/04/07 22:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys
[2010/04/05 23:16:54 | 000,017,408 | ---- | M] () -- C:\Users\Graham\Documents\Monthly Quote Report March.xls
[2010/03/31 23:49:40 | 000,008,091 | ---- | M] () -- C:\Users\Graham\Documents\paypal.odt
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/20 09:29:07 | 000,612,660 | ---- | M] () -- C:\Users\Graham\Documents\1 Vodafone Bill[931811449].pdf
[2010/03/19 21:31:57 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\ElbyCDIO.dll
[2010/03/17 07:45:04 | 000,001,681 | ---- | M] () -- C:\Users\Graham\Desktop\CCleaner.lnk
[2010/03/16 22:29:45 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/03 23:23:56 | 000,019,786 | ---- | M] () -- C:\Users\Graham\Documents\Brisbane QSW Contact List.ods
[2010/03/03 22:14:17 | 000,016,286 | ---- | M] () -- C:\Users\Graham\Documents\Phone Numbers.ods
[2010/02/23 17:53:08 | 000,160,876 | ---- | M] () -- C:\Windows\hpoins44.dat
[2010/02/23 17:49:20 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/02/23 17:42:27 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/18 20:01:04 | 000,208,966 | ---- | M] () -- C:\Windows\System32\WFP.TMF
[2010/02/18 08:01:26 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SndTAudio.sys
========== Files Created - No Company Name ==========
[2010/05/12 09:57:21 | 003,686,521 | R--- | C] () -- C:\Users\Graham\Desktop\ComboFix.exe
[2010/05/10 08:15:42 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 07:34:50 | 000,000,474 | ---- | C] () -- C:\Users\Graham\Documents\hijackthis.exe - Shortcut.lnk
[2010/05/07 21:31:31 | 000,000,910 | ---- | C] () -- C:\Users\Graham\AppData\Local\log.txt.lnk
[2010/05/03 22:52:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/03 22:52:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/03 22:52:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/03 22:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/03 22:52:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/03 18:25:34 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/05/02 10:11:45 | 937,476,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/30 08:40:14 | 000,038,408 | ---- | C] () -- C:\Users\Graham\Documents\Terms and conditions.pdf
[2010/04/30 08:40:08 | 000,194,835 | ---- | C] () -- C:\Users\Graham\Documents\ClientQuote.pdf
[2010/04/27 13:20:27 | 000,009,216 | ---- | C] () -- C:\Users\Graham\Documents\Removal List.xls
[2010/04/24 15:12:14 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/04/22 16:47:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/22 10:25:39 | 000,868,342 | ---- | C] () -- C:\Users\Graham\Documents\0802-A01 REV 0.PDF
[2010/04/22 00:08:41 | 002,277,842 | ---- | C] () -- C:\Users\Graham\Documents\i8910_um_open_eng_rev10_090518.pdf
[2010/04/20 22:59:37 | 000,000,000 | ---- | C] () -- C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita
[2010/04/20 21:30:32 | 000,000,863 | ---- | C] () -- C:\Users\Graham\Desktop\iTunes Agent.lnk
[2010/04/20 19:11:16 | 000,022,207 | ---- | C] () -- C:\Users\Graham\AppData\Roaming\NMM-MetaData.db
[2010/04/20 18:31:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/20 18:06:02 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/04/19 20:49:11 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/17 11:04:42 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/04/12 06:26:01 | 000,057,381 | ---- | C] () -- C:\Users\Graham\Documents\img-4091431-0001.pdf
[2010/04/08 08:12:29 | 000,173,481 | ---- | C] () -- C:\Users\Graham\Documents\(WGR) - Graham Rickman.PDF
[2010/04/05 23:16:52 | 000,017,408 | ---- | C] () -- C:\Users\Graham\Documents\Monthly Quote Report March.xls
[2010/04/05 22:04:06 | 000,016,384 | ---- | C] () -- C:\Users\Graham\Documents\Monthly Quote Report.xls
[2010/03/31 23:49:37 | 000,008,091 | ---- | C] () -- C:\Users\Graham\Documents\paypal.odt
[2010/03/20 09:29:07 | 000,612,660 | ---- | C] () -- C:\Users\Graham\Documents\1 Vodafone Bill[931811449].pdf
[2010/03/16 22:29:45 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/03 22:14:15 | 000,016,286 | ---- | C] () -- C:\Users\Graham\Documents\Phone Numbers.ods
[2010/02/23 17:42:27 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/23 17:31:53 | 000,002,829 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/23 17:31:52 | 000,160,876 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010/02/22 17:22:03 | 000,018,690 | ---- | C] () -- C:\Windows\System32\drivers\usbhsb.sys
[2009/09/11 05:56:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/29 00:59:44 | 004,377,500 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/28 23:51:00 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/28 23:50:50 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/12/28 23:49:08 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/12/13 00:57:38 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/12/10 02:57:26 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/12/10 02:57:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/12/10 02:57:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/12/10 02:56:42 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/12/10 02:56:34 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/12/10 02:56:22 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/12/08 21:37:04 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/08 21:34:42 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/08 20:53:40 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/08 20:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/05 05:46:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/27 03:55:22 | 000,683,520 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008/11/27 02:49:10 | 000,238,080 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/08/06 06:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/06 05:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/08/06 05:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/03/29 23:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2008/03/29 23:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2008/03/29 23:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2008/03/29 23:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2008/03/29 23:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2008/03/29 23:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2008/03/29 23:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2008/03/29 23:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2008/03/29 23:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2008/03/29 23:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/02/24 02:51:47 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/24 02:51:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/24 02:51:47 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/24 02:51:47 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/03 02:28:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/13 17:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/08/24 03:32:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/24 03:29:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/24 03:29:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/24 03:29:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/24 03:29:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/24 03:29:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/24 03:29:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/24 03:13:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/24 02:30:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/24 02:29:59 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/11 01:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/12/06 04:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/07 01:53:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2005/07/23 12:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
========== LOP Check ==========
[2008/10/13 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Canon
[2010/05/12 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\CheckPoint
[2010/04/25 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\FrostWire
[2010/04/21 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\GetRightToGo
[2009/06/21 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\gtk-2.0
[2009/07/04 07:23:15 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\iPodder
[2008/10/18 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\IrfanView
[2010/04/20 21:44:23 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\iTunes Agent
[2010/04/20 21:30:46 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Jaran Nilsen
[2008/03/31 13:19:58 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\NASA
[2010/04/20 08:24:02 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\OpenOffice.org
[2008/03/10 05:17:04 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\ParetoLogic
[2010/04/20 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\PC Suite
[2010/04/22 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Samsung
[2009/05/19 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\toshiba
[2009/01/25 14:58:13 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Ulead Systems
[2010/02/05 06:36:56 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\uTorrent
[2008/09/09 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\WebCompiler3
[2010/05/12 23:44:57 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/18 23:23:38 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
========== Purity Check ==========
< End of report >
Hi grubbit
dymasearch is gone at last :bigthumb:
Your log now appears to be clean. Congratulations! :yahoo:
To remove all of the tools we used and the files and folders they created do the following:
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by Old Timer and save it to your Desktop.
Double-click OTC.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore-Vista
[list]
Click the Vista/Start icon.
Right Click >> Computer
Click Properties.
Click the System Protection tab.
Uncheck All drives
Click Turn Off System Restore at the prompt then click Apply.
Restart your computer.
Turn ON System Restore-Vista
Click the Vista/Start icon
Right Click >> Computer
Click Properties.
Click the System Protection tab.
Checkmark All drives that were selected previously then click Apply.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Here are some things that I think are worth having a look at if you don't already know a bout them:.
Spybot Search and Destroy
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
SpyWare Blaster
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Happy safe surfing! :bigthumb:
peku006
Thanks Peku,
I have followed all your instructions and am now virus free, one silly mistake got me in this mess and I wont be doing that again.
As this issue appears to be resolved, this topic is now closed
We are pleased to have been some help in getting you clean.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)