dynamet problem

grubbit · May 8, 2010

Hi again,
I just used my laptop for a few hours and nothing, then when I logged on to your site i got 2 pop ups straight away. Seems we have tried everything besides a format and it just reappears every time. when I am not connected to the net and try to open a web page the URL is always www.dymanet at the beginning and then a the link to the page I am looking for.

peku006 · May 8, 2010

Hi grubbit

let´s try this

Close Firefox.
On your keyboard hit the Windows key and R simultaneously.

In the Run box type in this command and hit enter.

"%PROGRAMFILES%\Mozilla Firefox\firefox.exe" -safe-mode

Don't make any changes.
Click on Continue in Safe Mode

Firefox should start up. It may look unusual but it will work.
Let me know if your issue happens with Firefox in this mode.

Thanks peku006

grubbit · May 9, 2010

Hi Peku,
I have been surfing for over an hour in the mode you suggested and not one pop up, hope this helps you.

peku006 · May 9, 2010

Hi grubbit

yes it helped, some problems with Firefox are caused by extensions or themes.

Please read this page and post back if it helped.

Thanks peku006

grubbit · May 10, 2010

Hi Peku,
I did all what you said and it is still here. Banners at the top of the page and sometimes redirection to an ad site. It is all getting too much and I think I have no alternative other than to format. We have tried everything and each time it comes back, are we running out of ideas???

peku006 · May 10, 2010

Hi grubbit

we need to find it

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:regfind
*dymanet*
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

grubbit · May 11, 2010

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:55 on 11/05/2010 by Graham (Administrator - Elevation successful)

========== regfind ==========

Searching for "*dymanet*"
No data found.

-=End Of File=-

grubbit · May 11, 2010

Maybe this will help

When I got a popup ad I checked with Firefox and it said the source was here
www.wwwadcntr.com/vsphp?pid=183&cid=0&crid=0&t=0(9)&ccsaid
is this what we are looking for?

peku006 · May 11, 2010

Hi TMJ1968

it's not what we're looking for.......

1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006

grubbit · May 12, 2010

The Combofix log

ComboFix 10-05-10.05 - Graham 12/05/2010 10:12:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.893.244 [GMT 8:00]
Running from: c:\users\Graham\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AbaleZip.dll
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-1731352543-3892579127-1766459742-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\Install.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\Graham\AppData\Roaming\Microsoft\Windows\Recent\fix.txt.URL

.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-12 02:24 . 2010-05-12 02:24 -------- d-----w- c:\users\Graham\AppData\Local\temp
2010-05-12 02:24 . 2010-05-12 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 02:07 . 2010-05-12 02:08 -------- d-----w- C:\32788R22FWJFW
2010-05-08 13:55 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-08 13:55 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-08 13:55 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-08 13:55 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-08 13:55 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-08 13:54 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-08 13:54 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-08 13:53 . 2010-05-08 13:53 -------- d-----w- c:\programdata\Alwil Software
2010-05-08 13:53 . 2010-05-08 13:53 -------- d-----w- c:\program files\Alwil Software
2010-05-07 09:39 . 2010-05-07 09:39 -------- d-----w- c:\program files\ESET
2010-05-06 14:03 . 2010-05-06 14:03 -------- d-----w- C:\_OTS
2010-05-03 10:25 . 2009-10-20 10:47 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-05-03 10:25 . 2009-10-12 07:22 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-05-03 10:25 . 2009-09-10 06:55 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-05-03 10:25 . 2007-08-08 20:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-05-03 10:25 . 2010-05-03 10:29 -------- d-----w- c:\program files\Optus Wireless Broadband
2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- c:\program files\trend micro
2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- C:\rsit
2010-04-25 06:00 . 2010-04-25 06:00 52224 ----a-w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 06:00 . 2010-04-25 06:00 117760 ----a-w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 05:59 . 2010-04-25 05:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-25 05:57 . 2010-04-25 11:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-25 05:57 . 2010-04-25 05:57 -------- d-----w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com
2010-04-24 07:22 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-24 07:22 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-24 07:22 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-24 07:11 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 07:10 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-24 07:09 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-04-24 07:09 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-04-24 07:09 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-24 06:59 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-24 06:58 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-22 11:53 . 2009-05-26 16:43 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-22 11:53 . 2009-02-27 11:07 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe
2010-04-22 08:47 . 2010-04-22 08:47 -------- d-----w- c:\programdata\SlySoft
2010-04-22 08:41 . 2010-04-22 08:41 -------- d-----w- c:\program files\SlySoft
2010-04-21 15:36 . 2010-04-28 13:13 -------- d-----w- c:\program files\AdFirewall
2010-04-21 15:36 . 2010-04-25 23:43 9728 ----a-w- c:\windows\system32\drivers\AdFirewallDriver.SYS
2010-04-21 15:36 . 2010-04-25 23:43 44032 ----a-w- c:\windows\system32\drivers\AdFirewall.SYS
2010-04-20 13:44 . 2010-04-20 13:44 -------- d-----w- c:\users\Graham\AppData\Roaming\iTunes Agent
2010-04-20 13:30 . 2010-04-20 13:30 -------- d-----w- c:\users\Graham\AppData\Roaming\Jaran Nilsen
2010-04-20 13:30 . 2010-04-20 13:44 -------- d-----w- c:\program files\iTunes Agent
2010-04-20 10:29 . 2010-04-20 10:30 -------- d-----w- c:\programdata\PC Suite
2010-04-20 10:29 . 2010-04-20 10:31 -------- d-----w- c:\users\Graham\AppData\Roaming\PC Suite
2010-04-20 10:09 . 2010-04-22 12:42 -------- d-----w- c:\users\Graham\AppData\Roaming\Samsung
2010-04-20 10:05 . 2010-04-20 10:05 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-20 09:41 . 2010-04-20 09:41 -------- d-----w- c:\program files\DIFX
2010-04-20 09:41 . 2008-08-26 01:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-20 09:39 . 2010-04-20 09:39 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 09:34 . 2010-04-20 10:05 -------- d-----w- c:\program files\Samsung
2010-04-20 00:10 . 2010-04-20 00:10 -------- d-----w- c:\program files\JRE
2010-04-19 14:40 . 2010-04-19 14:40 -------- d-----w- c:\users\Graham\AppData\Roaming\Malwarebytes
2010-04-19 14:39 . 2010-03-29 07:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 14:39 . 2010-04-19 14:39 -------- d-----w- c:\programdata\Malwarebytes
2010-04-19 14:39 . 2010-04-19 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 14:39 . 2010-03-29 07:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 05:59 . 2010-04-18 05:59 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 00:14 . 2008-02-28 05:27 -------- d-----w- c:\program files\Google
2010-05-09 23:36 . 2009-01-18 22:41 1 ----a-w- c:\users\Graham\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-09 02:43 . 2009-03-16 14:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-06 09:35 . 2009-03-01 04:01 1356 ----a-w- c:\users\Graham\AppData\Local\d3d9caps.dat
2010-05-04 09:25 . 2009-03-06 23:50 -------- d-----w- c:\users\Graham\AppData\Roaming\Skype
2010-05-04 09:16 . 2009-03-06 23:52 -------- d-----w- c:\users\Graham\AppData\Roaming\skypePM
2010-04-26 06:03 . 2009-11-09 22:11 -------- d-----w- c:\programdata\avg9
2010-04-25 11:22 . 2008-02-03 05:17 -------- d-----w- c:\program files\Yahoo!
2010-04-25 11:18 . 2010-02-23 09:34 -------- d-----w- c:\program files\HP
2010-04-25 11:16 . 2009-07-03 23:23 -------- d-----w- c:\program files\Juice
2010-04-25 08:25 . 2008-09-26 08:00 -------- d-----w- c:\users\Graham\AppData\Roaming\FrostWire
2010-04-24 08:01 . 2008-02-01 22:10 118744 ----a-w- c:\users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 07:46 . 2008-04-12 18:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-24 07:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-24 07:37 . 2007-09-02 11:39 -------- d-----w- c:\programdata\Microsoft Help
2010-04-21 11:04 . 2010-03-22 10:51 -------- d-----w- c:\users\Graham\AppData\Roaming\GetRightToGo
2010-04-20 10:31 . 2010-04-20 10:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-04-20 09:32 . 2009-09-15 11:32 -------- d-----w- c:\programdata\Installations
2010-04-20 00:24 . 2009-01-18 22:40 -------- d-----w- c:\users\Graham\AppData\Roaming\OpenOffice.org
2010-04-20 00:10 . 2008-12-21 00:53 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-19 23:49 . 2008-10-13 14:13 -------- d-----w- c:\users\Graham\AppData\Roaming\ZoomBrowser EX
2010-04-19 23:48 . 2009-01-26 13:58 -------- d-----w- c:\users\Graham\AppData\Roaming\CameraWindowDC
2010-04-19 12:35 . 2007-08-23 18:56 -------- d-----w- c:\program files\Java
2010-04-11 08:47 . 2010-04-11 07:11 -------- d-----w- c:\program files\Incomplete
2010-04-11 08:47 . 2010-04-11 07:16 -------- d-----w- c:\program files\FrostWire
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-07 14:28 . 2010-04-07 14:28 104768 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-04-01 21:50 . 2007-08-23 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 08:41 . 2009-04-26 13:31 -------- d-----w- c:\users\Graham\AppData\Roaming\mIRC
2010-03-19 13:31 . 2010-03-19 13:31 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-03-16 23:47 . 2010-03-16 23:47 -------- d-----w- c:\program files\Defraggler
2010-03-16 23:45 . 2008-07-12 12:41 -------- d-----w- c:\program files\CCleaner
2010-03-16 14:35 . 2010-03-16 14:31 -------- d-----w- c:\users\Graham\AppData\Roaming\Apple Computer
2010-03-16 14:29 . 2010-03-16 14:27 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 14:29 . 2010-03-16 14:27 -------- d-----w- c:\program files\iTunes
2010-03-16 14:28 . 2010-03-16 14:28 -------- d-----w- c:\program files\iPod
2010-03-16 14:28 . 2009-11-03 07:01 -------- d-----w- c:\program files\Common Files\Apple
2010-03-16 14:27 . 2010-03-16 14:23 -------- d-----w- c:\programdata\Apple Computer
2010-03-16 14:24 . 2010-03-16 14:24 -------- d-----w- c:\program files\Bonjour
2010-03-16 14:24 . 2010-03-16 14:23 -------- d-----w- c:\program files\QuickTime
2010-03-08 20:28 . 2008-11-26 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 14:01 . 2010-04-24 07:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 02:16 . 2009-10-02 22:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 11:32 . 2010-04-24 07:11 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:32 . 2010-04-24 07:11 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:32 . 2010-04-24 07:11 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 09:53 . 2010-02-23 09:31 160876 ----a-w- c:\windows\hpoins44.dat
2010-02-23 06:39 . 2010-04-24 07:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-24 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-24 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-24 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 14:49 . 2010-04-24 07:12 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:49 . 2010-04-24 07:12 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:49 . 2010-04-24 07:12 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:11 . 2010-04-24 07:12 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:52 . 2010-04-24 07:12 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 00:01 . 2010-03-22 10:57 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2010-02-15 10:41 . 2010-02-15 10:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="TOSCDSPD.EXE" [BU]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]
"S60 PC Suite Tray"="c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-05 699392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdFirewall]
2010-04-25 23:43 878592 ----a-w- c:\program files\AdFirewall\AdFirewall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 08:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 10:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 07:24 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60 PC Suite Tray]
2008-12-05 17:48 699392 ----a-w- c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
c:\program files\Search Settings\SearchSettings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 06:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYTIEM]
c:\users\Graham\AppData\Local\Temp\csrss.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
c:\program files\Vidalia Bundle\Vidalia\vidalia.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 gupdate1c985f3866ccc10;Google Update Service (gupdate1c985f3866ccc10);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-20 112640]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-02-18 23096]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [x]
S0 AdFirewallDriver;AdFirewall Driver; [x]
S1 AdFirewall;AdFirewall Driver;c:\windows\system32\drivers\AdFirewall.SYS [2010-04-25 44032]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{233807B5-2H70-13D0-A31Q-00BB00B32C03}]
c:\users\Graham\AppData\Local\Temp\csrss.exe [BU]
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 12:10]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 11:35]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 11:35]

2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
- c:\windows\system32\msfeedssync.exe [2010-04-24 04:54]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}\components\36994292-eab8-0275-0c21-165a85a15760.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 10:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-12 10:29:45
ComboFix-quarantined-files.txt 2010-05-12 02:29

Pre-Run: 89,878,331,392 bytes free
Post-Run: 89,619,156,992 bytes free

- - End Of File - - 3446D0961202427CD6B3D03FF2A87879

peku006 · May 12, 2010

Hi grubbit

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code:

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}\components\36994292-eab8-0275-0c21-165a85a15760.dll

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with

the ComboFix log(C:\ComboFix.txt)

Thanks peku006

grubbit · May 12, 2010

new combofix log

ComboFix 10-05-10.05 - Graham 12/05/2010 16:15:59.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.893.189 [GMT 8:00]
Running from: c:\users\Graham\Desktop\ComboFix.exe
Command switches used :: c:\users\Graham\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}\components\36994292-eab8-0275-0c21-165a85a15760.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-12 08:28 . 2010-05-12 08:28 -------- d-----w- c:\users\Graham\AppData\Local\temp
2010-05-12 08:28 . 2010-05-12 08:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-12 08:28 . 2010-05-12 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 13:55 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-08 13:55 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-08 13:55 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-08 13:55 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-08 13:55 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-08 13:54 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-08 13:54 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-08 13:53 . 2010-05-08 13:53 -------- d-----w- c:\programdata\Alwil Software
2010-05-08 13:53 . 2010-05-08 13:53 -------- d-----w- c:\program files\Alwil Software
2010-05-07 09:39 . 2010-05-07 09:39 -------- d-----w- c:\program files\ESET
2010-05-06 14:03 . 2010-05-06 14:03 -------- d-----w- C:\_OTS
2010-05-03 10:25 . 2009-10-20 10:47 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-05-03 10:25 . 2009-10-12 07:22 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-05-03 10:25 . 2009-09-10 06:55 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-05-03 10:25 . 2007-08-08 20:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-05-03 10:25 . 2010-05-03 10:29 -------- d-----w- c:\program files\Optus Wireless Broadband
2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- c:\program files\trend micro
2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- C:\rsit
2010-04-25 06:00 . 2010-04-25 06:00 52224 ----a-w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 06:00 . 2010-04-25 06:00 117760 ----a-w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 05:59 . 2010-04-25 05:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-25 05:57 . 2010-04-25 11:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-25 05:57 . 2010-04-25 05:57 -------- d-----w- c:\users\Graham\AppData\Roaming\SUPERAntiSpyware.com
2010-04-24 07:22 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-24 07:22 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-24 07:22 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-24 07:11 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 07:10 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-24 07:09 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-04-24 07:09 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-04-24 07:09 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-24 06:59 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-24 06:58 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-22 11:53 . 2009-05-26 16:43 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-22 11:53 . 2009-02-27 11:07 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe
2010-04-22 08:47 . 2010-04-22 08:47 -------- d-----w- c:\programdata\SlySoft
2010-04-22 08:41 . 2010-04-22 08:41 -------- d-----w- c:\program files\SlySoft
2010-04-21 15:36 . 2010-04-28 13:13 -------- d-----w- c:\program files\AdFirewall
2010-04-21 15:36 . 2010-04-25 23:43 9728 ----a-w- c:\windows\system32\drivers\AdFirewallDriver.SYS
2010-04-21 15:36 . 2010-04-25 23:43 44032 ----a-w- c:\windows\system32\drivers\AdFirewall.SYS
2010-04-20 13:44 . 2010-04-20 13:44 -------- d-----w- c:\users\Graham\AppData\Roaming\iTunes Agent
2010-04-20 13:30 . 2010-04-20 13:30 -------- d-----w- c:\users\Graham\AppData\Roaming\Jaran Nilsen
2010-04-20 13:30 . 2010-04-20 13:44 -------- d-----w- c:\program files\iTunes Agent
2010-04-20 10:29 . 2010-04-20 10:30 -------- d-----w- c:\programdata\PC Suite
2010-04-20 10:29 . 2010-04-20 10:31 -------- d-----w- c:\users\Graham\AppData\Roaming\PC Suite
2010-04-20 10:09 . 2010-04-22 12:42 -------- d-----w- c:\users\Graham\AppData\Roaming\Samsung
2010-04-20 10:05 . 2010-04-20 10:05 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-20 09:41 . 2010-04-20 09:41 -------- d-----w- c:\program files\DIFX
2010-04-20 09:41 . 2008-08-26 01:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-20 09:39 . 2010-04-20 09:39 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 09:34 . 2010-04-20 10:05 -------- d-----w- c:\program files\Samsung
2010-04-20 00:10 . 2010-04-20 00:10 -------- d-----w- c:\program files\JRE
2010-04-19 14:40 . 2010-04-19 14:40 -------- d-----w- c:\users\Graham\AppData\Roaming\Malwarebytes
2010-04-19 14:39 . 2010-03-29 07:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-19 14:39 . 2010-04-19 14:39 -------- d-----w- c:\programdata\Malwarebytes
2010-04-19 14:39 . 2010-04-19 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 14:39 . 2010-03-29 07:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 05:59 . 2010-04-18 05:59 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 00:14 . 2008-02-28 05:27 -------- d-----w- c:\program files\Google
2010-05-09 23:36 . 2009-01-18 22:41 1 ----a-w- c:\users\Graham\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-09 02:43 . 2009-03-16 14:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-06 09:35 . 2009-03-01 04:01 1356 ----a-w- c:\users\Graham\AppData\Local\d3d9caps.dat
2010-05-04 09:25 . 2009-03-06 23:50 -------- d-----w- c:\users\Graham\AppData\Roaming\Skype
2010-05-04 09:16 . 2009-03-06 23:52 -------- d-----w- c:\users\Graham\AppData\Roaming\skypePM
2010-04-26 06:03 . 2009-11-09 22:11 -------- d-----w- c:\programdata\avg9
2010-04-25 11:22 . 2008-02-03 05:17 -------- d-----w- c:\program files\Yahoo!
2010-04-25 11:18 . 2010-02-23 09:34 -------- d-----w- c:\program files\HP
2010-04-25 11:16 . 2009-07-03 23:23 -------- d-----w- c:\program files\Juice
2010-04-25 08:25 . 2008-09-26 08:00 -------- d-----w- c:\users\Graham\AppData\Roaming\FrostWire
2010-04-24 08:01 . 2008-02-01 22:10 118744 ----a-w- c:\users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 07:46 . 2008-04-12 18:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-24 07:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-24 07:37 . 2007-09-02 11:39 -------- d-----w- c:\programdata\Microsoft Help
2010-04-21 11:04 . 2010-03-22 10:51 -------- d-----w- c:\users\Graham\AppData\Roaming\GetRightToGo
2010-04-20 10:31 . 2010-04-20 10:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-04-20 09:32 . 2009-09-15 11:32 -------- d-----w- c:\programdata\Installations
2010-04-20 00:24 . 2009-01-18 22:40 -------- d-----w- c:\users\Graham\AppData\Roaming\OpenOffice.org
2010-04-20 00:10 . 2008-12-21 00:53 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-19 23:49 . 2008-10-13 14:13 -------- d-----w- c:\users\Graham\AppData\Roaming\ZoomBrowser EX
2010-04-19 23:48 . 2009-01-26 13:58 -------- d-----w- c:\users\Graham\AppData\Roaming\CameraWindowDC
2010-04-19 12:35 . 2007-08-23 18:56 -------- d-----w- c:\program files\Java
2010-04-11 08:47 . 2010-04-11 07:11 -------- d-----w- c:\program files\Incomplete
2010-04-11 08:47 . 2010-04-11 07:16 -------- d-----w- c:\program files\FrostWire
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-07 14:28 . 2010-04-07 14:28 104768 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-04-01 21:50 . 2007-08-23 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 08:41 . 2009-04-26 13:31 -------- d-----w- c:\users\Graham\AppData\Roaming\mIRC
2010-03-19 13:31 . 2010-03-19 13:31 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-03-16 23:47 . 2010-03-16 23:47 -------- d-----w- c:\program files\Defraggler
2010-03-16 23:45 . 2008-07-12 12:41 -------- d-----w- c:\program files\CCleaner
2010-03-16 14:35 . 2010-03-16 14:31 -------- d-----w- c:\users\Graham\AppData\Roaming\Apple Computer
2010-03-16 14:29 . 2010-03-16 14:27 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 14:29 . 2010-03-16 14:27 -------- d-----w- c:\program files\iTunes
2010-03-16 14:28 . 2010-03-16 14:28 -------- d-----w- c:\program files\iPod
2010-03-16 14:28 . 2009-11-03 07:01 -------- d-----w- c:\program files\Common Files\Apple
2010-03-16 14:27 . 2010-03-16 14:23 -------- d-----w- c:\programdata\Apple Computer
2010-03-16 14:24 . 2010-03-16 14:24 -------- d-----w- c:\program files\Bonjour
2010-03-16 14:24 . 2010-03-16 14:23 -------- d-----w- c:\program files\QuickTime
2010-03-08 20:28 . 2008-11-26 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 14:01 . 2010-04-24 07:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 02:16 . 2009-10-02 22:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 11:32 . 2010-04-24 07:11 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:32 . 2010-04-24 07:11 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:32 . 2010-04-24 07:11 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 09:53 . 2010-02-23 09:31 160876 ----a-w- c:\windows\hpoins44.dat
2010-02-23 06:39 . 2010-04-24 07:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-24 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-24 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-24 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 14:49 . 2010-04-24 07:12 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:49 . 2010-04-24 07:12 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:49 . 2010-04-24 07:12 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:11 . 2010-04-24 07:12 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:52 . 2010-04-24 07:12 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 00:01 . 2010-03-22 10:57 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2010-02-15 10:41 . 2010-02-15 10:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="TOSCDSPD.EXE" [BU]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]
"S60 PC Suite Tray"="c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-05 699392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Graham^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Administrative Tools^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdFirewall]
2010-04-25 23:43 878592 ----a-w- c:\program files\AdFirewall\AdFirewall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 08:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 10:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 07:24 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60 PC Suite Tray]
2008-12-05 17:48 699392 ----a-w- c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
c:\program files\Search Settings\SearchSettings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 06:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYTIEM]
c:\users\Graham\AppData\Local\Temp\csrss.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
c:\program files\Vidalia Bundle\Vidalia\vidalia.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 gupdate1c985f3866ccc10;Google Update Service (gupdate1c985f3866ccc10);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-02-18 23096]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [x]
R3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
S0 AdFirewallDriver;AdFirewall Driver; [x]
S1 AdFirewall;AdFirewall Driver;c:\windows\system32\drivers\AdFirewall.SYS [2010-04-25 44032]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-20 112640]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{233807B5-2H70-13D0-A31Q-00BB00B32C03}]
c:\users\Graham\AppData\Local\Temp\csrss.exe [BU]
.
Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 12:10]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 11:35]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 11:35]

2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
- c:\windows\system32\msfeedssync.exe [2010-04-24 04:54]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 16:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-12 16:34:29
ComboFix-quarantined-files.txt 2010-05-12 08:34
ComboFix2.txt 2010-05-12 02:29

Pre-Run: 94,396,633,088 bytes free
Post-Run: 94,368,886,784 bytes free

- - End Of File - - 2F8FF2E1F1B8F55BDF7E23BADB653CED

peku006 · May 13, 2010

Hi grubbit

this is still there : browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=..........why

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Thanks peku006

grubbit · May 13, 2010

OTL List

OTL logfile created on: 13/05/2010 9:06:25 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Graham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.02 Gb Total Space | 85.96 Gb Free Space | 60.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRAHAM-PC
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Graham\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Graham\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (STSService) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia)
DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia)
DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia)
DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www.dymasearch.com/search.php?src=tops&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3
FF - prefs.js..keyword.URL: "http://www.dymasearch.com/search.php?src=tops&q="
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 10:44:26 | 000,000,000 | ---D | M]

[2008/09/01 03:39:43 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Mozilla\Extensions
[2010/05/12 23:04:22 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions
[2009/09/03 03:43:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/05 20:30:14 | 000,002,164 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\bing.xml
[2010/04/18 13:01:30 | 000,000,254 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\Search.xml
[2010/04/19 20:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:01:20 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}
[2010/03/24 22:09:45 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/24 22:09:45 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/24 22:09:45 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/24 22:09:45 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\Graham\AppData\Local\Temp\cpes_clean_launcher.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003..\Run: [S60 PC Suite Tray] C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O4 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003..\Run: [TOSCDSPD] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.0.51 61.88.88.88
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Graham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Graham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/11/28 00:03:32 | 000,004,286 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/08/25 01:04:06 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{689ce48d-5d99-11df-94c4-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{689ce48d-5d99-11df-94c4-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fafd151c-5dac-11df-9796-00a0d19c58a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fafd151c-5dac-11df-9796-00a0d19c58a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/13 21:05:01 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Graham\Desktop\OTL.exe
[2010/05/13 20:59:44 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Users\Graham\Desktop\ccsetup231.exe
[2010/05/12 21:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2010/05/12 17:51:12 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/05/12 17:51:12 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/05/12 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\ForceField Shared Files
[2010/05/12 17:50:23 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\CheckPoint
[2010/05/12 17:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/12 17:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/05/12 16:34:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/12 16:34:33 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Local\temp
[2010/05/12 16:13:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/12 16:13:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/08 21:55:51 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/08 21:55:51 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/08 21:55:49 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/08 21:55:47 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/08 21:55:43 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/08 21:54:10 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/08 21:54:10 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/08 21:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/06 22:03:36 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/05/03 23:04:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/03 22:52:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/03 22:52:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/03 22:52:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/03 22:52:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/03 22:51:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/03 18:25:28 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/05/03 18:25:28 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/05/03 18:25:28 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010/05/03 18:25:28 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010/05/03 18:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Wireless Broadband
[2010/04/28 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/04/28 21:35:02 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/25 15:52:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Graham\Desktop\hijackthis.exe
[2010/04/25 13:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/25 13:57:26 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/25 13:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/24 15:22:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/04/24 15:22:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/04/24 15:12:37 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/24 15:12:31 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/24 15:12:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/24 15:12:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/24 15:12:24 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/24 15:12:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/24 15:12:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/24 15:12:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/24 15:12:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/24 15:12:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/24 15:12:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/24 15:12:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/24 15:12:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/24 15:12:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/24 15:12:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/24 15:12:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/24 15:12:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/24 15:12:14 | 000,220,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/04/24 15:12:14 | 000,098,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/04/24 15:12:13 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/04/24 15:12:01 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/24 15:12:01 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/24 15:11:25 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/04/24 15:11:11 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/04/24 15:11:11 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/04/24 15:11:08 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/04/24 15:11:08 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/04/24 15:11:08 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/04/24 15:11:08 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/04/24 15:11:03 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/04/24 15:11:03 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/04/24 15:11:03 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/04/24 15:10:58 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/04/24 15:10:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/04/24 15:10:57 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/04/24 15:10:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/04/24 15:10:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/04/24 15:10:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/24 15:10:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/04/24 15:10:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/04/24 15:10:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/04/24 15:09:59 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/04/24 15:09:55 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/24 15:09:55 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/04/24 15:09:49 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/04/24 14:59:05 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/04/24 14:58:55 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/04/22 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\AnyDVDHD
[2010/04/22 16:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/04/22 16:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/04/21 23:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\AdFirewall
[2010/04/20 21:44:23 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\iTunes Agent
[2010/04/20 21:30:46 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Jaran Nilsen
[2010/04/20 21:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes Agent
[2010/04/20 18:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/04/20 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\PC Suite
[2010/04/20 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Samsung
[2010/04/20 18:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/04/20 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/04/20 17:41:29 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/04/20 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/20 17:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/04/20 08:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/19 22:40:10 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Malwarebytes
[2010/04/19 22:39:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/19 22:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/19 22:39:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/19 20:36:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/19 20:36:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/19 20:36:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/19 09:54:52 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\Monthly Quote Reports
[2010/04/18 13:59:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2010/05/13 21:05:35 | 003,670,016 | -HS- | M] () -- C:\Users\Graham\ntuser.dat
[2010/05/13 21:05:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Graham\Desktop\OTL.exe
[2010/05/13 21:00:27 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\Graham\Desktop\ccsetup231.exe
[2010/05/13 20:57:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/13 20:47:28 | 000,760,648 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/13 20:47:28 | 000,650,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/13 20:47:28 | 000,124,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/13 20:36:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 20:36:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 20:36:22 | 000,001,356 | ---- | M] () -- C:\Users\Graham\AppData\Local\d3d9caps.dat
[2010/05/13 20:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/13 07:17:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/13 07:14:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 07:14:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/13 07:14:08 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 23:44:35 | 000,524,288 | -HS- | M] () -- C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 23:44:35 | 000,065,536 | -HS- | M] () -- C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/12 23:44:30 | 003,248,858 | -H-- | M] () -- C:\Users\Graham\AppData\Local\IconCache.db
[2010/05/12 21:35:57 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
[2010/05/12 16:28:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/12 09:58:01 | 003,686,521 | R--- | M] () -- C:\Users\Graham\Desktop\ComboFix.exe
[2010/05/10 08:15:42 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 07:34:50 | 000,000,474 | ---- | M] () -- C:\Users\Graham\Documents\hijackthis.exe - Shortcut.lnk
[2010/05/09 07:32:36 | 000,154,112 | ---- | M] () -- C:\Users\Graham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 21:55:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/07 04:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/07 04:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/07 04:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/07 04:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/07 04:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/07 04:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/07 04:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/03 18:25:34 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/04/30 08:40:14 | 000,194,835 | ---- | M] () -- C:\Users\Graham\Documents\ClientQuote.pdf
[2010/04/30 08:40:14 | 000,038,408 | ---- | M] () -- C:\Users\Graham\Documents\Terms and conditions.pdf
[2010/04/27 14:19:04 | 000,009,216 | ---- | M] () -- C:\Users\Graham\Documents\Removal List.xls
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/25 15:53:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Graham\Desktop\hijackthis.exe
[2010/04/24 16:01:07 | 000,118,744 | ---- | M] () -- C:\Users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/24 15:47:20 | 000,420,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/22 20:47:21 | 000,022,207 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\NMM-MetaData.db
[2010/04/22 19:44:41 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/04/22 10:25:44 | 000,868,342 | ---- | M] () -- C:\Users\Graham\Documents\0802-A01 REV 0.PDF
[2010/04/22 00:08:59 | 002,277,842 | ---- | M] () -- C:\Users\Graham\Documents\i8910_um_open_eng_rev10_090518.pdf
[2010/04/20 22:59:37 | 000,000,000 | ---- | M] () -- C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita
[2010/04/20 21:44:07 | 000,000,863 | ---- | M] () -- C:\Users\Graham\Desktop\iTunes Agent.lnk
[2010/04/20 18:46:01 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/04/20 18:31:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/20 08:14:16 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/19 08:59:46 | 000,016,384 | ---- | M] () -- C:\Users\Graham\Documents\Monthly Quote Report.xls
[2010/04/17 11:04:43 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk

========== Files Created - No Company Name ==========

[2010/05/12 09:57:21 | 003,686,521 | R--- | C] () -- C:\Users\Graham\Desktop\ComboFix.exe
[2010/05/10 08:15:42 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 07:34:50 | 000,000,474 | ---- | C] () -- C:\Users\Graham\Documents\hijackthis.exe - Shortcut.lnk
[2010/05/07 21:31:31 | 000,000,910 | ---- | C] () -- C:\Users\Graham\AppData\Local\log.txt.lnk
[2010/05/03 22:52:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/03 22:52:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/03 22:52:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/03 22:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/03 22:52:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/03 18:25:34 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/05/02 10:11:45 | 937,476,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/30 08:40:14 | 000,038,408 | ---- | C] () -- C:\Users\Graham\Documents\Terms and conditions.pdf
[2010/04/30 08:40:08 | 000,194,835 | ---- | C] () -- C:\Users\Graham\Documents\ClientQuote.pdf
[2010/04/27 13:20:27 | 000,009,216 | ---- | C] () -- C:\Users\Graham\Documents\Removal List.xls
[2010/04/24 15:12:14 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/04/22 16:47:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/22 10:25:39 | 000,868,342 | ---- | C] () -- C:\Users\Graham\Documents\0802-A01 REV 0.PDF
[2010/04/22 00:08:41 | 002,277,842 | ---- | C] () -- C:\Users\Graham\Documents\i8910_um_open_eng_rev10_090518.pdf
[2010/04/20 22:59:37 | 000,000,000 | ---- | C] () -- C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita
[2010/04/20 21:30:32 | 000,000,863 | ---- | C] () -- C:\Users\Graham\Desktop\iTunes Agent.lnk
[2010/04/20 19:11:16 | 000,022,207 | ---- | C] () -- C:\Users\Graham\AppData\Roaming\NMM-MetaData.db
[2010/04/20 18:31:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/20 18:06:02 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/04/19 20:49:11 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/17 11:04:42 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/22 17:22:03 | 000,018,690 | ---- | C] () -- C:\Windows\System32\drivers\usbhsb.sys
[2009/09/11 05:56:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/29 00:59:44 | 004,377,500 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/28 23:51:00 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/28 23:50:50 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/12/28 23:49:08 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/12/13 00:57:38 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/12/10 02:57:26 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/12/10 02:57:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/12/10 02:57:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/12/10 02:56:42 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/12/10 02:56:34 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/12/10 02:56:22 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/12/08 21:37:04 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/08 21:34:42 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/08 20:53:40 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/08 20:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/05 05:46:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/27 03:55:22 | 000,683,520 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008/11/27 02:49:10 | 000,238,080 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/08/06 06:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/06 05:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/08/06 05:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/03/29 23:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2008/03/29 23:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2008/03/29 23:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2008/03/29 23:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2008/03/29 23:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2008/03/29 23:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2008/03/29 23:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2008/03/29 23:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2008/03/29 23:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2008/03/29 23:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/02/24 02:51:47 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/24 02:51:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/24 02:51:47 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/24 02:51:47 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/03 02:28:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/13 17:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/08/24 03:32:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/24 03:29:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/24 03:29:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/24 03:29:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/24 03:29:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/24 03:29:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/24 03:29:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/24 03:13:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/24 02:30:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/24 02:29:59 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/11 01:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/12/06 04:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/07 01:53:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2005/07/23 12:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >

grubbit · May 13, 2010

Extras txt

OTL Extras logfile created on: 13/05/2010 9:06:25 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Graham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.02 Gb Total Space | 85.96 Gb Free Space | 60.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRAHAM-PC
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0076ADB6-89F3-41F6-B3B3-85425591BB8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4DB00C4-752E-4660-BC22-C57C66B7E5D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F220A67B-A726-441C-9FAD-473677DE7ED7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8F5B29-1CD4-4AB8-89DD-17F2FD2A86B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{18B98BAE-B04B-4B3F-9B7C-BDD289F08FF8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{1CC68277-98DB-42FF-AC22-C0E33F9EC4F5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{1F8ED8D0-24C8-40E4-B822-5A616616F72B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A9EEDCB-EA4B-4FD1-9E07-7E7FB4047E21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{2E87BA1B-7ECE-40DA-B0C6-00485135916C}" = protocol=17 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{3829C623-1E2E-4456-A485-747779EF2D00}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{3C5D7F97-17C8-4B11-A4F2-91FD0A107EAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3CF9F197-499D-47F9-A8A4-2E8C6D078D2D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4B9EC26A-C8A7-405A-A204-A76699D51AB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{5FC42096-381C-4282-B275-30AB9215240F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{737D00B7-7001-4044-B9FF-3BEA0C8ECDA8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7AA0E304-E0D9-45BA-9949-399A415A1FB9}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{8756146F-9348-4C84-B33C-CEE5D7963B4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8956741E-FEE0-4A4A-BF3B-5A04ACE9353A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8AA3AF5F-082C-489C-82F2-B02095051D89}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F2D769E-1508-4E3C-AA34-08CFD1724326}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{A2154110-3718-45E1-A1F4-00DC73D840D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A66BAD35-972A-4622-9E1D-7362643A50E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{AA132448-B425-4337-88B1-990A80C1A25D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B265112B-B9E1-4E8A-AB63-19D7A7CAAC46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{B68213DB-79E3-4737-9997-92F4C827316A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C8463275-6CBF-4195-81CC-26E2195D66D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB0CBF6B-B193-47E7-8140-C22B813CAA04}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CF81AF1C-156A-45A3-AF91-B72CE90A9100}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{CF9528AB-4EAE-4EC8-A9CC-3283C128B022}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D64EB970-2121-4AFA-AEF0-985A10D792C7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{D8A1A599-3962-4FCD-AE10-96AA011B7962}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{EA250B63-7756-4964-A035-1EE2F2F2EF17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F68B6598-0221-49C7-AA9A-E4A0AD5CE9AE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F8CFE85C-04D3-431B-A435-0A675415C74B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{F9AE1137-2FB9-46CA-8B8B-1E6AA879EEFD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{1F44E990-F310-43D3-818D-D9913ADDE5DF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{437EB848-5E7E-4A3A-8021-592C049DD337}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{47BCD43B-215A-4D67-A17B-82EB6CD839FB}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{603CEEB1-084D-4B5F-A4F4-D4D50A24CB4D}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{6FE770D7-A8CD-46EB-A8B2-3199629077B3}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{7F7275F9-AF82-4A0B-BC6B-8BF9146BAC4E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{9BD152DA-B2B7-4825-A0B0-5E3F5CF18167}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{C4218740-3D7A-4A7B-B8F0-DE4D1B7F857E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EF7D2227-5EEB-4D86-B0F0-0BE3516F2D60}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{0EFA90D7-7D33-4C35-A193-F2380EB7683A}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{0F0D72DA-530D-4550-969F-92551143A566}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3A2C92B7-713B-4032-9D79-EB1D8ED86EF7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{56A01849-40A2-4938-B7D8-F0E0FD61E84C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{96F0912F-0E95-4FF9-80B6-502EB0CC4D14}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{C26FA0E3-7947-4C35-80F3-08EE68756A94}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{D0787402-FA9B-4E4E-B1F6-925F5BB37BC9}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{DD267053-B983-4229-96CD-24E283A92E79}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{FB24F6F4-C6DE-4874-988F-57E69FEE755D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0221A397-962E-6D84-F786-64E445617999}" = CCC Help English
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08CB1B3E-D42C-3ED5-7896-F8BC31839315}" = Catalyst Control Center Localization Czech
"{0A8C7880-F199-4807-ABD4-6E695B71A3D7}" = e-tax 2009
"{0C9B3E29-3B8B-295E-773B-82F3516F17DD}" = CCC Help Thai
"{0D99E1E9-D28C-6806-0820-13E10082CE7B}" = CCC Help Italian
"{0DC5B855-1CE2-9EA3-AA12-78C8939F68EF}" = Catalyst Control Center Core Implementation
"{0E2C948E-44D6-9A1C-54E7-05217E7DCC13}" = CCC Help Dutch
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B5AB0D6-4F7C-9B93-5323-9037F1E61142}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21EA2A28-3146-E63D-16EE-0BF9FA3D6F5E}" = Catalyst Control Center Localization German
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 19
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{31C97472-E522-A760-F46D-FC0648F77E9C}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40E3BE50-51A6-F8A0-DB5F-7C2698FA5E1F}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{432DC370-01EF-F2D8-34C3-27DCC9B13083}" = CCC Help Norwegian
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44151656-ECAC-99DC-1AC5-1F06A1A62939}" = Catalyst Control Center Graphics Light
"{454AB369-FABF-EB84-FBC1-CA4E8FBD3926}" = Catalyst Control Center Localization Hungarian
"{497268C1-AE62-4A1D-1129-1D03183538B0}" = Catalyst Control Center Localization Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CE6623E-C867-81B3-8B94-A4FE021782BF}" = CCC Help Portuguese
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55FE1E6B-4E8A-0F2B-5B36-8F4363A0AEBC}" = Catalyst Control Center Localization Chinese Traditional
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59DC42FB-13A7-45E1-BCC3-37CE5977951E}" = CCC Help Japanese
"{59DF97C6-3144-FA5A-4380-6B891BB44812}" = CCC Help German
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BBE3EAB-D749-0560-2C39-53DC8531CB01}" = Catalyst Control Center Localization Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{608738F2-51B4-CD53-C1CC-220363513ED7}" = CCC Help Czech
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{649C3B52-AA90-1F36-3D36-CE7F2BB1CB8C}" = Catalyst Control Center Localization Chinese Standard
"{654CABFA-4289-9EC0-F088-34BFCC84A798}" = Catalyst Control Center Localization Turkish
"{65CC9CE1-AAF1-866B-B07E-FECC0B53277E}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9DF7EE-E7B9-E4F1-204A-FE72F47231CB}" = CCC Help Finnish
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7163A2F1-2DED-9EF4-24FC-06D607D2A9C9}" = Catalyst Control Center Graphics Full New
"{731341F3-55AA-8488-A3F1-3D4C43412C87}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A929336-7D2E-C4E3-2AC9-CA80FBEB5701}" = Catalyst Control Center Localization Spanish
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C7D852-CDF6-7006-91C7-E6A54519E5D5}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E850D2A-F5E9-C322-ABFF-683C69686C13}" = Catalyst Control Center Localization Russian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{93FE0FBE-23F5-7BF4-9085-6E046D609F22}" = CCC Help Chinese Traditional
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A74BE9F1-1129-FB71-DA7B-96F5D99CA330}" = Catalyst Control Center Localization Finnish
"{A762A897-3E65-E264-5188-CBAD303064C2}" = Skins
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AB79C30D-A920-D219-B4FD-C9552A0419D3}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AD6A78C4-AD77-448D-4F9D-43AD80C8D8FF}" = Catalyst Control Center Localization French
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEE482BA-1731-499C-346D-B5F498B7DBF8}" = CCC Help Turkish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3E356C8-CEB3-467C-EA92-8FC2CA15AD51}" = Catalyst Control Center Localization Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BBD408BC-486B-9857-C805-945F8F083877}" = CCC Help Swedish
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE044C42-908B-4952-5140-E2B8FD67F267}" = CCC Help Danish
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C29D1033-0247-FFC6-7895-204ABABA0F20}" = ccc-utility
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C643EEE3-A55A-58D1-D543-ED46726288CB}" = CCC Help Greek
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D0B87CB2-8599-4975-0E50-DB2F8E6B9AE6}" = Catalyst Control Center Localization Thai
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA401137-8791-F77A-591C-F0BC3E7ED04E}" = Catalyst Control Center Localization Greek
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC9B7572-50C6-180D-916D-3E2CBD00C0C7}" = Catalyst Control Center Localization Japanese
"{DFCFF0F1-005D-E317-733D-8D19D54FBF08}" = Catalyst Control Center Localization Swedish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E748D6A5-D03D-BDE1-C094-DAE3F5BCEEF6}" = Catalyst Control Center Graphics Previews Vista
"{E8316038-8C38-52A8-9014-FD35536567E8}" = Catalyst Control Center Localization Dutch
"{E96A0335-C6EA-D11A-3A49-8586A8FED544}" = ccc-core-static
"{E9E6642B-0714-37B4-0248-D036B60F8F12}" = CCC Help Korean
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F05E0039-D2A7-198B-B79E-285395EBB5BB}" = Catalyst Control Center Localization Italian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F734CA55-0939-1F1A-A8B5-19B91B3D4B1F}" = Catalyst Control Center Localization Norwegian
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FE4C0830-A0F3-B67E-93BC-21C4B0BB0267}" = CCC Help Hungarian
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"avast5" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.2.0
"Eraser 5.3" = Eraser 5.3
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0, build 24
"FrostWire" = FrostWire 4.20.3
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NASA World Wind 1.4" = NASA World Wind 1.4
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"Optus Wireless Broadband" = Optus Wireless Broadband
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung PC Studio 7" = Samsung PC Studio 7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"USB File Transfer 1.11A" = USB File Transfer 1.11A
"Window Washer" = Window Washer
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Customizations" = Yahoo!7 Extras
"Yahoo!7 Messenger" = Yahoo!7 Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2985615183-3732258452-852954120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iTunes Agent 1.3.1" = iTunes Agent 1.3.1
"iTunes Agent 1.3.3" = iTunes Agent 1.3.3
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/04/2010 4:52:06 AM | Computer Name = Graham-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 22/04/2010 7:07:56 AM | Computer Name = Graham-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 22/04/2010 7:54:39 AM | Computer Name = Graham-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 23/04/2010 8:57:06 PM | Computer Name = Graham-PC | Source = Google Update | ID = 20
Description =

Error - 23/04/2010 11:55:31 PM | Computer Name = Graham-PC | Source = EventSystem | ID = 4609
Description =

Error - 24/04/2010 4:28:17 AM | Computer Name = Graham-PC | Source = EventSystem | ID = 4621
Description =

Error - 25/04/2010 1:57:34 AM | Computer Name = Graham-PC | Source = ESENT | ID = 490
Description = Catalog Database (1744) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for
read / write access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 25/04/2010 1:57:39 AM | Computer Name = Graham-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 25/04/2010 1:58:01 AM | Computer Name = Graham-PC | Source = ESENT | ID = 490
Description = Catalog Database (1744) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for
read / write access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 25/04/2010 1:58:01 AM | Computer Name = Graham-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

[ Media Center Events ]
Error - 9/03/2010 5:31:41 PM | Computer Name = Graham-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 3/06/2009 8:32:31 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/06/2009 8:32:42 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/06/2009 1:48:06 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/06/2009 7:30:08 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/06/2009 2:57:57 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/06/2009 2:58:59 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/06/2009 3:06:34 AM | Computer Name = Graham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/05/2010 9:24:39 AM | Computer Name = Graham-PC | Source = HTTP | ID = 15016
Description =

Error - 12/05/2010 9:25:02 AM | Computer Name = Graham-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/05/2010 9:25:02 AM | Computer Name = Graham-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/05/2010 11:19:11 AM | Computer Name = Graham-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 114.74.230.182 for the Network Card with network
address 001E101F4DA1 has been denied by the DHCP server 114.74.251.129 (The DHCP
Server sent a DHCPNACK message).

Error - 12/05/2010 11:19:11 AM | Computer Name = Graham-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 114.74.230.182
with the system having network hardware address 02-50-F3-00-00-00. Network operations
on this system may be disrupted as a result.

Error - 12/05/2010 11:44:28 AM | Computer Name = Graham-PC | Source = DCOM | ID = 10010
Description =

Error - 12/05/2010 7:14:30 PM | Computer Name = Graham-PC | Source = HTTP | ID = 15016
Description =

Error - 12/05/2010 7:15:00 PM | Computer Name = Graham-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/05/2010 7:15:00 PM | Computer Name = Graham-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 13/05/2010 8:36:03 AM | Computer Name = Graham-PC | Source = DCOM | ID = 10010
Description =

< End of report >

peku006 · May 14, 2010

Hi grubbit

We need to run an OTL Fix

Double-click OTL.exe to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code:

:OTL
FF - prefs.js..browser.search.defaulturl: "http://www.dymasearch.com/search.php?src=tops&q="
FF - prefs.js..keyword.URL: "http://www.dymasearch.com/search.php?src=tops&q="

Then click the Run Fix button at the top.
Click

.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Thanks peku006

grubbit · May 16, 2010

OTL Log

Hi Peku,
So sorry we got all this way and I accidently deleted the log file, but I have been surfing for a few days now and not one pop up or banner! Just to say a big thank you for saving my sanity.If there is a way I can retrieve it just let me know, I tried running the script again and it just says error etc

peku006 · May 16, 2010

Hi grubbit

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks peku006

grubbit · May 18, 2010

OTL File

OTL logfile created on: 18/05/2010 11:21:21 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Graham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

893.00 Mb Total Physical Memory | 184.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 33.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.02 Gb Total Space | 83.80 Gb Free Space | 59.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRAHAM-PC
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Graham\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Graham\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (STSService) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia)
DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia)
DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia)
DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d6112276-6d0b-40d1-f073-8c84a71fca15}:4.6.6.3
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 10:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 10:44:26 | 000,000,000 | ---D | M]

[2008/09/01 03:39:43 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Mozilla\Extensions
[2010/05/18 09:30:28 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions
[2009/09/03 03:43:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/05 20:30:14 | 000,002,164 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\bing.xml
[2010/04/18 13:01:30 | 000,000,254 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\ubsdp1tb.default\searchplugins\Search.xml
[2010/04/19 20:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:01:20 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{d6112276-6d0b-40d1-f073-8c84a71fca15}
[2010/03/24 22:09:45 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/24 22:09:45 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/24 22:09:45 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/24 22:09:45 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\Graham\AppData\Local\Temp\cpes_clean_launcher.exe File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [S60 PC Suite Tray] C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.0.51 61.88.88.88
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Graham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Graham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/11/28 00:03:32 | 000,004,286 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/08/25 01:04:06 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{689ce48d-5d99-11df-94c4-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{689ce48d-5d99-11df-94c4-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fafd151c-5dac-11df-9796-00a0d19c58a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fafd151c-5dac-11df-9796-00a0d19c58a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 09:22:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/13 21:05:01 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Graham\Desktop\OTL.exe
[2010/05/12 21:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2010/05/12 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\ForceField Shared Files
[2010/05/12 17:50:23 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\CheckPoint
[2010/05/12 17:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/12 17:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/05/12 16:34:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/12 16:34:33 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Local\temp
[2010/05/12 16:13:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/12 16:13:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/08 21:55:51 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/08 21:55:51 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/08 21:55:49 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/08 21:55:47 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/08 21:55:43 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/08 21:54:10 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/08 21:54:10 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/08 21:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/06 22:03:36 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/05/03 23:04:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/03 22:52:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/03 22:52:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/03 22:52:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/03 22:52:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/03 22:51:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/03 18:25:28 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/05/03 18:25:28 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/05/03 18:25:28 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010/05/03 18:25:28 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010/05/03 18:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Wireless Broadband
[2010/04/28 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/04/28 21:35:02 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/25 15:52:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Graham\Desktop\hijackthis.exe
[2010/04/25 13:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/25 13:57:26 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/25 13:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/22 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\AnyDVDHD
[2010/04/22 16:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010/04/22 16:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/04/21 23:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\AdFirewall
[2010/04/20 21:44:23 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\iTunes Agent
[2010/04/20 21:30:46 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Jaran Nilsen
[2010/04/20 21:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes Agent
[2010/04/20 18:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/04/20 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\PC Suite
[2010/04/20 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Samsung
[2010/04/20 18:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/04/20 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/04/20 17:41:29 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/04/20 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/20 17:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/04/20 08:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/19 22:40:10 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Malwarebytes
[2010/04/19 22:39:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/19 22:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/19 22:39:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/19 09:54:52 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\Monthly Quote Reports
[2010/04/18 13:59:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/11 15:19:17 | 000,000,000 | ---D | C] -- C:\Users\Graham\frost
[2010/04/11 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/04/11 15:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Incomplete
[2010/04/11 14:40:47 | 000,000,000 | ---D | C] -- C:\Users\Graham\Incomplete
[2010/04/07 22:28:12 | 000,104,768 | ---- | C] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys
[2010/04/02 05:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/22 19:00:41 | 000,000,000 | ---D | C] -- C:\Converted
[2010/03/22 18:57:04 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SndTAudio.sys
[2010/03/22 18:51:40 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\GetRightToGo
[2010/03/19 21:31:57 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\Windows\System32\ElbyCDIO.dll
[2010/03/17 07:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/03/16 22:31:08 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\Apple Computer
[2010/03/16 22:29:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/03/16 22:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/16 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/16 22:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/16 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/16 22:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/16 22:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/03/11 11:24:28 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\Stegbar Quotes
[2010/03/04 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\Rejuvenation Report
[2010/02/23 17:58:03 | 000,000,000 | ---D | C] -- C:\Users\Graham\Documents\My Scans
[2010/02/23 17:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/02/23 17:50:12 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Roaming\HP
[2010/02/23 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Graham\AppData\Local\HP
[2010/02/23 17:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/02/23 17:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/02/23 17:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/02/23 17:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/02/23 17:34:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/23 17:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/02/22 17:36:11 | 000,234,496 | ---- | C] (Canon) -- C:\Windows\System32\UCS32.DLL
[2010/02/22 17:36:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\COLOR
[2010/02/22 17:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Genesys Logic
[2010/02/18 23:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 90 Days ==========

[2010/05/18 23:28:09 | 003,670,016 | -HS- | M] () -- C:\Users\Graham\ntuser.dat
[2010/05/18 23:23:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job
[2010/05/18 23:19:53 | 000,760,648 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/18 23:19:53 | 000,650,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/18 23:19:53 | 000,124,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/18 23:12:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/18 23:03:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 23:03:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 23:03:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 11:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 09:10:39 | 000,152,576 | ---- | M] () -- C:\Users\Graham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 21:05:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Graham\Desktop\OTL.exe
[2010/05/13 20:36:22 | 000,001,356 | ---- | M] () -- C:\Users\Graham\AppData\Local\d3d9caps.dat
[2010/05/13 07:14:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 07:14:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/13 07:14:08 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 23:44:35 | 000,524,288 | -HS- | M] () -- C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 23:44:35 | 000,065,536 | -HS- | M] () -- C:\Users\Graham\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/12 23:44:30 | 003,248,858 | -H-- | M] () -- C:\Users\Graham\AppData\Local\IconCache.db
[2010/05/12 16:28:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/12 09:58:01 | 003,686,521 | R--- | M] () -- C:\Users\Graham\Desktop\ComboFix.exe
[2010/05/10 08:15:42 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 07:34:50 | 000,000,474 | ---- | M] () -- C:\Users\Graham\Documents\hijackthis.exe - Shortcut.lnk
[2010/05/08 21:55:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/07 04:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/07 04:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/07 04:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/07 04:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/07 04:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/07 04:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/07 04:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/03 18:25:34 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/04/30 08:40:14 | 000,194,835 | ---- | M] () -- C:\Users\Graham\Documents\ClientQuote.pdf
[2010/04/30 08:40:14 | 000,038,408 | ---- | M] () -- C:\Users\Graham\Documents\Terms and conditions.pdf
[2010/04/27 14:19:04 | 000,009,216 | ---- | M] () -- C:\Users\Graham\Documents\Removal List.xls
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/25 15:53:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Graham\Desktop\hijackthis.exe
[2010/04/24 16:01:07 | 000,118,744 | ---- | M] () -- C:\Users\Graham\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/24 15:47:20 | 000,420,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/22 20:47:21 | 000,022,207 | ---- | M] () -- C:\Users\Graham\AppData\Roaming\NMM-MetaData.db
[2010/04/22 19:44:41 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/04/22 10:25:44 | 000,868,342 | ---- | M] () -- C:\Users\Graham\Documents\0802-A01 REV 0.PDF
[2010/04/22 00:08:59 | 002,277,842 | ---- | M] () -- C:\Users\Graham\Documents\i8910_um_open_eng_rev10_090518.pdf
[2010/04/20 22:59:37 | 000,000,000 | ---- | M] () -- C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita
[2010/04/20 21:44:07 | 000,000,863 | ---- | M] () -- C:\Users\Graham\Desktop\iTunes Agent.lnk
[2010/04/20 18:46:01 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/04/20 18:31:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/20 08:14:16 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/19 08:59:46 | 000,016,384 | ---- | M] () -- C:\Users\Graham\Documents\Monthly Quote Report.xls
[2010/04/17 11:04:43 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/04/12 06:26:04 | 000,057,381 | ---- | M] () -- C:\Users\Graham\Documents\img-4091431-0001.pdf
[2010/04/08 08:12:32 | 000,173,481 | ---- | M] () -- C:\Users\Graham\Documents\(WGR) - Graham Rickman.PDF
[2010/04/07 22:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys
[2010/04/05 23:16:54 | 000,017,408 | ---- | M] () -- C:\Users\Graham\Documents\Monthly Quote Report March.xls
[2010/03/31 23:49:40 | 000,008,091 | ---- | M] () -- C:\Users\Graham\Documents\paypal.odt
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/20 09:29:07 | 000,612,660 | ---- | M] () -- C:\Users\Graham\Documents\1 Vodafone Bill[931811449].pdf
[2010/03/19 21:31:57 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\ElbyCDIO.dll
[2010/03/17 07:45:04 | 000,001,681 | ---- | M] () -- C:\Users\Graham\Desktop\CCleaner.lnk
[2010/03/16 22:29:45 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/03 23:23:56 | 000,019,786 | ---- | M] () -- C:\Users\Graham\Documents\Brisbane QSW Contact List.ods
[2010/03/03 22:14:17 | 000,016,286 | ---- | M] () -- C:\Users\Graham\Documents\Phone Numbers.ods
[2010/02/23 17:53:08 | 000,160,876 | ---- | M] () -- C:\Windows\hpoins44.dat
[2010/02/23 17:49:20 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/02/23 17:42:27 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/18 20:01:04 | 000,208,966 | ---- | M] () -- C:\Windows\System32\WFP.TMF
[2010/02/18 08:01:26 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SndTAudio.sys

========== Files Created - No Company Name ==========

[2010/05/12 09:57:21 | 003,686,521 | R--- | C] () -- C:\Users\Graham\Desktop\ComboFix.exe
[2010/05/10 08:15:42 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 07:34:50 | 000,000,474 | ---- | C] () -- C:\Users\Graham\Documents\hijackthis.exe - Shortcut.lnk
[2010/05/07 21:31:31 | 000,000,910 | ---- | C] () -- C:\Users\Graham\AppData\Local\log.txt.lnk
[2010/05/03 22:52:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/03 22:52:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/03 22:52:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/03 22:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/03 22:52:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/03 18:25:34 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/05/02 10:11:45 | 937,476,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/30 08:40:14 | 000,038,408 | ---- | C] () -- C:\Users\Graham\Documents\Terms and conditions.pdf
[2010/04/30 08:40:08 | 000,194,835 | ---- | C] () -- C:\Users\Graham\Documents\ClientQuote.pdf
[2010/04/27 13:20:27 | 000,009,216 | ---- | C] () -- C:\Users\Graham\Documents\Removal List.xls
[2010/04/24 15:12:14 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/04/22 16:47:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/22 10:25:39 | 000,868,342 | ---- | C] () -- C:\Users\Graham\Documents\0802-A01 REV 0.PDF
[2010/04/22 00:08:41 | 002,277,842 | ---- | C] () -- C:\Users\Graham\Documents\i8910_um_open_eng_rev10_090518.pdf
[2010/04/20 22:59:37 | 000,000,000 | ---- | C] () -- C:\Users\Graham\Documents\cfe393d2dd4b95ef3753547a6cdde755.ita
[2010/04/20 21:30:32 | 000,000,863 | ---- | C] () -- C:\Users\Graham\Desktop\iTunes Agent.lnk
[2010/04/20 19:11:16 | 000,022,207 | ---- | C] () -- C:\Users\Graham\AppData\Roaming\NMM-MetaData.db
[2010/04/20 18:31:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/20 18:06:02 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/04/19 20:49:11 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/17 11:04:42 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/04/12 06:26:01 | 000,057,381 | ---- | C] () -- C:\Users\Graham\Documents\img-4091431-0001.pdf
[2010/04/08 08:12:29 | 000,173,481 | ---- | C] () -- C:\Users\Graham\Documents\(WGR) - Graham Rickman.PDF
[2010/04/05 23:16:52 | 000,017,408 | ---- | C] () -- C:\Users\Graham\Documents\Monthly Quote Report March.xls
[2010/04/05 22:04:06 | 000,016,384 | ---- | C] () -- C:\Users\Graham\Documents\Monthly Quote Report.xls
[2010/03/31 23:49:37 | 000,008,091 | ---- | C] () -- C:\Users\Graham\Documents\paypal.odt
[2010/03/20 09:29:07 | 000,612,660 | ---- | C] () -- C:\Users\Graham\Documents\1 Vodafone Bill[931811449].pdf
[2010/03/16 22:29:45 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/03 22:14:15 | 000,016,286 | ---- | C] () -- C:\Users\Graham\Documents\Phone Numbers.ods
[2010/02/23 17:42:27 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/23 17:31:53 | 000,002,829 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/23 17:31:52 | 000,160,876 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010/02/22 17:22:03 | 000,018,690 | ---- | C] () -- C:\Windows\System32\drivers\usbhsb.sys
[2009/09/11 05:56:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/29 00:59:44 | 004,377,500 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/28 23:51:00 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/28 23:50:50 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/12/28 23:49:08 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/12/13 00:57:38 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/12/10 02:57:26 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/12/10 02:57:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/12/10 02:57:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/12/10 02:56:42 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/12/10 02:56:34 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/12/10 02:56:22 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/12/08 21:37:04 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/08 21:34:42 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/08 20:53:40 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/08 20:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/05 05:46:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/27 03:55:22 | 000,683,520 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008/11/27 02:49:10 | 000,238,080 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/08/06 06:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/06 05:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/08/06 05:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/03/29 23:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2008/03/29 23:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2008/03/29 23:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2008/03/29 23:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2008/03/29 23:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2008/03/29 23:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2008/03/29 23:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2008/03/29 23:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2008/03/29 23:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2008/03/29 23:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/02/24 02:51:47 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/24 02:51:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/24 02:51:47 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/24 02:51:47 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/03 02:28:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/13 17:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/08/24 03:32:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/24 03:29:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/24 03:29:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/24 03:29:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/24 03:29:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/24 03:29:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/24 03:29:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/24 03:13:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/24 02:30:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/24 02:29:59 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/11 01:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/12/06 04:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/07 01:53:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2005/07/23 12:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/10/13 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Canon
[2010/05/12 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\CheckPoint
[2010/04/25 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\FrostWire
[2010/04/21 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\GetRightToGo
[2009/06/21 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\gtk-2.0
[2009/07/04 07:23:15 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\iPodder
[2008/10/18 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\IrfanView
[2010/04/20 21:44:23 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\iTunes Agent
[2010/04/20 21:30:46 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Jaran Nilsen
[2008/03/31 13:19:58 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\NASA
[2010/04/20 08:24:02 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\OpenOffice.org
[2008/03/10 05:17:04 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\ParetoLogic
[2010/04/20 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\PC Suite
[2010/04/22 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Samsung
[2009/05/19 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\toshiba
[2009/01/25 14:58:13 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\Ulead Systems
[2010/02/05 06:36:56 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\uTorrent
[2008/09/09 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\Graham\AppData\Roaming\WebCompiler3
[2010/05/12 23:44:57 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/18 23:23:38 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9E5279F3-BE17-4367-92C3-115BC200846B}.job

========== Purity Check ==========

< End of report >

peku006 · May 18, 2010

Hi grubbit

dymasearch is gone at last :bigthumb:

Your log now appears to be clean. Congratulations! :yahoo:

To remove all of the tools we used and the files and folders they created do the following:

Download OTC by Old Timer and save it to your Desktop.

Double-click OTC.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore-Vista
- Click the Vista/Start icon.
- Right Click >> Computer
- Click Properties.
- Click the System Protection tab.
- Uncheck All drives
- Click Turn Off System Restore at the prompt then click Apply.
- Restart your computer.
Turn ON System Restore-Vista
- Click the Vista/Start icon
- Right Click >> Computer
- Click Properties.
- Click the System Protection tab.
- Checkmark All drives that were selected previously then click Apply.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

FireTrust SiteHound
You can find information and download it from here

MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy safe surfing! :bigthumb:

peku006

dynamet problem

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert

New member

Emeritus- Security Expert