dynamet problem

[grubbit]

I keep getting pop ups and banners showing ads from dymanet. Would apprecaite any help on offer, here is my HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:43:33 PM, on 25/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Graham\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdFirewall] C:\Program Files\AdFirewall\AdFirewall.exe -Startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c985f3866ccc10) (gupdate1c985f3866ccc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10063 bytes

 

[peku006]

Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

• If you don't know or understand something please don't hesitate to ask
• Please DO NOT run any other tools or scans whilst I am helping you.
• It is important that you reply to this thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006

 

[grubbit]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Graham at 2010-04-28 21:35:02
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 78 GB (54%) free of 145 GB
Total RAM: 893 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:39 PM, on 28/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Graham\Desktop\RSIT.exe
C:\Program Files\trend micro\Graham.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdFirewall] C:\Program Files\AdFirewall\AdFirewall.exe -Startup -AutoScan
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c985f3866ccc10) (gupdate1c985f3866ccc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9254 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"NDSTray.exe"=NDSTray.exe []
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-15 102400]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-30 411192]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-08 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-06-16 448080]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-23 538744]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-05-23 413696]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-29 1086856]
"AdFirewall"=C:\Program Files\AdFirewall\AdFirewall.exe [2010-04-26 878592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"TOSCDSPD"=TOSCDSPD.EXE []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-22 39408]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []
"S60 PC Suite Tray"=C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe [2008-12-06 699392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-14 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYTIEM]
C:\Users\Graham\AppData\Local\Temp\csrss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5226556b-6066-11de-9965-00a0d19c58a0}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2b96596-1758-11df-8a5c-00a0d19c58a0}]
shell\AutoRun\command - E:\Setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-28 21:35:05 ----D---- C:\Program Files\trend micro
2010-04-28 21:35:02 ----D---- C:\rsit
2010-04-25 13:59:26 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-04-25 13:57:26 ----D---- C:\Users\Graham\AppData\Roaming\SUPERAntiSpyware.com
2010-04-25 13:57:26 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-24 15:22:40 ----A---- C:\Windows\system32\nshhttp.dll
2010-04-24 15:22:38 ----A---- C:\Windows\system32\httpapi.dll
2010-04-24 15:12:37 ----A---- C:\Windows\system32\vbscript.dll
2010-04-24 15:12:34 ----A---- C:\Windows\system32\cabview.dll
2010-04-24 15:12:26 ----A---- C:\Windows\system32\mshtml.dll
2010-04-24 15:12:25 ----A---- C:\Windows\system32\iertutil.dll
2010-04-24 15:12:25 ----A---- C:\Windows\system32\ieframe.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\wininet.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\urlmon.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\occache.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\mstime.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\msfeeds.dll
2010-04-24 15:12:24 ----A---- C:\Windows\system32\iedkcs32.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\msfeedssync.exe
2010-04-24 15:12:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\jsproxy.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\ieUnatt.exe
2010-04-24 15:12:23 ----A---- C:\Windows\system32\ieui.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\iesysprep.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\iesetup.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\iernonce.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\iepeers.dll
2010-04-24 15:12:23 ----A---- C:\Windows\system32\ie4uinit.exe
2010-04-24 15:12:13 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-24 15:12:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-24 15:12:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-24 15:11:18 ----A---- C:\Windows\system32\wintrust.dll
2010-04-24 15:11:11 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-04-24 15:11:11 ----A---- C:\Windows\system32\RMActivate.exe
2010-04-24 15:11:08 ----A---- C:\Windows\system32\secproc_isv.dll
2010-04-24 15:11:08 ----A---- C:\Windows\system32\secproc.dll
2010-04-24 15:11:08 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-04-24 15:11:08 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-04-24 15:11:03 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-04-24 15:11:03 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-04-24 15:11:03 ----A---- C:\Windows\system32\msdrm.dll
2010-04-24 15:10:58 ----A---- C:\Windows\system32\quartz.dll
2010-04-24 15:10:58 ----A---- C:\Windows\system32\msyuv.dll
2010-04-24 15:10:58 ----A---- C:\Windows\system32\msvidc32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\tsbyuv.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\msvfw32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\msrle32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\mciavi32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\iyuv_32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\avifil32.dll
2010-04-24 15:10:57 ----A---- C:\Windows\system32\avicap32.dll
2010-04-24 15:10:51 ----A---- C:\Windows\system32\winhttp.dll
2010-04-24 15:10:48 ----A---- C:\Windows\system32\jscript.dll
2010-04-24 15:10:46 ----A---- C:\Windows\system32\msxml6.dll
2010-04-24 15:10:45 ----A---- C:\Windows\system32\msxml3.dll
2010-04-24 15:10:41 ----A---- C:\Windows\system32\t2embed.dll
2010-04-24 15:10:41 ----A---- C:\Windows\system32\fontsub.dll
2010-04-24 15:10:30 ----A---- C:\Windows\system32\tzres.dll
2010-04-24 15:09:55 ----A---- C:\Windows\system32\rastls.dll
2010-04-24 15:09:55 ----A---- C:\Windows\system32\raschap.dll
2010-04-24 15:09:49 ----A---- C:\Windows\system32\WSDApi.dll
2010-04-24 14:59:06 ----A---- C:\Windows\system32\wmp.dll
2010-04-24 14:59:05 ----A---- C:\Windows\system32\unregmp2.exe
2010-04-24 14:58:55 ----A---- C:\Windows\system32\wmploc.DLL
2010-04-22 16:47:44 ----D---- C:\ProgramData\SlySoft
2010-04-22 16:41:17 ----D---- C:\Program Files\SlySoft
2010-04-21 23:36:03 ----D---- C:\Program Files\AdFirewall
2010-04-21 22:56:23 ----A---- C:\Windows\ntbtlog.txt
2010-04-20 21:44:23 ----D---- C:\Users\Graham\AppData\Roaming\iTunes Agent
2010-04-20 21:30:46 ----D---- C:\Users\Graham\AppData\Roaming\Jaran Nilsen
2010-04-20 21:30:26 ----D---- C:\Program Files\iTunes Agent
2010-04-20 18:29:32 ----D---- C:\ProgramData\PC Suite
2010-04-20 18:29:27 ----D---- C:\Users\Graham\AppData\Roaming\PC Suite
2010-04-20 18:09:31 ----D---- C:\Users\Graham\AppData\Roaming\Samsung
2010-04-20 18:05:26 ----D---- C:\Program Files\Common Files\PCSuite
2010-04-20 17:41:32 ----D---- C:\Program Files\DIFX
2010-04-20 17:39:16 ----D---- C:\Program Files\PC Connectivity Solution
2010-04-20 17:34:51 ----D---- C:\Program Files\Samsung
2010-04-20 08:10:42 ----D---- C:\Program Files\JRE
2010-04-19 22:40:10 ----D---- C:\Users\Graham\AppData\Roaming\Malwarebytes
2010-04-19 22:39:47 ----D---- C:\ProgramData\Malwarebytes
2010-04-19 22:39:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-19 20:36:17 ----A---- C:\Windows\system32\javaws.exe
2010-04-19 20:36:17 ----A---- C:\Windows\system32\javaw.exe
2010-04-19 20:36:16 ----A---- C:\Windows\system32\java.exe
2010-04-18 13:59:07 ----D---- C:\Windows\Sun
2010-04-11 15:16:33 ----D---- C:\Program Files\FrostWire
2010-04-11 15:11:41 ----D---- C:\Program Files\Incomplete
2010-04-02 05:50:43 ----D---- C:\ProgramData\Sun

======List of files/folders modified in the last 1 months======

2010-04-28 21:35:18 ----D---- C:\Windows\Prefetch
2010-04-28 21:35:11 ----D---- C:\Windows\Temp
2010-04-28 21:35:05 ----RD---- C:\Program Files
2010-04-28 20:38:49 ----SHD---- C:\System Volume Information
2010-04-28 16:08:31 ----D---- C:\Windows\Tasks
2010-04-26 14:17:22 ----D---- C:\Windows\system32\drivers
2010-04-26 14:06:46 ----AD---- C:\Windows\System32
2010-04-26 14:03:36 ----AD---- C:\Windows
2010-04-26 14:03:31 ----D---- C:\ProgramData\avg9
2010-04-26 14:03:29 ----HD---- C:\ProgramData
2010-04-26 07:18:05 ----HD---- C:\Config.Msi
2010-04-25 19:22:37 ----D---- C:\Program Files\Yahoo!
2010-04-25 19:21:22 ----SHD---- C:\Windows\Installer
2010-04-25 19:21:21 ----D---- C:\Program Files\Common Files
2010-04-25 19:18:49 ----D---- C:\Program Files\HP
2010-04-25 19:16:58 ----D---- C:\Program Files\Juice
2010-04-25 16:25:32 ----D---- C:\Users\Graham\AppData\Roaming\FrostWire
2010-04-25 14:04:35 ----D---- C:\Windows\system32\catroot2
2010-04-24 16:16:05 ----D---- C:\Windows\winsxs
2010-04-24 16:15:30 ----D---- C:\Windows\rescache
2010-04-24 15:48:30 ----D---- C:\Windows\system32\catroot
2010-04-24 15:46:10 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-24 15:43:32 ----D---- C:\Program Files\Internet Explorer
2010-04-24 15:43:31 ----D---- C:\Windows\system32\migration
2010-04-24 15:43:31 ----D---- C:\Program Files\Windows Mail
2010-04-24 15:43:31 ----D---- C:\Program Files\Movie Maker
2010-04-24 15:43:29 ----D---- C:\Windows\system32\en-US
2010-04-24 15:43:26 ----D---- C:\Program Files\Windows Media Player
2010-04-24 15:43:25 ----RSD---- C:\Windows\Fonts
2010-04-24 15:37:27 ----D---- C:\ProgramData\Microsoft Help
2010-04-24 15:29:46 ----D---- C:\Windows\Debug
2010-04-21 23:20:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-04-21 19:04:54 ----D---- C:\Users\Graham\AppData\Roaming\GetRightToGo
2010-04-20 23:11:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-20 23:11:53 ----D---- C:\Windows\inf
2010-04-20 17:41:29 ----DC---- C:\Windows\system32\DRVSTORE
2010-04-20 17:32:57 ----D---- C:\ProgramData\Installations
2010-04-20 08:24:02 ----D---- C:\Users\Graham\AppData\Roaming\OpenOffice.org
2010-04-20 08:10:36 ----D---- C:\Program Files\OpenOffice.org 3
2010-04-20 07:49:08 ----D---- C:\Users\Graham\AppData\Roaming\ZoomBrowser EX
2010-04-20 07:48:52 ----D---- C:\Users\Graham\AppData\Roaming\CameraWindowDC
2010-04-19 20:49:21 ----RSD---- C:\Windows\assembly
2010-04-19 20:35:03 ----D---- C:\Program Files\Java
2010-04-19 06:11:50 ----D---- C:\Users\Graham\AppData\Roaming\Skype
2010-04-19 06:05:19 ----D---- C:\Users\Graham\AppData\Roaming\skypePM
2010-04-09 07:03:03 ----D---- C:\Program Files\Google
2010-04-06 10:52:56 ----A---- C:\Windows\system32\mrt.exe
2010-04-03 10:44:32 ----D---- C:\Program Files\Mozilla Firefox
2010-04-02 05:50:39 ----D---- C:\Program Files\Common Files\Java
2010-04-01 00:00:31 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AdFirewall;AdFirewall Driver; \??\C:\Windows\system32\drivers\AdFirewall.SYS [2010-04-26 44032]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-01-02 26024]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-25 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-04-07 104768]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 737280]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 2929664]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-21 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-15 190384]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-19 16128]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-17 11776]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 nmwcdsa;Samsung USB Phone Parent; C:\Windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
S3 nmwcdsac;Samsung USB Generic; C:\Windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
S3 nmwcdsacj;Samsung USB Port; C:\Windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
S3 nmwcdsacm;Samsung USB Modem; C:\Windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SndTAudio;SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [2010-02-18 23096]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-24 9216]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-19 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 wrssweep;Webroots Volume Access Driver; \??\C:\Program Files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-27 610304]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-15 40960]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-08-02 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-26 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2007-03-30 427576]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 125048]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-24 49152]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c985f3866ccc10;Google Update Service (gupdate1c985f3866ccc10); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 190448]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 STSService;STSService; C:\Program Files\SoundTaxi Media Suite\STSService.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

 

[grubbit]

here is the other file thanks
info.txt logfile of random's system information tool 1.06 2010-04-28 21:35:46

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
AdFirewall 4.6.4-->"C:\Program Files\AdFirewall\unins000.exe"
AdFirewall 4.6.6-->"C:\Program Files\AdFirewall\unins001.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{922E8525-AC7E-4294-ACAA-43712D4423C0}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Business Contact Manager for Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP2-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Catalyst Control Center - Branding-->MsiExec.exe /I{22543949-70E8-45D0-A938-F38143EB8BF8}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\SETUP.exe -runfromtemp -l0x0009 -removeonly
CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
D-i-v-X AVI Codec Pack Pro 2.2.0-->C:\Windows\system32\C2MP\Uninst.exe
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\SETUP.EXE" -l0x9
Eraser 5.3-->C:\Windows\system32\stuninstall.exe C:\Program Files\Eraser\uninstall.dat
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
FrostWire 4.20.3-->C:\Program Files\FrostWire\Uninstall.exe
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}\setup\hpzscr01.exe -datfile hposcr44.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018F0}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NASA World Wind 1.4-->"C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
Samsung PC Studio 7-->C:\ProgramData\Installations\{AB6F6C80-1C35-4672-BDEF-F26FF214C409}\Samsung PC Studio 7.2.24.9.exe
Samsung PC Studio 7-->MsiExec.exe /I{AB6F6C80-1C35-4672-BDEF-F26FF214C409}
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\SETUP.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\SETUP.EXE -runfromtemp -l0x0409
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}\setup.exe" -l0x9
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb981433)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}
USB File Transfer 1.11A-->C:\Windows\IsUninst.exe -f"C:\Program Files\Genesys Logic\USB File Transfer 1.11A\Uninst.isu" -c"C:\Program Files\Genesys Logic\USB File Transfer 1.11A\uninst.dll"
Window Washer-->C:\Windows\Unwash6.exe
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo!7 Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo!7 Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AS: Spybot - Search and Destroy (outdated)
AS: Windows Defender

======System event log======

Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: Bus/Interconnect Error

Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 3
Transaction Type: N/A
Processor Participation: Generic
Request Type: Data Read
Memory/Io: I/O
Memory Hierarchy Level: Level 0
Timeout: No
Record Number: 223764
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428094136.008200-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: Memory Hierarchy Error

Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 0
Transaction Type: Data
Processor Participation: N/A
Request Type: Evict
Memory/Io: N/A
Memory Hierarchy Level: Level 1
Timeout: N/A
Record Number: 223771
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428110111.459200-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: Bus/Interconnect Error

Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 1
Transaction Type: N/A
Processor Participation: Generic
Request Type: 14
Memory/Io: Generic
Memory Hierarchy Level: Generic
Timeout: No
Record Number: 223777
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428110208.355800-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: Bus/Interconnect Error

Processor ID Valid: Yes
Processor ID: 0x0
Bank Number: 2
Transaction Type: N/A
Processor Participation: Generic
Request Type: Generic Read
Memory/Io: Generic
Memory Hierarchy Level: Level 0
Timeout: No
Record Number: 223778
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428110307.167800-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Graham-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: Bus/Interconnect Error

Processor ID Valid: Yes
Processor ID: 0x0
Bank Number: 3
Transaction Type: N/A
Processor Participation: Generic
Request Type: Data Read
Memory/Io: I/O
Memory Hierarchy Level: Level 0
Timeout: No
Record Number: 223779
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100428110408.007800-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: Graham-PC
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Record Number: 36180
Source Name: SQLBrowser
Time Written: 20100426060714.000000-000
Event Type: Warning
User:

Computer Name: Graham-PC
Event Code: 1002
Message: The program WinRAR.exe version 3.71.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 218 Start Time: 01cae5c474a77250 Termination Time: 4
Record Number: 36210
Source Name: Application Hang
Time Written: 20100427044850.000000-000
Event Type: Error
User:

Computer Name: Graham-PC
Event Code: 1002
Message: The program firefox.exe version 1.9.2.3743 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: dc0 Start Time: 01cae59299a6ecc0 Termination Time: 238
Record Number: 36217
Source Name: Application Hang
Time Written: 20100427045301.000000-000
Event Type: Error
User:

Computer Name: Graham-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 36226
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100427085808.000000-000
Event Type: Error
User:

Computer Name: Graham-PC
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Record Number: 36242
Source Name: SQLBrowser
Time Written: 20100427172316.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55972
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.314600-000
Event Type: Audit Failure
User:

Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55973
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.501800-000
Event Type: Audit Failure
User:

Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55974
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.611000-000
Event Type: Audit Failure
User:

Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55975
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.735800-000
Event Type: Audit Failure
User:

Computer Name: Graham-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 55976
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428133537.845000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

 

[peku006]

Hi grubbit

Looking over your log, it seems you don't have any evidence of anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) Microsoft Security Essentials - Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Your computer must have only ONE anti-virus program installed at any time. Having more than one anti-virus program installed & active will cause program conflicts, false virus alerts, and system crashes.

1 - Run Malwarebytes' Anti-Malware

• Open Malwarebytes' Anti-Malware
• Select the Update tab
• Click Check for Updates
• After the update have been completed, Select the Scanner tab.
• Make sure the "Perform full scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

1. Click on the Show Results button to see a list of any malware that was found.
2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
   We will take care of the System Volume Information items later.
3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
   The log can also be found here:
   C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log

Thanks peku006

 

[grubbit]

Did everything you said but found nothing, here are the logs as requested.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4046

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

28/04/2010 11:53:44 PM
mbam-log-2010-04-28 (23-53-44).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 248670
Time elapsed: 57 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[grubbit]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:57 AM, on 29/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\mobsync.exe
C:\Users\Graham\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdFirewall] C:\Program Files\AdFirewall\AdFirewall.exe -Startup -AutoScan
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c985f3866ccc10) (gupdate1c985f3866ccc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8916 bytes

 

[peku006]

Hi grubbit

Please download gmer.zip from Gmer and save it to your desktop.

• Right click on gmer.zip and select Extract All....
• Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
• Click on the Browse button. Click on Desktop. Then click OK.
• Click Next. It will start extracting.
• Once done, check (tick) the Show extracted files box and click Finish.
• Double click on gmer.exe to run it.
• Select the Rootkit tab.
• On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click on the Scan button.
• When the scan is finished, click Copy to save the scan log to the Windows clipboard.
• Open Notepad or a similar text editor.
• Paste the clipboard contents into the text editor.
• Save the Gmer scan log and post it in your next reply.
• Close Gmer.
• Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
• In Command Prompt, type in net stop gmer. Press Enter.
• Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

Thanks peku006

 

[grubbit]

It seems that Gmer is very unstable, when I try to do a scan it has locked my computer a couple of times and when I did get it to scan it was extremely slow, is this normal?

 

[peku006]

Hi grubbit

no it is not normal....

let´s try this

1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)


Thanks peku006

 

[grubbit]

Hi Sorry for the delay but trying to run one of the previous files gave me problems, I ran ComboFix and all was well until it cam to the log file, I got the blue windows screen telling me there was a fatal error and was shutting down. I have searched but no log file although it did run through the check, when complete I thought it was fixed as I got no pop ups at all, however today when I logged on there they were again. Should I run ComboFix again

 

[peku006]

Hi grubbit

we can use another tool

Download OTS.exe here & save it to your Desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS
• Double click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator)
• In the Drivers section click on Non-Microsoft
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • Reg - BotCheck
    File - Additional Folder Scans
• Do not change any other settings
• Now click the Run Scan button on the toolbar
• Let it run unhindered until it finishes
• When the scan is complete Notepad will open with the report file loaded in it
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it

Copy & paste the information in your next reply making sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].
If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks peku006

 

[grubbit]

The things you asked me to check werent there on the scan page,so I ran the scan and this is what I got

OTS logfile created on: 6/05/2010 12:36:26 AM - Run 1
OTS by OldTimer - Version 3.1.31.0     Folder = C:\Users\Graham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
893.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.02 Gb Total Space | 83.49 Gb Free Space | 58.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GRAHAM-PC
Current User Name: Graham
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Graham\Desktop\OTS.exe -> [2010/05/06 00:31:13 | 000,640,000 | ---- | M] (OldTimer Tools)
optus wireless broadband.exe -> C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe -> [2010/05/03 18:25:12 | 000,114,688 | ---- | M] ()
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/04/03 10:44:05 | 000,910,296 | ---- | M] (Mozilla Corporation)
wmplayer.exe -> C:\Program Files\Windows Media Player\wmplayer.exe -> [2009/09/10 23:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
pcsuite.exe -> C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe -> [2008/12/06 01:48:08 | 000,699,392 | ---- | M] ()
sqlwriter.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 20:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation)
sqlbrowser.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/11/24 20:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation)
servicelayer.exe -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.)
ncltobtsrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe -> [2008/11/04 09:10:14 | 000,137,728 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
nclmsbtsrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe -> [2008/10/27 14:08:04 | 000,128,000 | ---- | M] ()
adobeupdater.exe -> C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe -> [2008/09/26 09:02:04 | 002,356,088 | R--- | M] (Adobe Systems Incorporated)
nclusbsrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [2008/09/19 08:52:04 | 000,130,560 | ---- | M] ()
nclrssrv.exe -> C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe -> [2008/06/03 08:02:34 | 000,119,808 | ---- | M] ()
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2008/01/19 15:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
bcmsqlstartupsvc.exe -> C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -> [2008/01/12 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation)
washersvc.exe -> C:\Program Files\Webroot\Washer\WasherSvc.exe -> [2007/11/26 12:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.)
syntpstart.exe -> C:\Program Files\Synaptics\SynTP\SynTPStart.exe -> [2007/08/15 15:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.)
syntoshiba.exe -> C:\Program Files\Synaptics\SynTP\SynToshiba.exe -> [2007/08/15 14:58:02 | 000,200,704 | ---- | M] (Synaptics, Inc.)
rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2007/08/09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor)
tnavisrv.exe -> C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2007/08/02 06:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation)
ndstray.exe -> C:\Program Files\Toshiba\ConfigFree\NDSTray.exe -> [2007/07/21 11:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION)
cfswmgr.exe -> C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe -> [2007/06/20 06:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION)
smoothview.exe -> C:\Program Files\Toshiba\SmoothView\SmoothView.exe -> [2007/06/16 13:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation)
cec_main.exe -> C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe -> [2007/06/12 04:10:04 | 004,762,624 | ---- | M] ()
tcrdmain.exe -> C:\Program Files\Toshiba\FlashCards\TCrdMain.exe -> [2007/05/23 08:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation)
traybar.exe -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe -> [2007/05/23 02:50:02 | 000,413,696 | ---- | M] (Chicony)
toscdspd.exe -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe -> [2007/05/18 18:43:00 | 000,430,080 | ---- | M] ()
toscosrv.exe -> C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -> [2007/03/30 02:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation)
tpwrmain.exe -> C:\Program Files\Toshiba\Power Saver\TPwrMain.exe -> [2007/03/30 02:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation)
tosbtsrv.exe -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/26 12:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION)
cfsvcs.exe -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2006/11/15 11:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
agrsmsvc.exe -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems)
ulcdrsvr.exe -> C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/24 07:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.)
toddsrv.exe -> C:\Windows\System32\TODDSrv.exe -> [2006/05/26 09:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Users\Graham\Desktop\OTS.exe -> [2010/05/06 00:31:13 | 000,640,000 | ---- | M] (OldTimer Tools)
msscript.ocx -> C:\Windows\System32\msscript.ocx -> [2008/01/19 15:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/19 15:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(STSService) STSService [On_Demand | Stopped] ->  -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Auto | Stopped] ->  -> File not found
(MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) [On_Demand | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2009/05/27 01:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
(SQLWriter) SQL Server VSS Writer [Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 20:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation)
(SQLBrowser) SQL Server Browser [Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/11/24 20:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) SQL Server Active Directory Helper [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -> [2008/11/24 20:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation)
(ServiceLayer) ServiceLayer [On_Demand | Running] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
(BcmSqlStartupSvc) Business Contact Manager SQL Server Startup Service [Auto | Running] -> C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -> [2008/01/12 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation)
(wwEngineSvc) Window Washer Engine [Auto | Running] -> C:\Program Files\Webroot\Washer\WasherSvc.exe -> [2007/11/26 12:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.)
(TNaviSrv) TOSHIBA Navi Support Service [Auto | Running] -> C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2007/08/02 06:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation)
(TosCoSrv) TOSHIBA Power Saver [Auto | Running] -> C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -> [2007/03/30 02:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation)
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Auto | Running] -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/26 12:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION)
(CFSvcs) ConfigFree Service [Auto | Running] -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2006/11/15 11:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Running] -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems)
(UleadBurningHelper) Ulead Burning Helper [Auto | Running] -> C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/24 07:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.)
(TODDSrv) TOSHIBA Optical Disc Drive Service [Auto | Running] -> C:\Windows\System32\TODDSrv.exe -> [2006/05/26 09:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation)
(MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -> [2005/11/24 15:03:22 | 000,053,337 | ---- | M] (Sony Corporation)
(PACSPTISVR) PACSPTISVR [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> [2005/11/24 14:57:44 | 000,053,337 | ---- | M] (Sony Corporation)
(SPTISRV) Sony SPTI Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> [2005/11/24 14:47:30 | 000,069,718 | ---- | M] (Sony Corporation)
 
[Driver Services - Safe List]
(AdFirewall) AdFirewall Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\AdFirewall.SYS -> [2010/04/26 07:43:43 | 000,044,032 | ---- | M] (FYSecurity Tech Inc.)
(AdFirewallDriver) AdFirewall Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\AdFirewallDriver.SYS -> [2010/04/26 07:43:43 | 000,009,728 | ---- | M] (FYSecurity Tech Inc.)
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AnyDVD.sys -> [2010/04/07 22:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.)
(SndTAudio) SndTAudio [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\SndTAudio.sys -> [2010/02/18 08:01:26 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\ElbyCDIO.sys -> [2010/01/02 01:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG)
(ewusbnet) HUAWEI USB-NDIS miniport [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ewusbnet.sys -> [2009/10/20 18:47:56 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.)
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ewusbmdm.sys -> [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.)
(nmwcdnsu) Nokia USB Flashing Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdnsu.sys -> [2009/03/19 12:48:18 | 000,136,704 | ---- | M] (Nokia)
(nmwcdnsuc) Nokia USB Flashing Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdnsuc.sys -> [2009/03/19 12:48:12 | 000,008,320 | ---- | M] (Nokia)
(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbser_lowerfltj.sys -> [2009/02/09 06:37:56 | 000,007,808 | ---- | M] (Nokia)
(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbser_lowerflt.sys -> [2009/02/09 06:37:48 | 000,007,808 | ---- | M] (Nokia)
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmbo.sys -> [2009/02/09 06:37:46 | 000,022,016 | ---- | M] (Nokia)
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmb.sys -> [2009/02/09 06:37:46 | 000,017,664 | ---- | M] (Nokia)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pccsmcfd.sys -> [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia)
(wrssweep) Webroots Volume Access Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Webroot\Washer\wrSSweep.sys -> [2007/11/26 12:47:44 | 000,021,832 | ---- | M] (Webroot Software Inc (www.webroot.com))
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2007/08/15 17:03:36 | 000,190,384 | ---- | M] (Synaptics, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2007/08/10 13:49:16 | 001,941,848 | ---- | M] (Realtek Semiconductor Corp.)
(tos_sps32) TOSHIBA tos_sps32 Service [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\tos_sps32.sys -> [2007/08/02 06:37:20 | 000,285,184 | ---- | M] (TOSHIBA Corporation)
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2007/07/27 23:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.)
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athr.sys -> [2007/06/19 10:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.)
(nmwcdsa) Samsung USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdsa.sys -> [2007/05/02 16:32:34 | 000,135,680 | ---- | M] (Nokia)
(nmwcdsacm) Samsung USB Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdsacm.sys -> [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia)
(nmwcdsacj) Samsung USB Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdsacj.sys -> [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia)
(nmwcdsac) Samsung USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdsac.sys -> [2007/05/02 16:31:54 | 000,008,320 | ---- | M] (Nokia)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2007/04/30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            )
(UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\UVCFTR_S.SYS -> [2007/04/17 02:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/03/22 13:02:04 | 000,037,376 | ---- | M] (REDC)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/02/25 05:42:22 | 000,039,936 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/01/24 07:40:20 | 000,042,496 | ---- | M] (REDC)
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AGRSM.sys -> [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems)
(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\FwLnk.sys -> [2006/11/21 05:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 17:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 17:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 17:51:34 | 000,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 17:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 17:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 17:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 17:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 17:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 17:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 17:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 17:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 17:50:10 | 000,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 17:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 17:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 17:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 17:50:05 | 000,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 17:50:04 | 000,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 17:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 17:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 17:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 17:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 15:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\AtiPcie.sys -> [2006/10/30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.)
(tosrfec) Bluetooth ACPI [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tosrfec.sys -> [2006/10/24 07:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation)
(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tdcmdpst.sys -> [2006/10/19 02:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.)
(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\TVALZ_O.SYS -> [2006/10/06 14:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Graham\AppData\Roaming\Mozilla\FireFox\Profiles\ubsdp1tb.default\prefs.js -> 
browser.search.defaultenginename -> "Search" ->
browser.search.defaulturl -> "http://www.dymasearch.com/search.php?src=tops&q=" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com.au" ->
extensions.enabledItems -> {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3 ->
keyword.URL -> "http://www.dymasearch.com/search.php?src=tops&q=" ->
network.proxy.ftp_port -> 8118 ->
network.proxy.gopher_port -> 8118 ->
network.proxy.http -> "127.0.0.1" ->
network.proxy.http_port -> 8118 ->
network.proxy.socks -> "127.0.0.1" ->
network.proxy.socks_port -> 9050 ->
network.proxy.socks_remote_dns -> true ->
network.proxy.ssl -> "127.0.0.1" ->
network.proxy.ssl_port -> 8118 ->
network.proxy.type -> 4 ->
< FireFox Settings [User.js] > -> C:\Users\Graham\AppData\Roaming\Mozilla\FireFox\Profiles\ubsdp1tb.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Graham\AppData\Roaming\Mozilla\Extensions -> [2008/09/01 03:39:43 | 000,000,000 | ---D | M]
  -> C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions -> [2010/05/05 23:36:43 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/03 03:43:00 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bing.xml -> C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\bing.xml -> [2009/06/05 20:30:14 | 000,002,164 | ---- | M] ()
 Search.xml -> C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\Search.xml -> [2010/04/18 13:01:30 | 000,000,254 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/19 20:36:24 | 000,000,000 | ---D | M]
z   -> C:\Program Files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15} -> [2010/04/18 13:01:20 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/19 05:41:30 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
::1             localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 21:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 13:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2010/04/29 01:07:40 | 000,764,912 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"00TCrdMain" -> C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> [2007/05/23 08:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation)
"Camera Assistant Software" -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe ["C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"] -> [2007/05/23 02:50:02 | 000,413,696 | ---- | M] (Chicony)
"HSON" -> C:\Program Files\Toshiba\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> [2006/12/08 08:49:20 | 000,055,416 | ---- | M] (TOSHIBA Corporation)
"NDSTray.exe" ->  [NDSTray.exe] -> File not found
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2007/08/09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007/08/03 13:22:02 | 001,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"SmoothView" -> C:\Program Files\Toshiba\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> [2007/06/16 13:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation)
"SynTPStart" -> C:\Program Files\Synaptics\SynTP\SynTPStart.exe [C:\Program Files\Synaptics\SynTP\SynTPStart.exe] -> [2007/08/15 15:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.)
"TPwrMain" -> C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> [2007/03/30 02:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 15:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"S60 PC Suite Tray" -> C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ["C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray] -> [2008/12/06 01:48:08 | 000,699,392 | ---- | M] ()
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/07/22 20:10:48 | 000,039,408 | ---- | M] (Google Inc.)
"TOSCDSPD" ->  [TOSCDSPD.EXE] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/10 04:48:18 | 003,600,384 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2010/01/15 00:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 02:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 13:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab [Java Plug-in 1.6.0_19] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 198.142.0.51 61.88.88.88 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{59BE24AF-1E48-49A8-8EB8-BCED384D676C}\\DhcpNameServer -> 192.168.100.2 203.121.192.4 203.121.192.254   (Atheros AR5007EG Wireless Network Adapter) -> 
{62A9B811-E6C9-4CE8-A0C5-527E635698AA}\\DhcpNameServer -> 198.142.0.51 61.88.88.88   (HUAWEI Mobile Connect - 3G Network Card) -> 
{71C5F77F-13DD-4BE5-A1B4-F1EF9995436E}\\DhcpNameServer -> 10.1.1.1   (Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/19 05:43:36 | 000,000,024 | ---- | M] ()
E:\AutoRun.exe [MZ | ] -> E:\AutoRun.exe [ CDFS ] -> [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
E:\AutoRun.ico [] -> E:\AutoRun.ico [ CDFS ] -> [2008/11/28 00:03:32 | 000,004,286 | R--- | M] ()
E:\AUTORUN.INF [[AutoRun] | open=AutoRun.exe | icon=AutoRun.ico | ] -> E:\AUTORUN.INF [ CDFS ] -> [2007/08/25 01:04:06 | 000,000,047 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell
\E\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command
\E\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
\{061c7615-5590-11df-a45c-001e101f3da8}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061c7615-5590-11df-a45c-001e101f3da8}\shell
\{061c7615-5590-11df-a45c-001e101f3da8}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061c7615-5590-11df-a45c-001e101f3da8}\shell\AutoRun\command
\{061c7615-5590-11df-a45c-001e101f3da8}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* ->

 

[grubbit]

part 2
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Graham\Desktop\OTS.exe -> [2010/05/06 00:31:03 | 000,640,000 | ---- | C] (OldTimer Tools)
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/05/03 23:12:21 | 000,000,000 | -HSD | C]
temp -> C:\Windows\temp -> [2010/05/03 23:04:03 | 000,000,000 | ---D | C]
temp -> C:\Users\Graham\AppData\Local\temp -> [2010/05/03 23:04:03 | 000,000,000 | ---D | C]
SWREG.exe -> C:\Windows\SWREG.exe -> [2010/05/03 22:52:38 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2010/05/03 22:52:38 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/05/03 22:52:38 | 000,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\Windows\ERDNT -> [2010/05/03 22:52:31 | 000,000,000 | ---D | C]
ComboFix -> C:\ComboFix -> [2010/05/03 22:52:30 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/05/03 22:51:26 | 000,000,000 | ---D | C]
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/05/03 22:51:02 | 000,212,480 | ---- | C] (SteelWerX)
ewusbnet.sys -> C:\Windows\System32\drivers\ewusbnet.sys -> [2010/05/03 18:25:28 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.)
ewusbmdm.sys -> C:\Windows\System32\drivers\ewusbmdm.sys -> [2010/05/03 18:25:28 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.)
ewusbdev.sys -> C:\Windows\System32\drivers\ewusbdev.sys -> [2010/05/03 18:25:28 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.)
ewdcsc.sys -> C:\Windows\System32\drivers\ewdcsc.sys -> [2010/05/03 18:25:28 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.)
Optus Wireless Broadband -> C:\Program Files\Optus Wireless Broadband -> [2010/05/03 18:25:06 | 000,000,000 | ---D | C]
trend micro -> C:\Program Files\trend micro -> [2010/04/28 21:35:05 | 000,000,000 | ---D | C]
rsit -> C:\rsit -> [2010/04/28 21:35:02 | 000,000,000 | ---D | C]
hijackthis.exe -> C:\Users\Graham\Desktop\hijackthis.exe -> [2010/04/25 15:52:39 | 000,388,608 | ---- | C] (Trend Micro Inc.)
SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/04/25 13:59:26 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Users\Graham\AppData\Roaming\SUPERAntiSpyware.com -> [2010/04/25 13:57:26 | 000,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/04/25 13:57:26 | 000,000,000 | ---D | C]
nshhttp.dll -> C:\Windows\System32\nshhttp.dll -> [2010/04/24 15:22:40 | 000,024,064 | ---- | C] (Microsoft Corporation)
httpapi.dll -> C:\Windows\System32\httpapi.dll -> [2010/04/24 15:22:38 | 000,031,232 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\System32\vbscript.dll -> [2010/04/24 15:12:37 | 000,420,352 | ---- | C] (Microsoft Corporation)
l3codeca.acm -> C:\Windows\System32\l3codeca.acm -> [2010/04/24 15:12:31 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2010/04/24 15:12:24 | 001,469,440 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\System32\mstime.dll -> [2010/04/24 15:12:24 | 000,611,840 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2010/04/24 15:12:24 | 000,594,432 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2010/04/24 15:12:24 | 000,387,584 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2010/04/24 15:12:23 | 001,638,912 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2010/04/24 15:12:23 | 000,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2010/04/24 15:12:23 | 000,173,056 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\System32\ieui.dll -> [2010/04/24 15:12:23 | 000,164,352 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2010/04/24 15:12:23 | 000,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2010/04/24 15:12:23 | 000,109,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2010/04/24 15:12:23 | 000,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2010/04/24 15:12:23 | 000,055,808 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2010/04/24 15:12:23 | 000,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2010/04/24 15:12:23 | 000,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2010/04/24 15:12:23 | 000,013,312 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2010/04/24 15:12:01 | 003,598,216 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2010/04/24 15:12:01 | 003,545,992 | ---- | C] (Microsoft Corporation)
win32k.sys -> C:\Windows\System32\win32k.sys -> [2010/04/24 15:11:25 | 002,035,712 | ---- | C] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\System32\RMActivate_isv.exe -> [2010/04/24 15:11:11 | 000,523,776 | ---- | C] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\System32\RMActivate.exe -> [2010/04/24 15:11:11 | 000,511,488 | ---- | C] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\System32\secproc_isv.dll -> [2010/04/24 15:11:08 | 000,472,576 | ---- | C] (Microsoft Corporation)
secproc.dll -> C:\Windows\System32\secproc.dll -> [2010/04/24 15:11:08 | 000,472,064 | ---- | C] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\System32\RMActivate_ssp.exe -> [2010/04/24 15:11:08 | 000,347,136 | ---- | C] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\System32\RMActivate_ssp_isv.exe -> [2010/04/24 15:11:08 | 000,346,624 | ---- | C] (Microsoft Corporation)
msdrm.dll -> C:\Windows\System32\msdrm.dll -> [2010/04/24 15:11:03 | 000,329,216 | ---- | C] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\System32\secproc_ssp_isv.dll -> [2010/04/24 15:11:03 | 000,151,040 | ---- | C] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\System32\secproc_ssp.dll -> [2010/04/24 15:11:03 | 000,151,040 | ---- | C] (Microsoft Corporation)
quartz.dll -> C:\Windows\System32\quartz.dll -> [2010/04/24 15:10:58 | 001,314,816 | ---- | C] (Microsoft Corporation)
msvfw32.dll -> C:\Windows\System32\msvfw32.dll -> [2010/04/24 15:10:57 | 000,123,904 | ---- | C] (Microsoft Corporation)
avifil32.dll -> C:\Windows\System32\avifil32.dll -> [2010/04/24 15:10:57 | 000,091,136 | ---- | C] (Microsoft Corporation)
mciavi32.dll -> C:\Windows\System32\mciavi32.dll -> [2010/04/24 15:10:57 | 000,082,944 | ---- | C] (Microsoft Corporation)
avicap32.dll -> C:\Windows\System32\avicap32.dll -> [2010/04/24 15:10:57 | 000,065,024 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\System32\jscript.dll -> [2010/04/24 15:10:48 | 000,726,528 | ---- | C] (Microsoft Corporation)
t2embed.dll -> C:\Windows\System32\t2embed.dll -> [2010/04/24 15:10:41 | 000,156,672 | ---- | C] (Microsoft Corporation)
fontsub.dll -> C:\Windows\System32\fontsub.dll -> [2010/04/24 15:10:41 | 000,072,704 | ---- | C] (Microsoft Corporation)
tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/04/24 15:10:30 | 000,002,048 | ---- | C] (Microsoft Corporation)
timedate.cpl -> C:\Windows\System32\timedate.cpl -> [2010/04/24 15:09:59 | 000,714,240 | ---- | C] (Microsoft Corporation)
raschap.dll -> C:\Windows\System32\raschap.dll -> [2010/04/24 15:09:55 | 000,281,600 | ---- | C] (Microsoft Corporation)
rastls.dll -> C:\Windows\System32\rastls.dll -> [2010/04/24 15:09:55 | 000,244,224 | ---- | C] (Microsoft Corporation)
WSDApi.dll -> C:\Windows\System32\WSDApi.dll -> [2010/04/24 15:09:49 | 000,351,232 | ---- | C] (Microsoft Corporation)
unregmp2.exe -> C:\Windows\System32\unregmp2.exe -> [2010/04/24 14:59:05 | 000,310,784 | ---- | C] (Microsoft Corporation)
wmploc.DLL -> C:\Windows\System32\wmploc.DLL -> [2010/04/24 14:58:55 | 008,147,456 | ---- | C] (Microsoft Corporation)
AnyDVDHD -> C:\Users\Graham\Documents\AnyDVDHD -> [2010/04/22 16:49:59 | 000,000,000 | ---D | C]
SlySoft -> C:\ProgramData\SlySoft -> [2010/04/22 16:47:44 | 000,000,000 | ---D | C]
SlySoft -> C:\Program Files\SlySoft -> [2010/04/22 16:41:17 | 000,000,000 | ---D | C]
AdFirewall.SYS -> C:\Windows\System32\drivers\AdFirewall.SYS -> [2010/04/21 23:36:03 | 000,044,032 | ---- | C] (FYSecurity Tech Inc.)
AdFirewallDriver.SYS -> C:\Windows\System32\drivers\AdFirewallDriver.SYS -> [2010/04/21 23:36:03 | 000,009,728 | ---- | C] (FYSecurity Tech Inc.)
AdFirewall -> C:\Program Files\AdFirewall -> [2010/04/21 23:36:03 | 000,000,000 | ---D | C]
iTunes Agent -> C:\Users\Graham\AppData\Roaming\iTunes Agent -> [2010/04/20 21:44:23 | 000,000,000 | ---D | C]
Jaran Nilsen -> C:\Users\Graham\AppData\Roaming\Jaran Nilsen -> [2010/04/20 21:30:46 | 000,000,000 | ---D | C]
iTunes Agent -> C:\Program Files\iTunes Agent -> [2010/04/20 21:30:26 | 000,000,000 | ---D | C]
PC Suite -> C:\ProgramData\PC Suite -> [2010/04/20 18:29:32 | 000,000,000 | ---D | C]
PC Suite -> C:\Users\Graham\AppData\Roaming\PC Suite -> [2010/04/20 18:29:27 | 000,000,000 | ---D | C]
Samsung -> C:\Users\Graham\AppData\Roaming\Samsung -> [2010/04/20 18:09:31 | 000,000,000 | ---D | C]
PCSuite -> C:\Program Files\Common Files\PCSuite -> [2010/04/20 18:05:26 | 000,000,000 | ---D | C]
DIFX -> C:\Program Files\DIFX -> [2010/04/20 17:41:32 | 000,000,000 | ---D | C]
pccsmcfd.sys -> C:\Windows\System32\drivers\pccsmcfd.sys -> [2010/04/20 17:41:29 | 000,018,816 | ---- | C] (Nokia)
PC Connectivity Solution -> C:\Program Files\PC Connectivity Solution -> [2010/04/20 17:39:16 | 000,000,000 | ---D | C]
Samsung -> C:\Program Files\Samsung -> [2010/04/20 17:34:51 | 000,000,000 | ---D | C]
JRE -> C:\Program Files\JRE -> [2010/04/20 08:10:42 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\Graham\AppData\Roaming\Malwarebytes -> [2010/04/19 22:40:10 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/04/19 22:39:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/04/19 22:39:47 | 000,000,000 | ---D | C]
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/04/19 22:39:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/04/19 22:39:46 | 000,000,000 | ---D | C]
javaws.exe -> C:\Windows\System32\javaws.exe -> [2010/04/19 20:36:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\System32\javaw.exe -> [2010/04/19 20:36:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2010/04/19 20:36:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
Monthly Quote Reports -> C:\Users\Graham\Documents\Monthly Quote Reports -> [2010/04/19 09:54:52 | 000,000,000 | ---D | C]
Sun -> C:\Windows\Sun -> [2010/04/18 13:59:07 | 000,000,000 | ---D | C]
frost -> C:\Users\Graham\frost -> [2010/04/11 15:19:17 | 000,000,000 | ---D | C]
FrostWire -> C:\Program Files\FrostWire -> [2010/04/11 15:16:33 | 000,000,000 | ---D | C]
Incomplete -> C:\Program Files\Incomplete -> [2010/04/11 15:11:41 | 000,000,000 | ---D | C]
Incomplete -> C:\Users\Graham\Incomplete -> [2010/04/11 14:40:47 | 000,000,000 | ---D | C]
GPhotos.scr -> C:\Windows\System32\GPhotos.scr -> [2010/04/10 04:48:18 | 003,600,384 | ---- | C] (Google Inc.)
AnyDVD.sys -> C:\Windows\System32\drivers\AnyDVD.sys -> [2010/04/07 22:28:12 | 000,104,768 | ---- | C] (SlySoft, Inc.)
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\Graham\ntuser.dat -> [2010/05/06 00:39:04 | 003,670,016 | -HS- | M] ()
OTS.exe -> C:\Users\Graham\Desktop\OTS.exe -> [2010/05/06 00:31:13 | 000,640,000 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/05/05 23:57:01 | 000,000,886 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/05/05 23:57:00 | 000,000,882 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 23:05:43 | 000,003,168 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 23:05:43 | 000,003,168 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/05 21:05:35 | 000,067,584 | --S- | M] ()
Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2010/05/05 07:13:31 | 000,000,868 | ---- | M] ()
User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job -> C:\Windows\tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job -> [2010/05/05 07:02:15 | 000,000,420 | -H-- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Graham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/05/04 06:32:54 | 000,150,016 | ---- | M] ()
i(2).wmv -> C:\Users\Graham\Desktop\i(2).wmv -> [2010/05/04 06:32:53 | 006,923,310 | ---- | M] ()
i.wmv -> C:\Users\Graham\Desktop\i.wmv -> [2010/05/04 06:31:29 | 001,754,980 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/05/03 23:12:08 | 203,159,363 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/03 23:11:41 | 000,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/05/03 23:11:32 | 937,476,096 | -HS- | M] ()
system.ini -> C:\Windows\system.ini -> [2010/05/03 23:04:23 | 000,000,215 | ---- | M] ()
ComboFix.exe -> C:\Users\Graham\Desktop\ComboFix.exe -> [2010/05/03 22:27:46 | 003,926,394 | R--- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/05/03 20:46:56 | 000,766,414 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/05/03 20:46:56 | 000,649,990 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/05/03 20:46:56 | 000,124,218 | ---- | M] ()
Optus Wireless Broadband.lnk -> C:\Users\Public\Desktop\Optus Wireless Broadband.lnk -> [2010/05/03 18:25:34 | 000,001,007 | ---- | M] ()
NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/02 10:11:05 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> [2010/05/02 10:11:05 | 000,065,536 | -HS- | M] ()
ClientQuote.pdf -> C:\Users\Graham\Documents\ClientQuote.pdf -> [2010/04/30 08:40:14 | 000,194,835 | ---- | M] ()
Terms and conditions.pdf -> C:\Users\Graham\Documents\Terms and conditions.pdf -> [2010/04/30 08:40:14 | 000,038,408 | ---- | M] ()
d3d9caps.dat -> C:\Users\Graham\AppData\Local\d3d9caps.dat -> [2010/04/29 17:57:35 | 000,001,356 | ---- | M] ()
Removal List.xls -> C:\Users\Graham\Documents\Removal List.xls -> [2010/04/27 14:19:04 | 000,009,216 | ---- | M] ()
PEV.exe -> C:\Windows\PEV.exe -> [2010/04/26 15:58:12 | 000,256,512 | ---- | M] ()
AdFirewall.lnk -> C:\Users\Graham\Desktop\AdFirewall.lnk -> [2010/04/26 07:46:22 | 000,000,839 | ---- | M] ()
AdFirewall.SYS -> C:\Windows\System32\drivers\AdFirewall.SYS -> [2010/04/26 07:43:43 | 000,044,032 | ---- | M] (FYSecurity Tech Inc.)
AdFirewallDriver.SYS -> C:\Windows\System32\drivers\AdFirewallDriver.SYS -> [2010/04/26 07:43:43 | 000,009,728 | ---- | M] (FYSecurity Tech Inc.)
hijackthis.exe -> C:\Users\Graham\Desktop\hijackthis.exe -> [2010/04/25 15:53:00 | 000,388,608 | ---- | M] (Trend Micro Inc.)
GDIPFONTCACHEV1.DAT -> C:\Users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/04/24 16:01:07 | 000,118,744 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/04/24 15:47:20 | 000,420,936 | ---- | M] ()
NMM-MetaData.db -> C:\Users\Graham\AppData\Roaming\NMM-MetaData.db -> [2010/04/22 20:47:21 | 000,022,207 | ---- | M] ()
.zreglib -> C:\ProgramData\.zreglib -> [2010/04/22 19:44:41 | 000,000,040 | -HS- | M] ()
AnyDVD.lnk -> C:\Users\Public\Desktop\AnyDVD.lnk -> [2010/04/22 16:41:28 | 000,000,905 | ---- | M] ()
0802-A01 REV 0.PDF -> C:\Users\Graham\Desktop\0802-A01 REV 0.PDF -> [2010/04/22 10:25:44 | 000,868,342 | ---- | M] ()
i8910_um_open_eng_rev10_090518.pdf -> C:\Users\Graham\Desktop\i8910_um_open_eng_rev10_090518.pdf -> [2010/04/22 00:08:59 | 002,277,842 | ---- | M] ()
cfe393d2dd4b95ef3753547a6cdde755.ita -> C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita -> [2010/04/20 22:59:37 | 000,000,000 | ---- | M] ()
iTunes Agent.lnk -> C:\Users\Graham\Desktop\iTunes Agent.lnk -> [2010/04/20 21:44:07 | 000,000,863 | ---- | M] ()
Samsung PC Studio 7.lnk -> C:\Users\Public\Desktop\Samsung PC Studio 7.lnk -> [2010/04/20 18:46:01 | 000,002,535 | ---- | M] ()
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [2010/04/20 18:31:32 | 000,000,000 | -H-- | M] ()
OpenOffice.org 3.2.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk -> [2010/04/20 08:14:16 | 000,001,005 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/19 22:39:54 | 000,000,829 | ---- | M] ()
Monthly Quote Report.xls -> C:\Users\Graham\Documents\Monthly Quote Report.xls -> [2010/04/19 08:59:46 | 000,016,384 | ---- | M] ()
Picasa 3.lnk -> C:\Users\Public\Desktop\Picasa 3.lnk -> [2010/04/17 11:04:43 | 000,000,910 | ---- | M] ()
img-4091431-0001.pdf -> C:\Users\Graham\Documents\img-4091431-0001.pdf -> [2010/04/12 06:26:04 | 000,057,381 | ---- | M] ()
FrostWire 4.20.3.lnk -> C:\Users\Graham\Desktop\FrostWire 4.20.3.lnk -> [2010/04/11 15:16:59 | 000,001,025 | ---- | M] ()
GPhotos.scr -> C:\Windows\System32\GPhotos.scr -> [2010/04/10 04:48:18 | 003,600,384 | ---- | M] (Google Inc.)
(WGR) - Graham Rickman.PDF -> C:\Users\Graham\Documents\(WGR) - Graham Rickman.PDF -> [2010/04/08 08:12:32 | 000,173,481 | ---- | M] ()
AnyDVD.sys -> C:\Windows\System32\drivers\AnyDVD.sys -> [2010/04/07 22:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.)
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files - No Company Name]
i(2).wmv -> C:\Users\Graham\Desktop\i(2).wmv -> [2010/05/04 06:32:40 | 006,923,310 | ---- | C] ()
i.wmv -> C:\Users\Graham\Desktop\i.wmv -> [2010/05/04 06:31:18 | 001,754,980 | ---- | C] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/05/03 23:11:35 | 203,159,363 | ---- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2010/05/03 22:52:38 | 000,256,512 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2010/05/03 22:52:38 | 000,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2010/05/03 22:52:38 | 000,080,412 | ---- | C] ()
MBR.exe -> C:\Windows\MBR.exe -> [2010/05/03 22:52:38 | 000,077,312 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2010/05/03 22:52:38 | 000,068,096 | ---- | C] ()
ComboFix.exe -> C:\Users\Graham\Desktop\ComboFix.exe -> [2010/05/03 22:27:37 | 003,926,394 | R--- | C] ()
Optus Wireless Broadband.lnk -> C:\Users\Public\Desktop\Optus Wireless Broadband.lnk -> [2010/05/03 18:25:34 | 000,001,007 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/05/02 10:11:45 | 937,476,096 | -HS- | C] ()
Terms and conditions.pdf -> C:\Users\Graham\Documents\Terms and conditions.pdf -> [2010/04/30 08:40:14 | 000,038,408 | ---- | C] ()
ClientQuote.pdf -> C:\Users\Graham\Documents\ClientQuote.pdf -> [2010/04/30 08:40:08 | 000,194,835 | ---- | C] ()
Removal List.xls -> C:\Users\Graham\Documents\Removal List.xls -> [2010/04/27 13:20:27 | 000,009,216 | ---- | C] ()
.zreglib -> C:\ProgramData\.zreglib -> [2010/04/22 16:47:44 | 000,000,040 | -HS- | C] ()
AnyDVD.lnk -> C:\Users\Public\Desktop\AnyDVD.lnk -> [2010/04/22 16:41:28 | 000,000,905 | ---- | C] ()
0802-A01 REV 0.PDF -> C:\Users\Graham\Desktop\0802-A01 REV 0.PDF -> [2010/04/22 10:25:39 | 000,868,342 | ---- | C] ()
i8910_um_open_eng_rev10_090518.pdf -> C:\Users\Graham\Desktop\i8910_um_open_eng_rev10_090518.pdf -> [2010/04/22 00:08:41 | 002,277,842 | ---- | C] ()
AdFirewall.lnk -> C:\Users\Graham\Desktop\AdFirewall.lnk -> [2010/04/21 23:36:04 | 000,000,839 | ---- | C] ()
cfe393d2dd4b95ef3753547a6cdde755.ita -> C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita -> [2010/04/20 22:59:37 | 000,000,000 | ---- | C] ()
iTunes Agent.lnk -> C:\Users\Graham\Desktop\iTunes Agent.lnk -> [2010/04/20 21:30:32 | 000,000,863 | ---- | C] ()
NMM-MetaData.db -> C:\Users\Graham\AppData\Roaming\NMM-MetaData.db -> [2010/04/20 19:11:16 | 000,022,207 | ---- | C] ()
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [2010/04/20 18:31:32 | 000,000,000 | -H-- | C] ()
Samsung PC Studio 7.lnk -> C:\Users\Public\Desktop\Samsung PC Studio 7.lnk -> [2010/04/20 18:06:02 | 000,002,535 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/19 22:39:54 | 000,000,829 | ---- | C] ()
OpenOffice.org 3.2.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk -> [2010/04/19 20:49:11 | 000,001,005 | ---- | C] ()
Picasa 3.lnk -> C:\Users\Public\Desktop\Picasa 3.lnk -> [2010/04/17 11:04:42 | 000,000,910 | ---- | C] ()
img-4091431-0001.pdf -> C:\Users\Graham\Documents\img-4091431-0001.pdf -> [2010/04/12 06:26:01 | 000,057,381 | ---- | C] ()
FrostWire 4.20.3.lnk -> C:\Users\Graham\Desktop\FrostWire 4.20.3.lnk -> [2010/04/11 15:10:35 | 000,001,025 | ---- | C] ()
(WGR) - Graham Rickman.PDF -> C:\Users\Graham\Documents\(WGR) - Graham Rickman.PDF -> [2010/04/08 08:12:29 | 000,173,481 | ---- | C] ()
usbhsb.sys -> C:\Windows\System32\drivers\usbhsb.sys -> [2010/02/22 17:22:03 | 000,018,690 | ---- | C] ()
cpwmon2k.dll -> C:\Windows\System32\cpwmon2k.dll -> [2009/09/11 05:56:26 | 000,087,552 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 13:07:42 | 000,403,816 | ---- | C] ()
libavcodec.dll -> C:\Windows\System32\libavcodec.dll -> [2008/12/29 00:59:44 | 004,377,500 | ---- | C] ()
ff_theora.dll -> C:\Windows\System32\ff_theora.dll -> [2008/12/28 23:51:00 | 000,239,247 | ---- | C] ()
libmpeg2_ff.dll -> C:\Windows\System32\libmpeg2_ff.dll -> [2008/12/28 23:50:50 | 000,145,609 | ---- | C] ()
libmplayer.dll -> C:\Windows\System32\libmplayer.dll -> [2008/12/28 23:49:08 | 000,560,802 | ---- | C] ()
ff_liba52.dll -> C:\Windows\System32\ff_liba52.dll -> [2008/12/13 00:57:38 | 000,142,848 | ---- | C] ()
ff_samplerate.dll -> C:\Windows\System32\ff_samplerate.dll -> [2008/12/10 02:57:26 | 000,183,296 | ---- | C] ()
ff_libmad.dll -> C:\Windows\System32\ff_libmad.dll -> [2008/12/10 02:57:18 | 000,178,688 | ---- | C] ()
ff_unrar.dll -> C:\Windows\System32\ff_unrar.dll -> [2008/12/10 02:57:02 | 000,113,152 | ---- | C] ()
ff_tremor.dll -> C:\Windows\System32\ff_tremor.dll -> [2008/12/10 02:56:42 | 000,146,944 | ---- | C] ()
ff_libdts.dll -> C:\Windows\System32\ff_libdts.dll -> [2008/12/10 02:56:34 | 000,257,024 | ---- | C] ()
ff_libfaad2.dll -> C:\Windows\System32\ff_libfaad2.dll -> [2008/12/10 02:56:22 | 000,485,888 | ---- | C] ()
ff_x264.dll -> C:\Windows\System32\ff_x264.dll -> [2008/12/08 21:37:04 | 000,884,237 | ---- | C] ()
xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2008/12/08 21:34:42 | 000,791,742 | ---- | C] ()
ff_wmv9.dll -> C:\Windows\System32\ff_wmv9.dll -> [2008/12/08 20:53:40 | 000,093,184 | ---- | C] ()
ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2008/12/08 20:53:32 | 000,057,344 | ---- | C] ()
xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2008/12/05 05:46:08 | 000,180,224 | ---- | C] ()
ff_kernelDeint.dll -> C:\Windows\System32\ff_kernelDeint.dll -> [2008/11/27 03:55:22 | 000,683,520 | ---- | C] ()
TomsMoComp_ff.dll -> C:\Windows\System32\TomsMoComp_ff.dll -> [2008/11/27 02:49:10 | 000,238,080 | ---- | C] ()
qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2008/08/06 06:02:12 | 003,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\Windows\System32\dtu100.dll.manifest -> [2008/08/06 05:59:04 | 000,000,416 | ---- | C] ()
dpl100.dll.manifest -> C:\Windows\System32\dpl100.dll.manifest -> [2008/08/06 05:59:04 | 000,000,416 | ---- | C] ()
dxr.dll -> C:\Windows\System32\dxr.dll -> [2008/03/29 23:42:22 | 000,245,248 | ---- | C] ()
avss.dll -> C:\Windows\System32\avss.dll -> [2008/03/29 23:42:14 | 000,102,400 | ---- | C] ()
mkx.dll -> C:\Windows\System32\mkx.dll -> [2008/03/29 23:42:08 | 000,148,992 | ---- | C] ()
mp4.dll -> C:\Windows\System32\mp4.dll -> [2008/03/29 23:42:04 | 000,141,312 | ---- | C] ()
avi.dll -> C:\Windows\System32\avi.dll -> [2008/03/29 23:42:04 | 000,108,032 | ---- | C] ()
ogm.dll -> C:\Windows\System32\ogm.dll -> [2008/03/29 23:42:02 | 000,120,832 | ---- | C] ()
ts.dll -> C:\Windows\System32\ts.dll -> [2008/03/29 23:42:00 | 000,163,840 | ---- | C] ()
avs.dll -> C:\Windows\System32\avs.dll -> [2008/03/29 23:41:54 | 000,097,280 | ---- | C] ()
mkzlib.dll -> C:\Windows\System32\mkzlib.dll -> [2008/03/29 23:41:52 | 000,079,360 | ---- | C] ()
mkunicode.dll -> C:\Windows\System32\mkunicode.dll -> [2008/03/29 23:41:52 | 000,023,552 | ---- | C] ()
csellang.ini -> C:\Windows\System32\csellang.ini -> [2008/02/24 02:51:47 | 000,128,113 | ---- | C] ()
csellang.dll -> C:\Windows\System32\csellang.dll -> [2008/02/24 02:51:47 | 000,045,056 | ---- | C] ()
tosmreg.ini -> C:\Windows\System32\tosmreg.ini -> [2008/02/24 02:51:47 | 000,010,150 | ---- | C] ()
cseltbl.ini -> C:\Windows\System32\cseltbl.ini -> [2008/02/24 02:51:47 | 000,007,671 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2008/02/03 02:28:25 | 000,000,376 | ---- | C] ()
Registration.ini -> C:\Windows\System32\Registration.ini -> [2007/10/13 17:30:20 | 000,000,137 | ---- | C] ()
NDSTray.INI -> C:\Windows\NDSTray.INI -> [2007/08/24 03:32:22 | 000,000,000 | ---- | C] ()
IVIresizeW7.dll -> C:\Windows\System32\IVIresizeW7.dll -> [2007/08/24 03:29:19 | 000,204,800 | ---- | C] ()
IVIresizeA6.dll -> C:\Windows\System32\IVIresizeA6.dll -> [2007/08/24 03:29:19 | 000,200,704 | ---- | C] ()
IVIresizeP6.dll -> C:\Windows\System32\IVIresizeP6.dll -> [2007/08/24 03:29:19 | 000,192,512 | ---- | C] ()
IVIresizeM6.dll -> C:\Windows\System32\IVIresizeM6.dll -> [2007/08/24 03:29:19 | 000,192,512 | ---- | C] ()
IVIresizePX.dll -> C:\Windows\System32\IVIresizePX.dll -> [2007/08/24 03:29:19 | 000,188,416 | ---- | C] ()
IVIresize.dll -> C:\Windows\System32\IVIresize.dll -> [2007/08/24 03:29:19 | 000,020,480 | ---- | C] ()
rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2007/08/24 03:13:48 | 000,016,480 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2007/08/24 02:30:51 | 001,060,424 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2007/08/24 02:29:59 | 000,159,744 | ---- | C] ()
ff_vfw.dll.manifest -> C:\Windows\System32\ff_vfw.dll.manifest -> [2007/07/11 01:10:12 | 000,000,547 | ---- | C] ()
TosBtAcc.dll -> C:\Windows\System32\TosBtAcc.dll -> [2006/12/06 04:05:04 | 000,114,688 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 20:37:35 | 000,030,808 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 20:37:35 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 20:37:35 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 20:37:35 | 000,026,040 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 20:35:32 | 000,005,632 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 15:40:29 | 000,013,750 | ---- | C] ()
wceprv.dll -> C:\Windows\System32\wceprv.dll -> [2006/07/07 01:53:56 | 000,003,584 | ---- | C] ()
TosCommAPI.dll -> C:\Windows\System32\TosCommAPI.dll -> [2005/07/23 12:30:18 | 000,065,536 | ---- | C] ()
< End of report >
[/code]

 

[peku006]

Hi grubbit

Run OTS

Under the Paste Fix Here box on the right, paste in the following

[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Graham\AppData\Roaming\Mozilla\FireFox\Profiles\ubsdp1tb.default\prefs.js
YN -> browser.search.defaulturl -> "http://www.dymasearch.com/search.php?src=tops&q="
YN -> extensions.enabledItems -> {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3
YN -> keyword.URL -> "http://www.dymasearch.com/search.php?src=tops&q="

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.

Thanks peku006

 

[grubbit]

The filw you mentioned did not exist, the only one found was this
[Registry - Safe List]
Prefs.js: "http://www.dymasearch.com/search.php?src=tops&q=" removed from browser.search.defaulturl
Prefs.js: {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3 removed from extensions.enabledItems
Prefs.js: "http://www.dymasearch.com/search.php?src=tops&q=" removed from keyword.URL
< End of fix log >
OTS by OldTimer - Version 3.1.31.0 fix logfile created on 05062010_220336

 

[peku006]

Hi grubbit

1 - Clean temp files

• Please download TFC to your desktop
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

2 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

Thanks peku006

 

[grubbit]

ESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cabErr:The operation completed successfully.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f59e92ee02886b4a805ba4070d3715af
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-07 01:24:07
# local_time=2010-05-07 09:24:07 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 763970 763970 0 0
# compatibility_mode=1024 16777215 100 0 15421028 15421028 0 0
# compatibility_mode=5892 16776573 100 100 324956 110754837 0 0
# compatibility_mode=8192 67108863 100 0 526 526 0 0
# scanned=143061
# found=4
# cleaned=0
# scan_time=12937
C:\Users\Graham\Documents\FrostWire\Incomplete\Saved\xavier rudd [new album].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Users\Graham\Documents\FrostWire\Incomplete\Saved\z cars.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Users\Graham\Documents\FrostWire\Incomplete\Saved\z cars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Users\Graham\Music\take me my heart.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I

 

[grubbit]

hjt file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:38 PM, on 7/05/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Users\Graham\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c985f3866ccc10) (gupdate1c985f3866ccc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7943 bytes

 

[peku006]

Hi grubbit

Delete this folder
C:\Users\Graham\Documents\FrostWire\Incomplete\Saved

How's the computer running now? Any problems?

Thanks peku006