Hi! I've got an interesting one... well, one I've not seen before...
A number of symptoms...
1. IE8 (on Vista Home Premiun) doesn't let me access Favourites, nor to download anything, the browser simply hangs.
2. Messenger sucks all the CPU until killed or will blue screen the system
3. a few virus warnings from AVG about a Trojan Horse Generic14.Zyn which I can't seem to locate on at Grisoft or on the web...
As I can't download anything from the 'do this before you post list' without getting into downloading stuff from another system and transferring, I've used the copy of HJT that was still on my system to produce the following log in the hope that it might give someone a starter on what's going on... or at least let me get some of the other tools downloaded to get a bit further. Anybody got any ideas?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:50, on 25/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1c9b378a3fd2872) (gupdate1c9b378a3fd2872) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7838 bytes
Full Version: Browser hijack (IE8)
latest...
the browser hangs I'm getting when using Favourites and trying to download are basically IE doing the same thing as Messenger - stealing CPU and gobbling up memory until it falls over... if I'm quick with task manager I can kill the processes and stop the blue screens - it's a start...
no further virus alerts... which is nice...
this evening will try and get some of the tools from the 'do this first' list downloaded elsewhere...
any other suggestions appreciated...
the browser hangs I'm getting when using Favourites and trying to download are basically IE doing the same thing as Messenger - stealing CPU and gobbling up memory until it falls over... if I'm quick with task manager I can kill the processes and stop the blue screens - it's a start...
no further virus alerts... which is nice...
this evening will try and get some of the tools from the 'do this first' list downloaded elsewhere...
any other suggestions appreciated...
Hi scotiabahn, Welcome to Piriforum Community Forums 
Step #1
Step #2
We Need to check for Rootkits with RootRepeal
Step #3
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Step #1
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Step #2
We Need to check for Rootkits with RootRepeal
- Download RootRepeal from the following location and save it to your desktop.
- Zip Mirrors (Recommended)
- Rar Mirrors - Only if you know what a RAR is and can extract it.
- Zip Mirrors (Recommended)
- Extract RootRepeal.exe from the archive.
- Open
on your desktop. - Click the
tab. - Click the
button. - Check all seven boxes:
- Push Ok
- Check the box for your main system drive (Usually C:), and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the
button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Step #3
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Thanks for your reply.
I've just tried Step #1 but I wouldn't say it ran exactly as anticipated...
OTL didn't produce the two .txt files, nor could I find any trace of them on the system...
Running OTL set off Windows Defender finding several Trojan/FakeScanti items which it's trying to deal with..
I'm also getting an 'Interactive Services Dialog Detection' from 'Windows Antivirus Pro which I've not seen before. It's asking me to upgrade and all the usual rubbish. It's not my AV software - I use AVG...
Please can you tell me whether I should retry step 1 or what I should do next?
Thanks again.
edited at 08:27 to say...
have looked into Win Anti Vir Pro and see that MalwareBytes is good for that so I'm running it now...
I've just tried Step #1 but I wouldn't say it ran exactly as anticipated...
OTL didn't produce the two .txt files, nor could I find any trace of them on the system...
Running OTL set off Windows Defender finding several Trojan/FakeScanti items which it's trying to deal with..
I'm also getting an 'Interactive Services Dialog Detection' from 'Windows Antivirus Pro which I've not seen before. It's asking me to upgrade and all the usual rubbish. It's not my AV software - I use AVG...
Please can you tell me whether I should retry step 1 or what I should do next?
Thanks again.
edited at 08:27 to say...
have looked into Win Anti Vir Pro and see that MalwareBytes is good for that so I'm running it now...
ok, this is definitely weirding me out...
now I CAN see the OTL output, after a couple of reboots...
so here are the two txt file contents, plus Malware bytes has finished so I'll put that on the end... that was real busy and found a load of junk...
OTL logfile created on: 27/08/2009 07:37:31 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\office\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.83% Memory free
3.99 Gb Paging File | 2.94 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.18 Gb Total Space | 4.68 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive D: | 126.10 Mb Total Space | 112.82 Mb Free Space | 89.48% Space Free | Partition Type: FAT
Drive E: | 35.88 Gb Total Space | 26.38 Gb Free Space | 73.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OFFICE-PC
Current User Name: office
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Users\office\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (ACDaemon [Auto | Running]) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [Auto | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9b378a3fd2872 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Stopped]) -- File not found
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (Afc [On_Demand | Running]) -- C:\Windows\System32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (dc3d [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\dc3d.sys (Microsoft Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KR10I [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NuidFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek )
DRV - (RTL8187B [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ()
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ()
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 08:22:09 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0939d944-83b5-11dd-af43-00a0d1dfb6fe}\Shell\AutoRun\command - "" = H:\menu.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\menu.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\menu.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/08/27 07:41:43 | 00,000,064 | ---- | C] () -- C:\Windows\ppp4.dat
[2009/08/27 07:41:43 | 00,000,036 | ---- | C] () -- C:\Windows\System32\sysnet.dat
[2009/08/27 07:41:43 | 00,000,002 | ---- | C] () -- C:\Windows\ppp3.dat
[2009/08/27 07:41:42 | 00,163,840 | ---- | C] () -- C:\Windows\svchast.exe
[2009/08/27 07:40:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro
[2009/08/27 07:29:42 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\office\Desktop\mbam-setup.exe
[2009/08/27 07:29:42 | 00,794,112 | ---- | C] () -- C:\Users\office\Desktop\The_Comedian.exe
[2009/08/27 07:29:42 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\office\Desktop\OTL.exe
[2009/08/27 07:29:42 | 00,464,491 | ---- | C] () -- C:\Users\office\Desktop\RootRepeal.zip
[2009/08/27 07:29:42 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\office\Desktop\TFC.exe
[2009/08/27 07:29:42 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\office\Desktop\Rooter.exe
[2009/08/26 14:58:57 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/18 11:09:50 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/18 11:09:50 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/18 11:09:49 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/18 11:09:49 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/18 11:09:48 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/18 11:09:48 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/18 11:09:48 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/18 11:09:48 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/17 08:42:07 | 00,033,792 | ---- | C] () -- C:\Users\office\Desktop\linlithgow acad ttletter-to-parents.doc
[2009/08/16 12:06:24 | 00,563,073 | ---- | C] () -- C:\Users\office\Desktop\Logmatic_ENG_27102005_LR.pdf
[2009/08/12 08:07:52 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 08:07:51 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 08:07:46 | 10,628,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 08:07:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 08:07:45 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 08:07:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 08:07:45 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 08:07:45 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 08:07:40 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 08:07:40 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/12 08:07:32 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 08:07:29 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/05 20:14:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/08/05 20:14:05 | 00,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2009/08/05 10:42:42 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/05 10:42:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/05 10:42:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/04 20:32:05 | 00,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2009/08/04 20:32:05 | 00,000,967 | ---- | C] () -- C:\Users\office\Desktop\Shortcut to virtual_garden.exe.lnk
[2009/08/04 20:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\virtual_garden
[2009/07/29 08:23:16 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/29 08:23:15 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/29 08:23:14 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/29 08:23:14 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/29 08:23:14 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/29 08:23:13 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/29 08:23:13 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/29 08:23:13 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/29 08:23:13 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/29 08:23:13 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/29 08:23:13 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/29 08:23:13 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/29 08:23:13 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/29 08:23:13 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/29 08:23:13 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/29 08:23:12 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/29 08:23:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/29 08:23:12 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/29 08:23:12 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/29 08:23:12 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/29 08:23:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/06/26 09:14:34 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/06/02 18:22:36 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/09/13 18:06:20 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/09/13 17:54:45 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/09/13 17:54:45 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/09/13 17:54:45 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/09/13 17:54:45 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/09/13 17:53:37 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/09/13 17:53:37 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/09/13 17:53:37 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/09/13 17:53:37 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/09/13 17:53:37 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/09/13 17:53:37 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/09/13 17:33:59 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/13 16:17:30 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/13 16:16:08 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/05 13:05:04 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 11:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/02/27 18:50:00 | 00,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[1 C:\Users\office\Documents\*.tmp files]
[2009/08/27 07:46:40 | 00,000,064 | ---- | M] () -- C:\Windows\ppp4.dat
[2009/08/27 07:46:40 | 00,000,002 | ---- | M] () -- C:\Windows\ppp3.dat
[2009/08/27 07:46:26 | 00,390,144 | ---- | M] () -- C:\Windows\System32\desot.exe
[2009/08/27 07:41:43 | 00,000,036 | ---- | M] () -- C:\Windows\System32\sysnet.dat
[2009/08/27 07:41:43 | 00,000,009 | ---- | M] () -- C:\Windows\System32\bennuar.old
[2009/08/27 07:41:42 | 00,163,840 | ---- | M] () -- C:\Windows\svchast.exe
[2009/08/27 07:41:39 | 00,496,128 | ---- | M] (ASC - AntiSpyware) -- C:\Windows\System32\dddesot.dll
[2009/08/27 07:41:32 | 00,001,777 | ---- | M] () -- C:\Windows Antivirus Pro.lnk
[2009/08/27 07:35:00 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/27 07:31:25 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/27 07:31:25 | 00,598,044 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/27 07:31:25 | 00,103,518 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/27 07:25:49 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/27 07:25:45 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/27 07:25:45 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/27 07:25:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/27 07:25:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/26 20:53:08 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\office\Desktop\OTL.exe
[2009/08/26 20:52:36 | 00,464,491 | ---- | M] () -- C:\Users\office\Desktop\RootRepeal.zip
[2009/08/26 20:52:30 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\office\Desktop\mbam-setup.exe
[2009/08/26 20:52:18 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\office\Desktop\Rooter.exe
[2009/08/26 20:50:36 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\office\Desktop\TFC.exe
[2009/08/26 20:50:18 | 00,794,112 | ---- | M] () -- C:\Users\office\Desktop\The_Comedian.exe
[2009/08/26 14:57:35 | 01,801,830 | -H-- | M] () -- C:\Users\office\AppData\Local\IconCache.db
[2009/08/26 13:19:02 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C23397A0-7333-4F22-B0AD-DD05E14B711C}.job
[2009/08/26 09:23:51 | 40,158,011 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/26 09:23:51 | 00,068,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/25 12:13:47 | 00,001,915 | ---- | M] () -- C:\Users\office\Desktop\HijackThis.lnk
[2009/08/24 09:53:38 | 00,000,562 | ---- | M] () -- C:\Users\office\Documents\My Sharing Folders.lnk
[2009/08/17 08:54:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/08/17 08:54:47 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/08/17 08:54:46 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/17 08:42:08 | 00,033,792 | ---- | M] () -- C:\Users\office\Desktop\linlithgow acad ttletter-to-parents.doc
[2009/08/16 12:06:24 | 00,563,073 | ---- | M] () -- C:\Users\office\Desktop\Logmatic_ENG_27102005_LR.pdf
[2009/08/07 09:34:47 | 00,001,711 | ---- | M] () -- C:\Users\office\Desktop\CCleaner.lnk
[2009/08/05 20:14:05 | 00,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2009/08/04 20:32:05 | 00,000,967 | ---- | M] () -- C:\Users\office\Desktop\Shortcut to virtual_garden.exe.lnk
[2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
========== LOP Check ==========
[2009/02/05 21:21:47 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming
[2008/06/15 16:58:33 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\ArcSoft
[2008/03/24 16:29:43 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\ATI
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\Media Center Programs
[2008/06/02 19:35:46 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\Panasonic
[2009/01/08 09:21:09 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\Toshiba
[2008/06/19 17:54:47 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\Ulead Systems
[2009/08/27 07:25:49 | 00,000,880 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/27 07:35:00 | 00,000,884 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/27 07:25:45 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/26 15:00:26 | 00,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/08/26 13:19:02 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C23397A0-7333-4F22-B0AD-DD05E14B711C}.job
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 27/08/2009 07:37:31 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\office\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.83% Memory free
3.99 Gb Paging File | 2.94 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.18 Gb Total Space | 4.68 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive D: | 126.10 Mb Total Space | 112.82 Mb Free Space | 89.48% Space Free | Partition Type: FAT
Drive E: | 35.88 Gb Total Space | 26.38 Gb Free Space | 73.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OFFICE-PC
Current User Name: office
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- C:\Windows\System32\desot.exe ()
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A0ECFCD-16D0-4D96-BF11-CFFDF7084F6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12B028DA-7E1C-4DE2-8554-7917705D2569}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EC5E606-DCE8-4DC5-9911-9D0821E4BC01}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36ACD00E-CAA8-4771-B898-0494A0D1C107}" = lport=10243 | protocol=6 | dir=in | app=system |
"{693B5D1E-65C7-4B63-9BB7-424D7B858810}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BAE20BE-E0A2-4CDA-8728-E5E067484B34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{909BDCA3-9B4F-43CA-8A8F-545AB0BEB021}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7FB5D95-79EA-440F-BEF9-2FAECDE02866}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E500BC31-4424-484D-9744-14B8E2F77E6A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3E6FB40-36E2-4E04-98A2-D277173FF8BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAD853AE-E6DF-4595-A30F-99DBD5262372}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D386F49-5DE8-4860-B71B-A6E073B63870}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15B85688-6088-4DED-9D73-6211B577C0E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25179D6C-07D6-4487-B36B-416D71376EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3258E3AD-4ED0-4A66-B3E7-24CD886474BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A5FE6B2-494D-40F5-8E07-E4F5AED9083A}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{47CC6C26-BC37-4FF8-927D-BF2CD73B1A3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4EC803AA-D435-4A9F-8EC1-4E19A51D9634}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52BB6F1B-6867-4AA8-974C-496E838D5D10}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{60B76F8C-0B64-4F22-A9E1-2639D08A8771}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{652D8749-757D-4934-83CD-7C1A62AE497E}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{69D8CFFD-F33A-45E6-A5D5-1FA6F3A49C93}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8FF26FB9-26ED-4009-B12D-3A9D37F81B5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98962811-951E-4FC1-A3E2-3879C752145E}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A33944EF-3D6D-4C8F-8E03-913CA037A49B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A39739F8-FB4E-483D-9028-8C69E6064158}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADFD0209-1CCC-44A1-9E40-5EC888A25179}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DB2FC7A3-BB24-49AD-B01A-8A2468882D7B}" = protocol=6 | dir=out | app=system |
"{DC29E8EC-347D-48C3-9924-7126A5C9AE46}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DE2CEEE4-0B64-4DE3-AD58-D48FD7361898}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E7EB3C10-C634-4129-A39B-861B7B49636B}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{EEE70D7D-57F4-41B0-B1B0-5710879D3DA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F624491A-3642-438A-96FF-6A5DB376CAB2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F9693E76-6A5C-449F-B972-96D2D7998D8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{151DC942-ED32-4FBD-AD32-7B669B3A0E86}C:\program files\gekkeiju online\gekkeiju.exe" = protocol=6 | dir=in | app=c:\program files\gekkeiju online\gekkeiju.exe |
"TCP Query User{ECF40191-B96B-41F9-B091-E367671DC260}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{721FCD4A-004B-4046-9ABA-887B12381F71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A2DF66AE-126D-4CF1-BF63-C5146B53353D}C:\program files\gekkeiju online\gekkeiju.exe" = protocol=17 | dir=in | app=c:\program files\gekkeiju online\gekkeiju.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1D643CD0-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money System Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_AccessR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_AccessR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_AccessR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"AccessR" = Microsoft Office Access 2007
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"myphotobook" = myphotobook 3.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Virtual Garden" = Virtual Garden
"Win Antivirus Pro" = Windows Antivirus Pro
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 26/08/2009 09:58:49 | Computer Name = office-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 26/08/2009 11:05:17 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26/08/2009 11:05:17 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/08/2009 01:58:18 | Computer Name = office-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:51:41 on 26/08/2009 was unexpected.
Error - 27/08/2009 01:59:07 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/08/2009 01:59:07 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/08/2009 02:01:16 | Computer Name = office-PC | Source = DCOM | ID = 10010
Description =
Error - 27/08/2009 02:25:33 | Computer Name = office-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 07:17:33 on 27/08/2009 was unexpected.
Error - 27/08/2009 02:26:47 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/08/2009 02:26:47 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Malwarebytes' Anti-Malware 1.40
Database version: 2702
Windows 6.0.6002 Service Pack 2
27/08/2009 08:33:31
mbam-log-2009-08-27 (08-33-31).txt
Scan type: Quick Scan
Objects scanned: 81676
Time elapsed: 13 minute(s), 20 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 37
Memory Processes Infected:
C:\Windows\svchast.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\Windows\System32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf5c6a80-c938-478c-bc8b-8d7b00788154} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Windows\system32\desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\svchast.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Delete on reboot.
C:\Windows\System32\desot.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\dbsinit.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Windows\System32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
and after all this, I still have my browser problems...
now I CAN see the OTL output, after a couple of reboots...
so here are the two txt file contents, plus Malware bytes has finished so I'll put that on the end... that was real busy and found a load of junk...
OTL logfile created on: 27/08/2009 07:37:31 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\office\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.83% Memory free
3.99 Gb Paging File | 2.94 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.18 Gb Total Space | 4.68 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive D: | 126.10 Mb Total Space | 112.82 Mb Free Space | 89.48% Space Free | Partition Type: FAT
Drive E: | 35.88 Gb Total Space | 26.38 Gb Free Space | 73.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OFFICE-PC
Current User Name: office
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Users\office\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (ACDaemon [Auto | Running]) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [Auto | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9b378a3fd2872 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Stopped]) -- File not found
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (Afc [On_Demand | Running]) -- C:\Windows\System32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (dc3d [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\dc3d.sys (Microsoft Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KR10I [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NuidFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek )
DRV - (RTL8187B [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ()
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ()
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 08:22:09 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0939d944-83b5-11dd-af43-00a0d1dfb6fe}\Shell\AutoRun\command - "" = H:\menu.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\menu.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\menu.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/08/27 07:41:43 | 00,000,064 | ---- | C] () -- C:\Windows\ppp4.dat
[2009/08/27 07:41:43 | 00,000,036 | ---- | C] () -- C:\Windows\System32\sysnet.dat
[2009/08/27 07:41:43 | 00,000,002 | ---- | C] () -- C:\Windows\ppp3.dat
[2009/08/27 07:41:42 | 00,163,840 | ---- | C] () -- C:\Windows\svchast.exe
[2009/08/27 07:40:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro
[2009/08/27 07:29:42 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\office\Desktop\mbam-setup.exe
[2009/08/27 07:29:42 | 00,794,112 | ---- | C] () -- C:\Users\office\Desktop\The_Comedian.exe
[2009/08/27 07:29:42 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\office\Desktop\OTL.exe
[2009/08/27 07:29:42 | 00,464,491 | ---- | C] () -- C:\Users\office\Desktop\RootRepeal.zip
[2009/08/27 07:29:42 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\office\Desktop\TFC.exe
[2009/08/27 07:29:42 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\office\Desktop\Rooter.exe
[2009/08/26 14:58:57 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/18 11:09:50 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/18 11:09:50 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/18 11:09:49 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/18 11:09:49 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/18 11:09:48 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/18 11:09:48 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/18 11:09:48 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/18 11:09:48 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/17 08:42:07 | 00,033,792 | ---- | C] () -- C:\Users\office\Desktop\linlithgow acad ttletter-to-parents.doc
[2009/08/16 12:06:24 | 00,563,073 | ---- | C] () -- C:\Users\office\Desktop\Logmatic_ENG_27102005_LR.pdf
[2009/08/12 08:07:52 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 08:07:51 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 08:07:46 | 10,628,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 08:07:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 08:07:45 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 08:07:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 08:07:45 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 08:07:45 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 08:07:40 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 08:07:40 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/12 08:07:32 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 08:07:29 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/05 20:14:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/08/05 20:14:05 | 00,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2009/08/05 10:42:42 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/05 10:42:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/05 10:42:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/04 20:32:05 | 00,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2009/08/04 20:32:05 | 00,000,967 | ---- | C] () -- C:\Users\office\Desktop\Shortcut to virtual_garden.exe.lnk
[2009/08/04 20:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\virtual_garden
[2009/07/29 08:23:16 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/29 08:23:15 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/29 08:23:14 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/29 08:23:14 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/29 08:23:14 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/29 08:23:13 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/29 08:23:13 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/29 08:23:13 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/29 08:23:13 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/29 08:23:13 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/29 08:23:13 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/29 08:23:13 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/29 08:23:13 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/29 08:23:13 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/29 08:23:13 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/29 08:23:12 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/29 08:23:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/29 08:23:12 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/29 08:23:12 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/29 08:23:12 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/29 08:23:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/06/26 09:14:34 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/06/02 18:22:36 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/09/13 18:06:20 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/09/13 17:54:45 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/09/13 17:54:45 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/09/13 17:54:45 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/09/13 17:54:45 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/09/13 17:53:37 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/09/13 17:53:37 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/09/13 17:53:37 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/09/13 17:53:37 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/09/13 17:53:37 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/09/13 17:53:37 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/09/13 17:33:59 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/13 16:17:30 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/13 16:16:08 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/05 13:05:04 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 11:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/02/27 18:50:00 | 00,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[1 C:\Users\office\Documents\*.tmp files]
[2009/08/27 07:46:40 | 00,000,064 | ---- | M] () -- C:\Windows\ppp4.dat
[2009/08/27 07:46:40 | 00,000,002 | ---- | M] () -- C:\Windows\ppp3.dat
[2009/08/27 07:46:26 | 00,390,144 | ---- | M] () -- C:\Windows\System32\desot.exe
[2009/08/27 07:41:43 | 00,000,036 | ---- | M] () -- C:\Windows\System32\sysnet.dat
[2009/08/27 07:41:43 | 00,000,009 | ---- | M] () -- C:\Windows\System32\bennuar.old
[2009/08/27 07:41:42 | 00,163,840 | ---- | M] () -- C:\Windows\svchast.exe
[2009/08/27 07:41:39 | 00,496,128 | ---- | M] (ASC - AntiSpyware) -- C:\Windows\System32\dddesot.dll
[2009/08/27 07:41:32 | 00,001,777 | ---- | M] () -- C:\Windows Antivirus Pro.lnk
[2009/08/27 07:35:00 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/27 07:31:25 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/27 07:31:25 | 00,598,044 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/27 07:31:25 | 00,103,518 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/27 07:25:49 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/27 07:25:45 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/27 07:25:45 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/27 07:25:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/27 07:25:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/26 20:53:08 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\office\Desktop\OTL.exe
[2009/08/26 20:52:36 | 00,464,491 | ---- | M] () -- C:\Users\office\Desktop\RootRepeal.zip
[2009/08/26 20:52:30 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\office\Desktop\mbam-setup.exe
[2009/08/26 20:52:18 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\office\Desktop\Rooter.exe
[2009/08/26 20:50:36 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\office\Desktop\TFC.exe
[2009/08/26 20:50:18 | 00,794,112 | ---- | M] () -- C:\Users\office\Desktop\The_Comedian.exe
[2009/08/26 14:57:35 | 01,801,830 | -H-- | M] () -- C:\Users\office\AppData\Local\IconCache.db
[2009/08/26 13:19:02 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C23397A0-7333-4F22-B0AD-DD05E14B711C}.job
[2009/08/26 09:23:51 | 40,158,011 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/26 09:23:51 | 00,068,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/25 12:13:47 | 00,001,915 | ---- | M] () -- C:\Users\office\Desktop\HijackThis.lnk
[2009/08/24 09:53:38 | 00,000,562 | ---- | M] () -- C:\Users\office\Documents\My Sharing Folders.lnk
[2009/08/17 08:54:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/08/17 08:54:47 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/08/17 08:54:46 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/17 08:42:08 | 00,033,792 | ---- | M] () -- C:\Users\office\Desktop\linlithgow acad ttletter-to-parents.doc
[2009/08/16 12:06:24 | 00,563,073 | ---- | M] () -- C:\Users\office\Desktop\Logmatic_ENG_27102005_LR.pdf
[2009/08/07 09:34:47 | 00,001,711 | ---- | M] () -- C:\Users\office\Desktop\CCleaner.lnk
[2009/08/05 20:14:05 | 00,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2009/08/04 20:32:05 | 00,000,967 | ---- | M] () -- C:\Users\office\Desktop\Shortcut to virtual_garden.exe.lnk
[2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
========== LOP Check ==========
[2009/02/05 21:21:47 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming
[2008/06/15 16:58:33 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\ArcSoft
[2008/03/24 16:29:43 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\ATI
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\Media Center Programs
[2008/06/02 19:35:46 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\Panasonic
[2009/01/08 09:21:09 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\Toshiba
[2008/06/19 17:54:47 | 00,000,000 | ---D | M] -- C:\Users\office\AppData\Roaming\Ulead Systems
[2009/08/27 07:25:49 | 00,000,880 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/27 07:35:00 | 00,000,884 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/27 07:25:45 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/26 15:00:26 | 00,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/08/26 13:19:02 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C23397A0-7333-4F22-B0AD-DD05E14B711C}.job
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 27/08/2009 07:37:31 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\office\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.83% Memory free
3.99 Gb Paging File | 2.94 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.18 Gb Total Space | 4.68 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive D: | 126.10 Mb Total Space | 112.82 Mb Free Space | 89.48% Space Free | Partition Type: FAT
Drive E: | 35.88 Gb Total Space | 26.38 Gb Free Space | 73.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OFFICE-PC
Current User Name: office
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- C:\Windows\System32\desot.exe ()
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A0ECFCD-16D0-4D96-BF11-CFFDF7084F6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12B028DA-7E1C-4DE2-8554-7917705D2569}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EC5E606-DCE8-4DC5-9911-9D0821E4BC01}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36ACD00E-CAA8-4771-B898-0494A0D1C107}" = lport=10243 | protocol=6 | dir=in | app=system |
"{693B5D1E-65C7-4B63-9BB7-424D7B858810}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BAE20BE-E0A2-4CDA-8728-E5E067484B34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{909BDCA3-9B4F-43CA-8A8F-545AB0BEB021}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7FB5D95-79EA-440F-BEF9-2FAECDE02866}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E500BC31-4424-484D-9744-14B8E2F77E6A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3E6FB40-36E2-4E04-98A2-D277173FF8BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAD853AE-E6DF-4595-A30F-99DBD5262372}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D386F49-5DE8-4860-B71B-A6E073B63870}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15B85688-6088-4DED-9D73-6211B577C0E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25179D6C-07D6-4487-B36B-416D71376EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3258E3AD-4ED0-4A66-B3E7-24CD886474BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A5FE6B2-494D-40F5-8E07-E4F5AED9083A}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{47CC6C26-BC37-4FF8-927D-BF2CD73B1A3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4EC803AA-D435-4A9F-8EC1-4E19A51D9634}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52BB6F1B-6867-4AA8-974C-496E838D5D10}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{60B76F8C-0B64-4F22-A9E1-2639D08A8771}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{652D8749-757D-4934-83CD-7C1A62AE497E}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{69D8CFFD-F33A-45E6-A5D5-1FA6F3A49C93}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8FF26FB9-26ED-4009-B12D-3A9D37F81B5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98962811-951E-4FC1-A3E2-3879C752145E}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A33944EF-3D6D-4C8F-8E03-913CA037A49B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A39739F8-FB4E-483D-9028-8C69E6064158}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADFD0209-1CCC-44A1-9E40-5EC888A25179}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DB2FC7A3-BB24-49AD-B01A-8A2468882D7B}" = protocol=6 | dir=out | app=system |
"{DC29E8EC-347D-48C3-9924-7126A5C9AE46}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DE2CEEE4-0B64-4DE3-AD58-D48FD7361898}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E7EB3C10-C634-4129-A39B-861B7B49636B}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{EEE70D7D-57F4-41B0-B1B0-5710879D3DA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F624491A-3642-438A-96FF-6A5DB376CAB2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F9693E76-6A5C-449F-B972-96D2D7998D8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{151DC942-ED32-4FBD-AD32-7B669B3A0E86}C:\program files\gekkeiju online\gekkeiju.exe" = protocol=6 | dir=in | app=c:\program files\gekkeiju online\gekkeiju.exe |
"TCP Query User{ECF40191-B96B-41F9-B091-E367671DC260}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{721FCD4A-004B-4046-9ABA-887B12381F71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A2DF66AE-126D-4CF1-BF63-C5146B53353D}C:\program files\gekkeiju online\gekkeiju.exe" = protocol=17 | dir=in | app=c:\program files\gekkeiju online\gekkeiju.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1D643CD0-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money System Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_AccessR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_AccessR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_AccessR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"AccessR" = Microsoft Office Access 2007
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"myphotobook" = myphotobook 3.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Virtual Garden" = Virtual Garden
"Win Antivirus Pro" = Windows Antivirus Pro
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 12/08/2009 05:24:50 | Computer Name = office-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 26/08/2009 09:58:49 | Computer Name = office-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 26/08/2009 11:05:17 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26/08/2009 11:05:17 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/08/2009 01:58:18 | Computer Name = office-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:51:41 on 26/08/2009 was unexpected.
Error - 27/08/2009 01:59:07 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/08/2009 01:59:07 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/08/2009 02:01:16 | Computer Name = office-PC | Source = DCOM | ID = 10010
Description =
Error - 27/08/2009 02:25:33 | Computer Name = office-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 07:17:33 on 27/08/2009 was unexpected.
Error - 27/08/2009 02:26:47 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/08/2009 02:26:47 | Computer Name = office-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Malwarebytes' Anti-Malware 1.40
Database version: 2702
Windows 6.0.6002 Service Pack 2
27/08/2009 08:33:31
mbam-log-2009-08-27 (08-33-31).txt
Scan type: Quick Scan
Objects scanned: 81676
Time elapsed: 13 minute(s), 20 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 37
Memory Processes Infected:
C:\Windows\svchast.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\Windows\System32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf5c6a80-c938-478c-bc8b-8d7b00788154} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Windows\system32\desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\svchast.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Delete on reboot.
C:\Windows\System32\desot.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\dbsinit.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Windows\System32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
and after all this, I still have my browser problems...
Run OTL.exe
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Under the Custom Scans/Fixes box at the bottom, paste in the followingCODE:OTL
O33 - MountPoints2\{0939d944-83b5-11dd-af43-00a0d1dfb6fe}\Shell\AutoRun\command - "" = H:\menu.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\menu.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\menu.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\menu.exe -- File not found
:Files
C:\Program Files\Windows Antivirus Pro
C:\Windows\ppp4.dat
C:\Windows\System32\sysnet.dat
C:\Windows\ppp3.dat
C:\Windows\svchast.exe
C:\Windows\System32\dddesot.dll
C:\Windows Antivirus Pro.lnk
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Step 1 - run OTL as requested...
here's the log...
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939d944-83b5-11dd-af43-00a0d1dfb6fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939d944-83b5-11dd-af43-00a0d1dfb6fe}\ not found.
File H:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
File D:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File G:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File H:\menu.exe not found.
========== FILES ==========
File\Folder C:\Program Files\Windows Antivirus Pro not found.
File\Folder C:\Windows\ppp4.dat not found.
File\Folder C:\Windows\System32\sysnet.dat not found.
File\Folder C:\Windows\ppp3.dat not found.
File\Folder C:\Windows\svchast.exe not found.
File\Folder C:\Windows\System32\dddesot.dll not found.
C:\Windows Antivirus Pro.lnk moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: office
->Temp folder emptied: 5594551 bytes
->Temporary Internet Files folder emptied: 36314003 bytes
->Java cache emptied: 32615790 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 71.10 mb
OTL by OldTimer - Version 3.0.10.7 log created on 08282009_161418
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Now for Combofix - have transferred it from another machine as I still can't download... not even the latest CCleaner update!!!
here's the log...
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939d944-83b5-11dd-af43-00a0d1dfb6fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939d944-83b5-11dd-af43-00a0d1dfb6fe}\ not found.
File H:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
File D:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File G:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File H:\menu.exe not found.
========== FILES ==========
File\Folder C:\Program Files\Windows Antivirus Pro not found.
File\Folder C:\Windows\ppp4.dat not found.
File\Folder C:\Windows\System32\sysnet.dat not found.
File\Folder C:\Windows\ppp3.dat not found.
File\Folder C:\Windows\svchast.exe not found.
File\Folder C:\Windows\System32\dddesot.dll not found.
C:\Windows Antivirus Pro.lnk moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: office
->Temp folder emptied: 5594551 bytes
->Temporary Internet Files folder emptied: 36314003 bytes
->Java cache emptied: 32615790 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 71.10 mb
OTL by OldTimer - Version 3.0.10.7 log created on 08282009_161418
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Now for Combofix - have transferred it from another machine as I still can't download... not even the latest CCleaner update!!!
Her's the Combofix log...
ComboFix 09-08-27.A3 - office 28/08/2009 16:44.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1225 [GMT 1:00]
Running from: c:\users\office\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1240818376-169580293-2758165429-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\Installer\85378c.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\kbiwkmonprwcpj.sys
c:\windows\system32\kbiwkmcjxpswxx.dll
c:\windows\system32\kbiwkmrevosqbp.dat
c:\windows\system32\kbiwkmwarbuorx.dll
c:\windows\system32\kbiwkmxgtncfcf.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kbiwkmdyefmmwf
-------\Legacy_kbiwkmdyefmmwf
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-28 15:55 . 2009-08-28 15:59 -------- d-----w- c:\users\office\AppData\Local\temp
2009-08-28 15:55 . 2009-08-28 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-28 15:14 . 2009-08-28 15:14 -------- d-----w- C:\_OTL
2009-08-28 09:17 . 2009-08-28 09:17 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-28 09:17 . 2009-08-28 09:17 -------- d-----w- c:\users\office\Office Genuine Advantage
2009-08-27 07:17 . 2009-08-27 07:17 -------- d-----w- c:\users\office\AppData\Roaming\Malwarebytes
2009-08-27 07:17 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-27 07:17 . 2009-08-27 07:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-27 07:17 . 2009-08-27 07:17 -------- d-----w- c:\programdata\Malwarebytes
2009-08-27 07:17 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 06:41 . 2009-08-27 06:41 -------- d-----w- C:\Windows Antivirus Pro
2009-08-26 15:12 . 2009-06-05 09:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 15:12 . 2009-06-05 09:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 13:58 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-18 10:09 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-18 10:09 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-18 10:09 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-18 10:09 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-18 10:09 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-18 10:09 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-18 10:09 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-18 10:09 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-12 07:07 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 07:07 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 07:07 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 07:07 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 07:07 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 07:07 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 07:07 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 07:07 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-04 19:32 . 1999-12-17 10:13 86016 ----a-w- c:\windows\unvise32.exe
2009-08-04 19:32 . 2009-08-04 19:32 -------- d---a-w- c:\program files\virtual_garden
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 07:54 . 2008-04-27 10:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 07:54 . 2008-03-27 18:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 07:54 . 2008-04-27 10:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-12 18:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-05 19:13 . 2008-04-05 10:45 -------- d-----w- c:\program files\Google
2009-08-05 09:42 . 2007-09-13 16:27 -------- d-----w- c:\program files\Java
2009-08-04 19:32 . 2009-08-04 19:32 22884 ----a-w- c:\program files\uninstal.log
2009-07-25 04:23 . 2008-12-06 18:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 07:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-26 09:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-15 14:53 . 2009-07-15 18:17 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 18:17 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 18:17 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 18:17 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 18:17 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 04:52 . 2009-06-10 04:52 347648 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(
:68,93,1a,7e,42,f6,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADFD0209-1CCC-44A1-9E40-5EC888A25179}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC29E8EC-347D-48C3-9924-7126A5C9AE46}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{ECF40191-B96B-41F9-B091-E367671DC260}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{721FCD4A-004B-4046-9ABA-887B12381F71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DE2CEEE4-0B64-4DE3-AD58-D48FD7361898}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{52BB6F1B-6867-4AA8-974C-496E838D5D10}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{3A5FE6B2-494D-40F5-8E07-E4F5AED9083A}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{652D8749-757D-4934-83CD-7C1A62AE497E}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{98962811-951E-4FC1-A3E2-3879C752145E}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E7EB3C10-C634-4129-A39B-861B7B49636B}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{151DC942-ED32-4FBD-AD32-7B669B3A0E86}c:\\program files\\gekkeiju online\\gekkeiju.exe"= UDP:c:\program files\gekkeiju online\gekkeiju.exe:Gekkeiju
"UDP Query User{A2DF66AE-126D-4CF1-BF63-C5146B53353D}c:\\program files\\gekkeiju online\\gekkeiju.exe"= TCP:c:\program files\gekkeiju online\gekkeiju.exe:Gekkeiju
"{69D8CFFD-F33A-45E6-A5D5-1FA6F3A49C93}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60B76F8C-0B64-4F22-A9E1-2639D08A8771}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27/04/2008 11:29 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/02/2009 07:59 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29/02/2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29/02/2008 16:03 51440]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27/04/2008 11:29 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/04/2008 11:29 297752]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [13/09/2007 17:45 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [10/06/2009 05:52 347648]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 16:51 4096]
S2 gupdate1c9b378a3fd2872;Google Update Service (gupdate1c9b378a3fd2872);c:\program files\Google\Update\GoogleUpdate.exe [02/04/2009 10:51 133104]
S3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [15/01/2009 10:15 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 09:51]
2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 09:51]
2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{C23397A0-7333-4F22-B0AD-DD05E14B711C}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 16:58
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-08-28 17:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 16:06
Pre-Run: 4,460,056,576 bytes free
Post-Run: 4,097,110,016 bytes free
233 --- E O F --- 2009-08-28 06:20
By the looks of it, that seems to have sorted it. I can now use Favourites... I can now download files... MS Messenger seems to be back to normal...
Many thanks!!!
ComboFix 09-08-27.A3 - office 28/08/2009 16:44.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1225 [GMT 1:00]
Running from: c:\users\office\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1240818376-169580293-2758165429-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\Installer\85378c.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\kbiwkmonprwcpj.sys
c:\windows\system32\kbiwkmcjxpswxx.dll
c:\windows\system32\kbiwkmrevosqbp.dat
c:\windows\system32\kbiwkmwarbuorx.dll
c:\windows\system32\kbiwkmxgtncfcf.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kbiwkmdyefmmwf
-------\Legacy_kbiwkmdyefmmwf
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-28 15:55 . 2009-08-28 15:59 -------- d-----w- c:\users\office\AppData\Local\temp
2009-08-28 15:55 . 2009-08-28 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-28 15:14 . 2009-08-28 15:14 -------- d-----w- C:\_OTL
2009-08-28 09:17 . 2009-08-28 09:17 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-28 09:17 . 2009-08-28 09:17 -------- d-----w- c:\users\office\Office Genuine Advantage
2009-08-27 07:17 . 2009-08-27 07:17 -------- d-----w- c:\users\office\AppData\Roaming\Malwarebytes
2009-08-27 07:17 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-27 07:17 . 2009-08-27 07:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-27 07:17 . 2009-08-27 07:17 -------- d-----w- c:\programdata\Malwarebytes
2009-08-27 07:17 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 06:41 . 2009-08-27 06:41 -------- d-----w- C:\Windows Antivirus Pro
2009-08-26 15:12 . 2009-06-05 09:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 15:12 . 2009-06-05 09:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 13:58 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-18 10:09 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-18 10:09 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-18 10:09 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-18 10:09 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-18 10:09 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-18 10:09 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-18 10:09 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-18 10:09 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-12 07:07 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 07:07 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 07:07 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 07:07 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 07:07 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 07:07 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 07:07 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 07:07 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-04 19:32 . 1999-12-17 10:13 86016 ----a-w- c:\windows\unvise32.exe
2009-08-04 19:32 . 2009-08-04 19:32 -------- d---a-w- c:\program files\virtual_garden
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 07:54 . 2008-04-27 10:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 07:54 . 2008-03-27 18:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 07:54 . 2008-04-27 10:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-12 18:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-05 19:13 . 2008-04-05 10:45 -------- d-----w- c:\program files\Google
2009-08-05 09:42 . 2007-09-13 16:27 -------- d-----w- c:\program files\Java
2009-08-04 19:32 . 2009-08-04 19:32 22884 ----a-w- c:\program files\uninstal.log
2009-07-25 04:23 . 2008-12-06 18:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 07:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-26 09:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-15 14:53 . 2009-07-15 18:17 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 18:17 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 18:17 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 18:17 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 18:17 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 04:52 . 2009-06-10 04:52 347648 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(
:68,93,1a,7e,42,f6,c9,01[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADFD0209-1CCC-44A1-9E40-5EC888A25179}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC29E8EC-347D-48C3-9924-7126A5C9AE46}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{ECF40191-B96B-41F9-B091-E367671DC260}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{721FCD4A-004B-4046-9ABA-887B12381F71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DE2CEEE4-0B64-4DE3-AD58-D48FD7361898}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{52BB6F1B-6867-4AA8-974C-496E838D5D10}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{3A5FE6B2-494D-40F5-8E07-E4F5AED9083A}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{652D8749-757D-4934-83CD-7C1A62AE497E}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{98962811-951E-4FC1-A3E2-3879C752145E}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E7EB3C10-C634-4129-A39B-861B7B49636B}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{151DC942-ED32-4FBD-AD32-7B669B3A0E86}c:\\program files\\gekkeiju online\\gekkeiju.exe"= UDP:c:\program files\gekkeiju online\gekkeiju.exe:Gekkeiju
"UDP Query User{A2DF66AE-126D-4CF1-BF63-C5146B53353D}c:\\program files\\gekkeiju online\\gekkeiju.exe"= TCP:c:\program files\gekkeiju online\gekkeiju.exe:Gekkeiju
"{69D8CFFD-F33A-45E6-A5D5-1FA6F3A49C93}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60B76F8C-0B64-4F22-A9E1-2639D08A8771}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27/04/2008 11:29 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/02/2009 07:59 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29/02/2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29/02/2008 16:03 51440]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27/04/2008 11:29 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/04/2008 11:29 297752]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [13/09/2007 17:45 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [10/06/2009 05:52 347648]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 16:51 4096]
S2 gupdate1c9b378a3fd2872;Google Update Service (gupdate1c9b378a3fd2872);c:\program files\Google\Update\GoogleUpdate.exe [02/04/2009 10:51 133104]
S3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [15/01/2009 10:15 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 09:51]
2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 09:51]
2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{C23397A0-7333-4F22-B0AD-DD05E14B711C}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 16:58
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-08-28 17:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 16:06
Pre-Run: 4,460,056,576 bytes free
Post-Run: 4,097,110,016 bytes free
233 --- E O F --- 2009-08-28 06:20
By the looks of it, that seems to have sorted it. I can now use Favourites... I can now download files... MS Messenger seems to be back to normal...
Many thanks!!!
You're welcome, glad to hear things are better.
I would like to see a few more scans to make sure you are clean:
Run ESET Online Scan
I would like to see a few more scans to make sure you are clean:
Run ESET Online Scan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop. - Double click on the
icon on your desktop.
- Click on
- Check
- Click the
button. - Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. - Push the
button. - Push
- Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
ESETscan log as requested...
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Users\office\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\31ED4731-00000E54.eml Win32/Bagle.gen.zip worm contained infected files
C:\Users\Public\Downloads\oe saves\Inbox.dbx Win32/Bagle.gen.zip worm unable to clean
log.txt from RSIT...
Logfile of random's system information tool 1.06 (written by random/random)
Run by office at 2009-08-30 19:37:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 4 GB (11%) free of 38 GB
Total RAM: 1917 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:40, on 30/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Games\Chess\Chess.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\office\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\office.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1c9b378a3fd2872) (gupdate1c9b378a3fd2872) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7628 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{C23397A0-7333-4F22-B0AD-DD05E14B711C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-15 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"NDSTray.exe"=NDSTray.exe []
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-04-03 509496]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-17 2007832]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-02-29 1481968]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-08-30 19:37:23 ----D---- C:\rsit
2009-08-30 17:39:53 ----D---- C:\Program Files\ESET
2009-08-28 17:06:48 ----D---- C:\Windows\temp
2009-08-28 17:06:46 ----A---- C:\ComboFix.txt
2009-08-28 16:58:28 ----SHD---- C:\$RECYCLE.BIN
2009-08-28 16:30:01 ----A---- C:\Windows\zip.exe
2009-08-28 16:30:01 ----A---- C:\Windows\SWXCACLS.exe
2009-08-28 16:30:01 ----A---- C:\Windows\SWSC.exe
2009-08-28 16:30:01 ----A---- C:\Windows\SWREG.exe
2009-08-28 16:30:01 ----A---- C:\Windows\sed.exe
2009-08-28 16:30:01 ----A---- C:\Windows\PEV.exe
2009-08-28 16:30:01 ----A---- C:\Windows\NIRCMD.exe
2009-08-28 16:30:01 ----A---- C:\Windows\grep.exe
2009-08-28 16:29:45 ----D---- C:\Windows\ERDNT
2009-08-28 16:25:13 ----D---- C:\Qoobox
2009-08-28 16:14:18 ----D---- C:\_OTL
2009-08-28 10:17:24 ----D---- C:\ProgramData\Office Genuine Advantage
2009-08-27 08:17:32 ----D---- C:\Users\office\AppData\Roaming\Malwarebytes
2009-08-27 08:17:24 ----D---- C:\ProgramData\Malwarebytes
2009-08-27 08:17:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-27 07:41:20 ----D---- C:\Windows Antivirus Pro
2009-08-26 16:12:24 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-26 16:12:08 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-26 14:58:57 ----A---- C:\Windows\system32\tzres.dll
2009-08-18 11:09:50 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-18 11:09:50 ----A---- C:\Windows\system32\kerberos.dll
2009-08-18 11:09:49 ----A---- C:\Windows\system32\wdigest.dll
2009-08-18 11:09:49 ----A---- C:\Windows\system32\schannel.dll
2009-08-18 11:09:48 ----A---- C:\Windows\system32\secur32.dll
2009-08-18 11:09:48 ----A---- C:\Windows\system32\lsass.exe
2009-08-18 11:09:48 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-12 08:07:52 ----A---- C:\Windows\system32\atl.dll
2009-08-12 08:07:51 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 08:07:46 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 08:07:45 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 08:07:45 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 08:07:45 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 08:07:45 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 08:07:32 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 08:07:29 ----A---- C:\Windows\system32\mstscax.dll
2009-08-05 20:14:58 ----D---- C:\ProgramData\Google
2009-08-05 10:42:42 ----A---- C:\Windows\system32\javaws.exe
2009-08-05 10:42:42 ----A---- C:\Windows\system32\javaw.exe
2009-08-05 10:42:42 ----A---- C:\Windows\system32\java.exe
2009-08-04 20:32:05 ----A---- C:\Windows\unvise32.exe
2009-08-04 20:32:00 ----AD---- C:\Program Files\virtual_garden
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAEXEC.exe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGACheckControl.dll
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAAddin.dll
======List of files/folders modified in the last 1 months======
2009-08-30 17:39:54 ----SD---- C:\Windows\Downloaded Program Files
2009-08-30 17:39:53 ----RD---- C:\Program Files
2009-08-30 17:28:36 ----SHD---- C:\System Volume Information
2009-08-30 17:24:51 ----D---- C:\Windows\Prefetch
2009-08-30 17:24:50 ----D---- C:\Windows
2009-08-30 12:26:41 ----D---- C:\Windows\System32
2009-08-30 12:26:41 ----D---- C:\Windows\inf
2009-08-30 12:26:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-28 17:06:49 ----D---- C:\Windows\system32\en-US
2009-08-28 17:06:49 ----D---- C:\Windows\system32\drivers
2009-08-28 16:58:53 ----A---- C:\Windows\system.ini
2009-08-28 16:56:26 ----SHD---- C:\Boot
2009-08-28 16:56:26 ----D---- C:\Windows\system32\config
2009-08-28 16:55:21 ----SHD---- C:\Windows\Installer
2009-08-28 16:52:47 ----D---- C:\Windows\AppPatch
2009-08-28 16:52:44 ----D---- C:\Program Files\Common Files
2009-08-28 10:17:24 ----HD---- C:\ProgramData
2009-08-28 07:20:13 ----D---- C:\Windows\system32\zh-TW
2009-08-28 07:20:13 ----D---- C:\Windows\system32\zh-HK
2009-08-28 07:20:13 ----D---- C:\Windows\system32\tr-TR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\sv-SE
2009-08-28 07:20:13 ----D---- C:\Windows\system32\pt-BR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\nl-NL
2009-08-28 07:20:13 ----D---- C:\Windows\system32\nb-NO
2009-08-28 07:20:13 ----D---- C:\Windows\system32\ko-KR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\it-IT
2009-08-28 07:20:13 ----D---- C:\Windows\system32\he-IL
2009-08-28 07:20:13 ----D---- C:\Windows\system32\fr-FR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\fi-FI
2009-08-28 07:20:13 ----D---- C:\Windows\system32\es-ES
2009-08-28 07:20:13 ----D---- C:\Windows\system32\el-GR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\de-DE
2009-08-28 07:20:13 ----D---- C:\Windows\system32\da-DK
2009-08-28 07:20:13 ----D---- C:\Windows\system32\ar-SA
2009-08-27 13:39:38 ----D---- C:\Windows\Minidump
2009-08-27 11:02:08 ----HD---- C:\$AVG8.VAULT$
2009-08-27 10:55:02 ----D---- C:\Windows\system32\catroot2
2009-08-27 09:08:32 ----D---- C:\Windows\winsxs
2009-08-26 16:23:39 ----D---- C:\Windows\rescache
2009-08-26 14:59:53 ----D---- C:\Windows\system32\catroot
2009-08-26 13:58:34 ----D---- C:\Program Files\Internet Explorer
2009-08-25 17:18:11 ----SD---- C:\ProgramData\Microsoft
2009-08-25 16:28:44 ----D---- C:\Windows\Tasks
2009-08-25 16:28:44 ----D---- C:\Windows\system32\Tasks
2009-08-25 16:28:43 ----D---- C:\Windows\system32\wbem
2009-08-25 16:28:43 ----D---- C:\Windows\system32\spool
2009-08-25 16:28:43 ----D---- C:\Windows\system32\Msdtc
2009-08-25 16:28:43 ----D---- C:\Windows\registration
2009-08-25 09:47:27 ----RSD---- C:\Windows\assembly
2009-08-17 08:54:47 ----A---- C:\Windows\system32\avgrsstx.dll
2009-08-13 09:34:23 ----D---- C:\Windows\Debug
2009-08-13 07:57:07 ----D---- C:\Program Files\Windows Media Player
2009-08-12 19:00:11 ----D---- C:\Program Files\Windows Mail
2009-08-05 20:17:51 ----D---- C:\Users\office\AppData\Roaming\Google
2009-08-05 20:13:44 ----D---- C:\Program Files\Google
2009-08-05 10:42:39 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 51440]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 2929664]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-05-25 164864]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-27 610304]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-17 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-08-01 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 gupdate1c9b378a3fd2872;Google Update Service (gupdate1c9b378a3fd2872); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info.txt from RSIT....
info.txt logfile of random's system information tool 1.06 2009-08-30 19:37:47
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\Setup.exe" -l0x9
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe-->"C:\Program Files\MSN Games\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Bejeweled 2 Deluxe\install.log"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
Cradle of Rome-->"C:\Program Files\Virgin Media Games\Cradle of Rome\Uninstall.exe" "C:\Program Files\Virgin Media Games\Cradle of Rome\install.log"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Free CD to MP3 Converter-->C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IKEA Home Planner-->MsiExec.exe /I{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Money System Pack-->MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Money-->MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ACCESSR /dll OSETUP.DLL
Microsoft Office Access 2007-->MsiExec.exe /X{91120000-0015-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Driver Installation 3.4.0-->MsiExec.exe /I{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x0009 -z"Uninstall" -removeonly
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe -uninst -l0x9
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
SimCity 4 Deluxe-->E:\simcity4\EAUninstall.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}\setup.exe" -l0x9
TOSHIBA Manuals-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F4F4815-76AD-4B26-8763-72F3344041C2}\setup.exe" -l0x9 -removeonly
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Virtual Garden-->C:\Windows\unvise32.exe C:\Program Files\uninstal.log
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
=====HijackThis Backups=====
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-03-12]
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) [2009-03-12]
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) [2009-03-12]
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) [2009-03-12]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-03-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-12]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-12]
O13 - Gopher Prefix: [2009-03-12]
O1 - Hosts: ::1 localhost [2009-03-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-08-25]
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) [2009-08-25]
======Security center information======
AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware
======System event log======
Computer Name: office-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 110140
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090319065619.491610-000
Event Type: Error
User:
Computer Name: office-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 110128
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090318201932.278000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: office-PC
Event Code: 10010
Message: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Record Number: 110089
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090318201919.000000-000
Event Type: Error
User:
Computer Name: office-PC
Event Code: 43033
Message: Edid checksum error
Record Number: 110075
Source Name: atikmdag
Time Written: 20090318150302.912959-000
Event Type: Error
User:
Computer Name: office-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Bus/Interconnect Error
Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 3
Transaction Type: N/A
Processor Participation: Local node responded to the request
Request Type: 12
Memory/Io: Memory
Memory Hierarchy Level: Generic
Timeout: Yes
Record Number: 110064
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20090318135322.538959-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
=====Application event log=====
Computer Name: office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-453005111-129219787-228039054-1000_Classes:
Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000_CLASSES
Process 2036 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Record Number: 4224
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080516121827.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-453005111-129219787-228039054-1000:
Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000
Record Number: 4223
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080516121826.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: office-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 4168
Source Name: Microsoft-Windows-EventSystem
Time Written: 20080515204819.000000-000
Event Type: Error
User:
Computer Name: office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-453005111-129219787-228039054-1000_Classes:
Process 1072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000_CLASSES
Record Number: 4145
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080515141250.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-453005111-129219787-228039054-1000:
Process 1072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000
Record Number: 4144
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080515141249.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: office-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb2768f
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 62111
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120201632.149053-000
Event Type: Audit Success
User:
Computer Name: office-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb27681
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 62110
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120201632.146053-000
Event Type: Audit Success
User:
Computer Name: office-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb2768f
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: BULL-PC
Source Network Address: 192.168.1.78
Source Port: 49258
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 62109
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120201621.764053-000
Event Type: Audit Success
User:
Computer Name: office-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb27681
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: BULL-PC
Source Network Address: 192.168.1.78
Source Port: 49257
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 62108
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120201621.735053-000
Event Type: Audit Success
User:
Computer Name: office-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb02a78
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 62107
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120200432.162053-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Users\office\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\31ED4731-00000E54.eml Win32/Bagle.gen.zip worm contained infected files
C:\Users\Public\Downloads\oe saves\Inbox.dbx Win32/Bagle.gen.zip worm unable to clean
log.txt from RSIT...
Logfile of random's system information tool 1.06 (written by random/random)
Run by office at 2009-08-30 19:37:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 4 GB (11%) free of 38 GB
Total RAM: 1917 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:40, on 30/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Games\Chess\Chess.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\office\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\office.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1c9b378a3fd2872) (gupdate1c9b378a3fd2872) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7628 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{C23397A0-7333-4F22-B0AD-DD05E14B711C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-15 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"NDSTray.exe"=NDSTray.exe []
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-04-03 509496]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-17 2007832]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-02-29 1481968]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-08-30 19:37:23 ----D---- C:\rsit
2009-08-30 17:39:53 ----D---- C:\Program Files\ESET
2009-08-28 17:06:48 ----D---- C:\Windows\temp
2009-08-28 17:06:46 ----A---- C:\ComboFix.txt
2009-08-28 16:58:28 ----SHD---- C:\$RECYCLE.BIN
2009-08-28 16:30:01 ----A---- C:\Windows\zip.exe
2009-08-28 16:30:01 ----A---- C:\Windows\SWXCACLS.exe
2009-08-28 16:30:01 ----A---- C:\Windows\SWSC.exe
2009-08-28 16:30:01 ----A---- C:\Windows\SWREG.exe
2009-08-28 16:30:01 ----A---- C:\Windows\sed.exe
2009-08-28 16:30:01 ----A---- C:\Windows\PEV.exe
2009-08-28 16:30:01 ----A---- C:\Windows\NIRCMD.exe
2009-08-28 16:30:01 ----A---- C:\Windows\grep.exe
2009-08-28 16:29:45 ----D---- C:\Windows\ERDNT
2009-08-28 16:25:13 ----D---- C:\Qoobox
2009-08-28 16:14:18 ----D---- C:\_OTL
2009-08-28 10:17:24 ----D---- C:\ProgramData\Office Genuine Advantage
2009-08-27 08:17:32 ----D---- C:\Users\office\AppData\Roaming\Malwarebytes
2009-08-27 08:17:24 ----D---- C:\ProgramData\Malwarebytes
2009-08-27 08:17:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-27 07:41:20 ----D---- C:\Windows Antivirus Pro
2009-08-26 16:12:24 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-26 16:12:08 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-26 14:58:57 ----A---- C:\Windows\system32\tzres.dll
2009-08-18 11:09:50 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-18 11:09:50 ----A---- C:\Windows\system32\kerberos.dll
2009-08-18 11:09:49 ----A---- C:\Windows\system32\wdigest.dll
2009-08-18 11:09:49 ----A---- C:\Windows\system32\schannel.dll
2009-08-18 11:09:48 ----A---- C:\Windows\system32\secur32.dll
2009-08-18 11:09:48 ----A---- C:\Windows\system32\lsass.exe
2009-08-18 11:09:48 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-12 08:07:52 ----A---- C:\Windows\system32\atl.dll
2009-08-12 08:07:51 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 08:07:46 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 08:07:45 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 08:07:45 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 08:07:45 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 08:07:45 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 08:07:32 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 08:07:29 ----A---- C:\Windows\system32\mstscax.dll
2009-08-05 20:14:58 ----D---- C:\ProgramData\Google
2009-08-05 10:42:42 ----A---- C:\Windows\system32\javaws.exe
2009-08-05 10:42:42 ----A---- C:\Windows\system32\javaw.exe
2009-08-05 10:42:42 ----A---- C:\Windows\system32\java.exe
2009-08-04 20:32:05 ----A---- C:\Windows\unvise32.exe
2009-08-04 20:32:00 ----AD---- C:\Program Files\virtual_garden
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAEXEC.exe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGACheckControl.dll
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAAddin.dll
======List of files/folders modified in the last 1 months======
2009-08-30 17:39:54 ----SD---- C:\Windows\Downloaded Program Files
2009-08-30 17:39:53 ----RD---- C:\Program Files
2009-08-30 17:28:36 ----SHD---- C:\System Volume Information
2009-08-30 17:24:51 ----D---- C:\Windows\Prefetch
2009-08-30 17:24:50 ----D---- C:\Windows
2009-08-30 12:26:41 ----D---- C:\Windows\System32
2009-08-30 12:26:41 ----D---- C:\Windows\inf
2009-08-30 12:26:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-28 17:06:49 ----D---- C:\Windows\system32\en-US
2009-08-28 17:06:49 ----D---- C:\Windows\system32\drivers
2009-08-28 16:58:53 ----A---- C:\Windows\system.ini
2009-08-28 16:56:26 ----SHD---- C:\Boot
2009-08-28 16:56:26 ----D---- C:\Windows\system32\config
2009-08-28 16:55:21 ----SHD---- C:\Windows\Installer
2009-08-28 16:52:47 ----D---- C:\Windows\AppPatch
2009-08-28 16:52:44 ----D---- C:\Program Files\Common Files
2009-08-28 10:17:24 ----HD---- C:\ProgramData
2009-08-28 07:20:13 ----D---- C:\Windows\system32\zh-TW
2009-08-28 07:20:13 ----D---- C:\Windows\system32\zh-HK
2009-08-28 07:20:13 ----D---- C:\Windows\system32\tr-TR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\sv-SE
2009-08-28 07:20:13 ----D---- C:\Windows\system32\pt-BR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\nl-NL
2009-08-28 07:20:13 ----D---- C:\Windows\system32\nb-NO
2009-08-28 07:20:13 ----D---- C:\Windows\system32\ko-KR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\it-IT
2009-08-28 07:20:13 ----D---- C:\Windows\system32\he-IL
2009-08-28 07:20:13 ----D---- C:\Windows\system32\fr-FR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\fi-FI
2009-08-28 07:20:13 ----D---- C:\Windows\system32\es-ES
2009-08-28 07:20:13 ----D---- C:\Windows\system32\el-GR
2009-08-28 07:20:13 ----D---- C:\Windows\system32\de-DE
2009-08-28 07:20:13 ----D---- C:\Windows\system32\da-DK
2009-08-28 07:20:13 ----D---- C:\Windows\system32\ar-SA
2009-08-27 13:39:38 ----D---- C:\Windows\Minidump
2009-08-27 11:02:08 ----HD---- C:\$AVG8.VAULT$
2009-08-27 10:55:02 ----D---- C:\Windows\system32\catroot2
2009-08-27 09:08:32 ----D---- C:\Windows\winsxs
2009-08-26 16:23:39 ----D---- C:\Windows\rescache
2009-08-26 14:59:53 ----D---- C:\Windows\system32\catroot
2009-08-26 13:58:34 ----D---- C:\Program Files\Internet Explorer
2009-08-25 17:18:11 ----SD---- C:\ProgramData\Microsoft
2009-08-25 16:28:44 ----D---- C:\Windows\Tasks
2009-08-25 16:28:44 ----D---- C:\Windows\system32\Tasks
2009-08-25 16:28:43 ----D---- C:\Windows\system32\wbem
2009-08-25 16:28:43 ----D---- C:\Windows\system32\spool
2009-08-25 16:28:43 ----D---- C:\Windows\system32\Msdtc
2009-08-25 16:28:43 ----D---- C:\Windows\registration
2009-08-25 09:47:27 ----RSD---- C:\Windows\assembly
2009-08-17 08:54:47 ----A---- C:\Windows\system32\avgrsstx.dll
2009-08-13 09:34:23 ----D---- C:\Windows\Debug
2009-08-13 07:57:07 ----D---- C:\Program Files\Windows Media Player
2009-08-12 19:00:11 ----D---- C:\Program Files\Windows Mail
2009-08-05 20:17:51 ----D---- C:\Users\office\AppData\Roaming\Google
2009-08-05 20:13:44 ----D---- C:\Program Files\Google
2009-08-05 10:42:39 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 51440]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 2929664]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-05-25 164864]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-27 610304]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-17 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-08-01 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 gupdate1c9b378a3fd2872;Google Update Service (gupdate1c9b378a3fd2872); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info.txt from RSIT....
info.txt logfile of random's system information tool 1.06 2009-08-30 19:37:47
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\Setup.exe" -l0x9
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe-->"C:\Program Files\MSN Games\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Bejeweled 2 Deluxe\install.log"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
Cradle of Rome-->"C:\Program Files\Virgin Media Games\Cradle of Rome\Uninstall.exe" "C:\Program Files\Virgin Media Games\Cradle of Rome\install.log"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Free CD to MP3 Converter-->C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IKEA Home Planner-->MsiExec.exe /I{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Money System Pack-->MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Money-->MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ACCESSR /dll OSETUP.DLL
Microsoft Office Access 2007-->MsiExec.exe /X{91120000-0015-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Driver Installation 3.4.0-->MsiExec.exe /I{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x0009 -z"Uninstall" -removeonly
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe -uninst -l0x9
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
SimCity 4 Deluxe-->E:\simcity4\EAUninstall.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}\setup.exe" -l0x9
TOSHIBA Manuals-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F4F4815-76AD-4B26-8763-72F3344041C2}\setup.exe" -l0x9 -removeonly
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Virtual Garden-->C:\Windows\unvise32.exe C:\Program Files\uninstal.log
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
=====HijackThis Backups=====
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-03-12]
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) [2009-03-12]
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) [2009-03-12]
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) [2009-03-12]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-03-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-12]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-12]
O13 - Gopher Prefix: [2009-03-12]
O1 - Hosts: ::1 localhost [2009-03-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-08-25]
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) [2009-08-25]
======Security center information======
AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware
======System event log======
Computer Name: office-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 110140
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090319065619.491610-000
Event Type: Error
User:
Computer Name: office-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 110128
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090318201932.278000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: office-PC
Event Code: 10010
Message: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Record Number: 110089
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090318201919.000000-000
Event Type: Error
User:
Computer Name: office-PC
Event Code: 43033
Message: Edid checksum error
Record Number: 110075
Source Name: atikmdag
Time Written: 20090318150302.912959-000
Event Type: Error
User:
Computer Name: office-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Bus/Interconnect Error
Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 3
Transaction Type: N/A
Processor Participation: Local node responded to the request
Request Type: 12
Memory/Io: Memory
Memory Hierarchy Level: Generic
Timeout: Yes
Record Number: 110064
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20090318135322.538959-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
=====Application event log=====
Computer Name: office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-453005111-129219787-228039054-1000_Classes:
Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000_CLASSES
Process 2036 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Record Number: 4224
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080516121827.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-453005111-129219787-228039054-1000:
Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000
Record Number: 4223
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080516121826.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: office-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 4168
Source Name: Microsoft-Windows-EventSystem
Time Written: 20080515204819.000000-000
Event Type: Error
User:
Computer Name: office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-453005111-129219787-228039054-1000_Classes:
Process 1072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000_CLASSES
Record Number: 4145
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080515141250.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-453005111-129219787-228039054-1000:
Process 1072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-453005111-129219787-228039054-1000
Record Number: 4144
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080515141249.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: office-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb2768f
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 62111
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120201632.149053-000
Event Type: Audit Success
User:
Computer Name: office-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb27681
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 62110
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120201632.146053-000
Event Type: Audit Success
User:
Computer Name: office-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb2768f
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: BULL-PC
Source Network Address: 192.168.1.78
Source Port: 49258
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 62109
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120201621.764053-000
Event Type: Audit Success
User:
Computer Name: office-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb27681
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: BULL-PC
Source Network Address: 192.168.1.78
Source Port: 49257
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 62108
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120201621.735053-000
Event Type: Audit Success
User:
Computer Name: office-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xb02a78
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 62107
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090120200432.162053-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
Java™ 6 Update 15
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
Adobe Reader 8.1.6
Download TFC by OldTimer to your desktop
Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.
Please go to the link below to update.
http://www.adobe.com/products/acrobat/readstep2.html
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems
Upgrading Java:
Java™ 6 Update 15
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
Adobe Reader 8.1.6
Download TFC by OldTimer to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.
Please go to the link below to update.
http://www.adobe.com/products/acrobat/readstep2.html
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systemsUpgrading Java:
- Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
- Click the "Download" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.")
All steps completed as requested...
old Java and Adobe dumped...
TFC ran succesfully and rebooted...
new Java and Adobe installed...
many thanks - anything else left to check?
old Java and Adobe dumped...
TFC ran succesfully and rebooted...
new Java and Adobe installed...
many thanks - anything else left to check?
Your log looks clean, Great Job
Follow these steps to uninstall Combofix and tools used in the removal of malware
Now for some cleanup..
Please download OTC and save it to Desktop.
Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
Next press the Apply button and then the OK to exit the Internet Properties page.
here are some additional utilities that will enhance your safety
Follow these steps to uninstall Combofix and tools used in the removal of malware
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Now for some cleanup..
Please download OTC and save it to Desktop.
- Please make sure you are connecting to the Internet
- Double-click OTC.exe
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes
Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
- Go to Start > Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Then go to Start > Run and type: Cleanmgr
- Click "OK".
- Click the "More Options" Tab.
- Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
No Firewall Onboard
You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice: - Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
here are some additional utilities that will enhance your safety
- McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software
Combofix has gone...
OTC has run...
new restore point is set...
IE was already set to all those values, except "f.Change the Navigate sub-frames across different domains to Prompt". I've got this set to Disable - is that acceptable?
AV software updates daily, along with anti-spyware, email scanner, resident shield and link scanner...
Windows Firewall claims to be on, but I'm also hiding behind a password-enabled router so that should be pretty safe... unless you say otherwise...
Windows Update is set to notify me of all updates (and does so, with monotonous regularity...)
As for SpywareBlaster and SpywareGuard, I'm not sure about these - I do have anti-spyware software bundled with my AV software
Had some bad experiences with McAfee so not keen to put anything of theirs on my machine unless absolutely necessary...
HOSTS file is already as described...
I'm not sure about WinPatrol... I'll have to think about that a bit more...
Thanks for all the guidance
OTC has run...
new restore point is set...
IE was already set to all those values, except "f.Change the Navigate sub-frames across different domains to Prompt". I've got this set to Disable - is that acceptable?
AV software updates daily, along with anti-spyware, email scanner, resident shield and link scanner...
Windows Firewall claims to be on, but I'm also hiding behind a password-enabled router so that should be pretty safe... unless you say otherwise...
Windows Update is set to notify me of all updates (and does so, with monotonous regularity...)
As for SpywareBlaster and SpywareGuard, I'm not sure about these - I do have anti-spyware software bundled with my AV software
Had some bad experiences with McAfee so not keen to put anything of theirs on my machine unless absolutely necessary...
HOSTS file is already as described...
I'm not sure about WinPatrol... I'll have to think about that a bit more...
Thanks for all the guidance
You're welcome.
All of the tools are reccomendations, if there is something you don't want, no problem.
WinPatrol is not necessary, and McAfee SiteAdvisor is a nice tool to have but not necessary neither.
Even though you have an AntiSpyware, SpywareBlaster is good to have, it does not run in the background, but adds a list of bad sites that it blocks. So its a plus to have.
All of the tools are reccomendations, if there is something you don't want, no problem.
WinPatrol is not necessary, and McAfee SiteAdvisor is a nice tool to have but not necessary neither.
Even though you have an AntiSpyware, SpywareBlaster is good to have, it does not run in the background, but adds a list of bad sites that it blocks. So its a plus to have.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help
If you're the topic starter, and need this topic reopened, please contact Me or another Moderator with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact Me or another Moderator with the address of the thread.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.