Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't Remove Packed.Rolex Virus with my AVG 8.5


  • Please log in to reply

#1
alwaysoncue

alwaysoncue

    New Member

  • Member
  • Pip
  • 9 posts
Hello,

Could someone help me get rid of a packed.rolex virus? My hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:10 PM, on 6/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\runit\runit_32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10896 bytes

Edited by alwaysoncue, 12 June 2009 - 05:13 PM.

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello alwaysoncue

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
alwaysoncue

alwaysoncue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello and Thank you for responding: Below are the OTL logs. I will send the other log when completed.

OTL logfile created on: 6/12/2009 8:11:50 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Cue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNLK8PSI
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.82% Memory free
3.98 Gb Paging File | 2.81 Gb Available in Paging File | 70.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 120.39 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CUELAPTOP
Current User Name: Cue
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Windows\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG6\avgserv.exe (GRISOFT© SOFTWARE s.r.o)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Grisoft\AVG6\avgcc32.exe (GRISOFT s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
PRC - C:\Program Files\runit\runit_32.exe (BB Inc)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE (Advanced Micro Devices Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe ()
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Users\Cue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNLK8PSI\OTL[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (a2free [Auto | Running]) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AvgServ [Auto | Running]) -- C:\Program Files\Grisoft\AVG6\avgserv.exe (GRISOFT© SOFTWARE s.r.o)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [Auto | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (pinger [Auto | Running]) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Swupdtmr [Auto | Running]) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AvgCore [Auto | Running]) -- C:\Program Files\Grisoft\AVG6\avgcore.sys (GRISOFT, s.r.o.)
DRV - (AvgFsh [Auto | Running]) -- C:\Program Files\Grisoft\AVG6\avgfsh.sys (GRISOFT, s.r.o.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HPFXBULK [On_Demand | Stopped]) -- C:\Windows\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KR10I [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR3NPXP [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (RTL8187B [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosrfec [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winbondcir [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/12 14:55:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/27 01:59:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/27 01:59:24 | 00,000,000 | ---D | M]

[2008/10/31 21:54:15 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Extensions
[2008/10/31 21:54:15 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/10/31 21:54:15 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Firefox\Profiles\iy6x0ovo.default\extensions
[2009/06/10 16:23:48 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Firefox\Profiles\llrrc96o.default\extensions
[2009/06/09 16:00:51 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Firefox\Profiles\llrrc96o.default\extensions\[email protected]
[2008/10/31 21:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/27 01:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/27 01:59:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/27 01:59:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/27 01:59:15 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/27 01:59:15 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/27 01:59:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/27 01:59:15 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/27 01:59:15 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/27 01:59:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP (GRISOFT s.r.o.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (Electronic Arts)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Cue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runit_32.lnk = C:\Program Files\runit\runit_32.exe (BB Inc)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\wshtcpip.dll,-60103] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [NTDS] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\system32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\system32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\system32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 22:57:16 | 00,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 18:22:16 | 00,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{664f6513-5710-11dc-9f27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{664f6513-5710-11dc-9f27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 22:57:16 | 00,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{a7c69486-43dd-11de-a3e8-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\setupSNK.exe -- [2008/01/19 03:33:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/12 18:58:45 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/06/12 18:57:22 | 00,000,781 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2009/06/12 18:57:06 | 00,000,000 | ---D | C] -- C:\Users\Cue\Documents\a-squared Free
[2009/06/12 18:57:06 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/06/12 18:53:49 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/06/12 18:44:56 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2009/06/12 18:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/06/12 18:34:01 | 00,000,000 | ---D | C] -- C:\Users\Cue\AppData\Roaming\Malwarebytes
[2009/06/12 18:33:59 | 00,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 18:33:56 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/12 18:33:55 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/12 18:33:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/12 18:33:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/12 18:12:23 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/06/12 18:12:15 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2009/06/12 18:12:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STKIT432.DLL
[2009/06/12 18:12:13 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/06/12 16:12:08 | 00,001,885 | ---- | C] () -- C:\Users\Cue\Desktop\HijackThis.lnk
[2009/06/12 16:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/12 14:56:28 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/12 14:55:45 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/06/12 14:55:45 | 00,001,658 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/06/12 14:55:44 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/06/12 14:55:35 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/06/12 14:55:34 | 37,066,405 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/12 14:55:34 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/06/12 14:55:34 | 00,434,673 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/06/12 14:55:34 | 00,075,180 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/12 14:55:34 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/06/12 14:55:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/06/12 14:55:26 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/06/12 14:44:29 | 00,093,696 | ---- | C] () -- C:\Windows\hqfh71418.exe
[2009/06/12 14:44:28 | 00,000,000 | ---D | C] -- C:\Program Files\IEToolbar
[2009/06/12 14:44:27 | 00,889,078 | ---- | C] () -- C:\Windows\mdhhh0806.exe
[2009/06/12 14:44:27 | 00,000,826 | ---- | C] () -- C:\Users\Cue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runit_32.lnk
[2009/06/12 14:44:27 | 00,000,000 | ---D | C] -- C:\Program Files\runit
[2009/06/12 14:44:26 | 00,069,697 | ---- | C] () -- C:\Windows\sqdn1023.exe
[2009/06/11 18:22:45 | 00,026,112 | ---- | C] () -- C:\Users\Cue\Desktop\epms.doc
[2009/06/09 13:33:36 | 00,026,112 | ---- | C] () -- C:\Users\Cue\Desktop\wahm lwtter.doc
[2009/06/09 10:10:32 | 00,006,970 | ---- | C] () -- C:\Users\Cue\Desktop\photo.jpg
[2009/06/08 17:20:04 | 00,366,497 | ---- | C] () -- C:\Users\Cue\Desktop\Longview.JPG
[2009/06/02 17:22:08 | 00,000,000 | ---D | C] -- C:\Users\Cue\Documents\Electronic Arts
[2009/06/02 17:18:33 | 00,000,935 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2009/06/02 17:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/06/02 17:18:00 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/06/02 17:17:55 | 00,001,859 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2009/06/02 16:55:59 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/05/30 13:03:06 | 00,031,744 | ---- | C] () -- C:\Users\Cue\Desktop\games.doc
[2009/05/24 16:22:50 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/24 16:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/24 16:22:00 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/24 16:22:00 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/20 21:14:39 | 00,032,768 | ---- | C] () -- C:\Users\Cue\Desktop\insurance.doc
[2009/05/20 13:35:47 | 00,013,824 | ---- | C] () -- C:\Users\Cue\Desktop\bills.xls
[2009/05/18 15:30:38 | 00,000,000 | ---D | C] -- C:\safgv180
[2009/05/13 22:49:22 | 00,000,000 | ---D | C] -- C:\Users\Cue\AppData\Roaming\Move Networks
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/04/21 06:45:46 | 00,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/10 15:16:11 | 00,000,862 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008/01/02 20:38:12 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 20:38:11 | 00,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2008/01/02 20:38:07 | 00,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2007/08/22 16:33:11 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/22 16:18:54 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/22 16:18:54 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/22 16:18:54 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/22 16:18:54 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/22 16:18:54 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/22 16:18:54 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/22 15:49:10 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/22 15:49:10 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/22 15:49:10 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/22 15:49:10 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/22 15:45:08 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/28 02:26:30 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/05 16:05:04 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/06 19:42:56 | 00,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll
[2006/03/09 13:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/06/12 20:06:06 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/12 20:06:06 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/12 20:06:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/12 20:05:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/12 19:00:05 | 00,000,052 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.idx
[2009/06/12 18:57:22 | 00,000,781 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2009/06/12 18:33:59 | 00,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 17:16:36 | 00,374,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/12 17:11:31 | 00,001,885 | ---- | M] () -- C:\Users\Cue\Desktop\HijackThis.lnk
[2009/06/12 15:34:15 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{41F506A0-35CD-4C59-B738-3C81F1F443B5}.job
[2009/06/12 14:56:43 | 37,066,405 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/12 14:56:25 | 00,075,180 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/12 14:55:45 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/06/12 14:55:45 | 00,001,658 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/06/12 14:55:44 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/06/12 14:55:35 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/06/12 14:55:34 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/06/12 14:55:34 | 00,434,673 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/06/12 14:55:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/06/12 14:44:29 | 00,093,696 | ---- | M] () -- C:\Windows\hqfh71418.exe
[2009/06/12 14:44:28 | 00,889,078 | ---- | M] () -- C:\Windows\mdhhh0806.exe
[2009/06/12 14:44:27 | 00,000,826 | ---- | M] () -- C:\Users\Cue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runit_32.lnk
[2009/06/12 14:44:26 | 00,069,697 | ---- | M] () -- C:\Windows\sqdn1023.exe
[2009/06/11 18:22:47 | 00,026,112 | ---- | M] () -- C:\Users\Cue\Desktop\epms.doc
[2009/06/09 17:13:26 | 00,026,112 | ---- | M] () -- C:\Users\Cue\Desktop\wahm lwtter.doc
[2009/06/09 10:10:32 | 00,006,970 | ---- | M] () -- C:\Users\Cue\Desktop\photo.jpg
[2009/06/08 17:20:04 | 00,366,497 | ---- | M] () -- C:\Users\Cue\Desktop\Longview.JPG
[2009/06/07 17:04:17 | 00,111,856 | ---- | M] () -- C:\Users\Cue\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/06/05 19:35:46 | 00,013,824 | ---- | M] () -- C:\Users\Cue\Desktop\bills.xls
[2009/06/04 07:57:58 | 00,000,935 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2009/06/02 17:17:55 | 00,001,859 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2009/05/30 13:44:57 | 00,031,744 | ---- | M] () -- C:\Users\Cue\Desktop\games.doc
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/24 16:22:50 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/24 16:17:33 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/05/20 21:14:40 | 00,032,768 | ---- | M] () -- C:\Users\Cue\Desktop\insurance.doc
[2009/05/18 15:11:57 | 00,709,154 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/18 15:11:57 | 00,608,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/18 15:11:57 | 00,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/14 16:10:23 | 00,002,838 | ---- | M] () -- C:\Windows\machine.ver

========== LOP Check ==========

[2009/06/12 20:03:50 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming
[2008/01/19 19:26:09 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\acccore
[2008/12/17 10:23:59 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Adobe
[2009/01/23 14:07:18 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Apple Computer
[2007/12/25 15:57:53 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\ATI
[2009/05/08 09:23:51 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Audacity
[2008/12/17 10:24:04 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/12 07:26:45 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\CoreFTP
[2009/01/13 12:48:12 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\FrostWire
[2008/01/09 11:11:25 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Google
[2007/12/25 15:56:47 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Identities
[2009/06/12 14:49:52 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\LimeWire
[2009/01/13 12:48:05 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Macromedia
[2009/06/12 18:34:01 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Malwarebytes
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Media Center Programs
[2009/06/02 17:18:17 | 00,000,000 | --SD | M] -- C:\Users\Cue\AppData\Roaming\Microsoft
[2008/01/02 20:30:14 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Microsoft Web Folders
[2009/05/19 15:35:31 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Move Networks
[2008/10/31 21:54:15 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Mozilla
[2009/01/13 12:47:59 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Nova Development
[2009/01/13 12:48:03 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Skype
[2008/07/27 16:41:18 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\skypePM
[2007/12/29 10:46:14 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Template
[2008/01/01 19:50:53 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\TOSHIBA
[2009/01/13 12:48:00 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Ulead Systems
[2008/10/31 22:21:15 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Uniblue
[2007/12/26 00:30:03 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\WildTangent
[2007/12/26 19:52:52 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\WinBatch
[2008/09/17 16:13:21 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\WinRAR
[2008/10/08 16:19:36 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\Yahoo!
[2009/06/12 20:06:04 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/06/12 20:04:57 | 00,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/06/12 15:34:15 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{41F506A0-35CD-4C59-B738-3C81F1F443B5}.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >







OTL Extras logfile created on: 6/12/2009 8:11:50 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Cue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNLK8PSI
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.82% Memory free
3.98 Gb Paging File | 2.81 Gb Available in Paging File | 70.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 120.39 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CUELAPTOP
Current User Name: Cue
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine (TOSHIBA Corporation)
C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{0F660D87-41A4-43FD-8AD6-2904CFE5C599} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{4D30CED1-9E43-431F-9398-2810100DFC3F} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |
{5D1C55D2-BB50-4974-8DC2-4551FBCA3BF3} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{76AF0818-EDC3-40B2-B83E-45ACAD40A01E} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{7CBE6AA8-A77B-4910-BEE1-C547F3314037} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{A126C3C2-12A0-4C7D-B10C-2DD05EF939B0} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{B7D8BED8-CAFB-42D5-B5DA-EC06F91D3E1D} = LPORT=10243 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{CC6541E3-A76A-4621-AE29-AEBB6F38E5C7} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{D4F50FC9-9C4B-4E62-8C83-C148A2726D33} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{DAB02705-18CE-4B6E-812D-469A39586838} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{FA6511F5-12FF-4100-8040-1752C2897F88} = RPORT=10243 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |

========== Vista Active Application Exception List ==========

{01A9ECE6-4F39-4363-8A3D-299025920F4F} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YSERVER.EXE |
{1A35FEE3-CAF1-4CEF-8004-8C4B6605D8FC} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\LIVECALL.EXE |
{271C5BE5-7CD2-4993-BC3B-BA85F77F3F08} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{28F01BC8-5ED0-4716-940A-6A0932420D32} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{31A951A7-1360-4DE6-917C-AE81ABFC3FB9} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{3240F517-A25F-49C1-AF76-2E8EB33E3D54} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
{41DC2591-3AAD-4253-A798-E45256A95627} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\FROSTWIRE\FROSTWIRE.EXE |
{474FEE63-388E-4A55-B5ED-EAA00F7B086D} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{48A4C413-B7C2-44E8-BC74-B1650CB4C681} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{4A41571A-F648-4774-B365-B153DE4A6768} = PROTOCOL=6 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{4EF38C63-095E-4188-8F1A-4ABDBA7694CF} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{512BEA09-93A6-49C0-9791-7238BAB5A721} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{520C5944-6152-4472-A345-21C1385F7823} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{53429096-F3BA-4341-80EF-31E3169806E7} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{7129B4E1-6116-455D-8261-AA91642AF059} = DIR=IN | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{7F0D3255-F1B3-4D15-91BE-5FA21126ED65} = DIR=IN | APP=C:\PROGRAM FILES\AVG\AVG8\AVGUPD.EXE |
{897F68C4-676B-407C-95C5-E6E3A8481B09} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{8B7C7354-DD30-41E3-AABB-2E90D638A64D} = DIR=IN | APP=C:\PROGRAM FILES\AVG\AVG8\AVGNSX.EXE |
{8C575C6C-BC1B-4864-AC15-B42E2AE90AEC} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YSERVER.EXE |
{9EF0F094-8B38-4757-8364-154D3719A5C9} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{A008B94E-D12C-4725-86AA-449C54C3F38C} = PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{A6C94682-B99A-4A89-9F83-267D29A7A275} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{ADC66C0B-D8CB-491A-BD5B-BD5F76119AAC} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{ADEA8488-4B38-4318-ADE5-EDEA8242780A} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{B9A42C40-02D7-47ED-B612-D53E2A17E3B0} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\FROSTWIRE\FROSTWIRE.EXE |
{BA9FA35B-7640-4B8A-B286-A6EF5492C6BA} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{BB8EEEBA-D6E5-4BE0-9695-17BB47449F8F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{BE4E6BEA-F1D8-41D6-B6DD-C410C6AA987D} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{C05B0955-8EE1-4B19-900A-81FB85F0273B} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{D53C99DC-30C4-4D2A-9DDD-686FBAC2B9CF} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{DC4E8D3A-A389-41F1-9BCC-81F2EB23F2E6} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
{EF358981-C296-460C-8441-650FD1635EF5} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{F70A85CA-DADB-4D91-9FE6-004759BB8C2E} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
TCP Query User{64CCE7D8-CFC6-472F-9C97-F185DEE8311D}C:\program files\electronic arts\eadm\core.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ELECTRONIC ARTS\EADM\CORE.EXE |
TCP Query User{8657A3BE-178B-4295-8EC4-C77BA8B2BE1D}C:\program files\aim6\aim6.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\AIM6\AIM6.EXE |
TCP Query User{899CF702-E8AA-42A9-A541-BD12E71214E3}C:\program files\limewire\limewire.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
TCP Query User{D5667CDD-A0D0-4372-B4A4-90E3229CE375}C:\program files\electronic arts\eadm\core.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ELECTRONIC ARTS\EADM\CORE.EXE |
UDP Query User{3B7D464E-4284-487B-A74A-B3E373211717}C:\program files\limewire\limewire.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
UDP Query User{82B93D1F-8173-4801-96BB-C23A32F356F2}C:\program files\electronic arts\eadm\core.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ELECTRONIC ARTS\EADM\CORE.EXE |
UDP Query User{B37607F3-5500-40C7-95E4-104685376D40}C:\program files\electronic arts\eadm\core.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ELECTRONIC ARTS\EADM\CORE.EXE |
UDP Query User{D22EA3EB-0E5D-4C62-8959-6F7001D103F9}C:\program files\aim6\aim6.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\AIM6\AIM6.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0221A397-962E-6D84-F786-64E445617999}" = CCC Help English
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08CB1B3E-D42C-3ED5-7896-F8BC31839315}" = Catalyst Control Center Localization Czech
"{0C9B3E29-3B8B-295E-773B-82F3516F17DD}" = CCC Help Thai
"{0D99E1E9-D28C-6806-0820-13E10082CE7B}" = CCC Help Italian
"{0DC5B855-1CE2-9EA3-AA12-78C8939F68EF}" = Catalyst Control Center Core Implementation
"{0E2C948E-44D6-9A1C-54E7-05217E7DCC13}" = CCC Help Dutch
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1B5AB0D6-4F7C-9B93-5323-9037F1E61142}" = CCC Help Chinese Standard
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21EA2A28-3146-E63D-16EE-0BF9FA3D6F5E}" = Catalyst Control Center Localization German
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{31C97472-E522-A760-F46D-FC0648F77E9C}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40E3BE50-51A6-F8A0-DB5F-7C2698FA5E1F}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{432DC370-01EF-F2D8-34C3-27DCC9B13083}" = CCC Help Norwegian
"{44151656-ECAC-99DC-1AC5-1F06A1A62939}" = Catalyst Control Center Graphics Light
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{454AB369-FABF-EB84-FBC1-CA4E8FBD3926}" = Catalyst Control Center Localization Hungarian
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{497268C1-AE62-4A1D-1129-1D03183538B0}" = Catalyst Control Center Localization Portuguese
"{4CE6623E-C867-81B3-8B94-A4FE021782BF}" = CCC Help Portuguese
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55FE1E6B-4E8A-0F2B-5B36-8F4363A0AEBC}" = Catalyst Control Center Localization Chinese Traditional
"{59DC42FB-13A7-45E1-BCC3-37CE5977951E}" = CCC Help Japanese
"{59DF97C6-3144-FA5A-4380-6B891BB44812}" = CCC Help German
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BBE3EAB-D749-0560-2C39-53DC8531CB01}" = Catalyst Control Center Localization Korean
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{608738F2-51B4-CD53-C1CC-220363513ED7}" = CCC Help Czech
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{649C3B52-AA90-1F36-3D36-CE7F2BB1CB8C}" = Catalyst Control Center Localization Chinese Standard
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{654CABFA-4289-9EC0-F088-34BFCC84A798}" = Catalyst Control Center Localization Turkish
"{65CC9CE1-AAF1-866B-B07E-FECC0B53277E}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9DF7EE-E7B9-E4F1-204A-FE72F47231CB}" = CCC Help Finnish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{7163A2F1-2DED-9EF4-24FC-06D607D2A9C9}" = Catalyst Control Center Graphics Full New
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731341F3-55AA-8488-A3F1-3D4C43412C87}" = CCC Help Russian
"{755F77D1-717E-4D7D-BF21-D3EB63906365}" = Winbond CIR Device Drivers
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A929336-7D2E-C4E3-2AC9-CA80FBEB5701}" = Catalyst Control Center Localization Spanish
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{84C7D852-CDF6-7006-91C7-E6A54519E5D5}" = Catalyst Control Center Graphics Full Existing
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E850D2A-F5E9-C322-ABFF-683C69686C13}" = Catalyst Control Center Localization Russian
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93FE0FBE-23F5-7BF4-9085-6E046D609F22}" = CCC Help Chinese Traditional
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A74BE9F1-1129-FB71-DA7B-96F5D99CA330}" = Catalyst Control Center Localization Finnish
"{A762A897-3E65-E264-5188-CBAD303064C2}" = Skins
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB79C30D-A920-D219-B4FD-C9552A0419D3}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD6A78C4-AD77-448D-4F9D-43AD80C8D8FF}" = Catalyst Control Center Localization French
"{AEE482BA-1731-499C-346D-B5F498B7DBF8}" = CCC Help Turkish
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = The Sims 2 HomeCrafter Plus
"{B3E356C8-CEB3-467C-EA92-8FC2CA15AD51}" = Catalyst Control Center Localization Polish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBD408BC-486B-9857-C805-945F8F083877}" = CCC Help Swedish
"{BE044C42-908B-4952-5140-E2B8FD67F267}" = CCC Help Danish
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C29D1033-0247-FFC6-7895-204ABABA0F20}" = ccc-utility
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C62D7344-8709-4443-9C95-F90659CBC27F}" = Art Explosion Publisher Pro
"{C643EEE3-A55A-58D1-D543-ED46726288CB}" = CCC Help Greek
"{C6C4AE92-7FE1-4D2C-B6AA-81694E59B3A9}" = PhotoImpact Pro
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0B87CB2-8599-4975-0E50-DB2F8E6B9AE6}" = Catalyst Control Center Localization Thai
"{DA401137-8791-F77A-591C-F0BC3E7ED04E}" = Catalyst Control Center Localization Greek
"{DC9B7572-50C6-180D-916D-3E2CBD00C0C7}" = Catalyst Control Center Localization Japanese
"{DFCFF0F1-005D-E317-733D-8D19D54FBF08}" = Catalyst Control Center Localization Swedish
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E748D6A5-D03D-BDE1-C094-DAE3F5BCEEF6}" = Catalyst Control Center Graphics Previews Vista
"{E8316038-8C38-52A8-9014-FD35536567E8}" = Catalyst Control Center Localization Dutch
"{E96A0335-C6EA-D11A-3A49-8586A8FED544}" = ccc-core-static
"{E9E6642B-0714-37B4-0248-D036B60F8F12}" = CCC Help Korean
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F05E0039-D2A7-198B-B79E-285395EBB5BB}" = Catalyst Control Center Localization Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F734CA55-0939-1F1A-A8B5-19B91B3D4B1F}" = Catalyst Control Center Localization Norwegian
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE4C0830-A0F3-B67E-93BC-21C4B0BB0267}" = CCC Help Hungarian
"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10 ESD
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_6" = AIM 6
"a-squared Free_is1" = a-squared Free 4.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"AVG6INSTALL" = AVG 6.0 Anti-Virus - FREE Edition
"AVG8Uninstall" = AVG Free 8.5
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.0" = Core FTP LE 2.0
"Directory Submitter_is1" = Directory Submitter 1.0.29
"EADM" = EA Download Manager
"FrostWire" = FrostWire 4.17.0
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 4.18.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Picasa2" = Picasa 2
"runit" = Run It
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB09835.TBSB09835Toolbar" = Bullseye Tool Bar
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2009 3:35:34 PM | Computer Name = CUELAPTOP | Source = Windows Search Service | ID = 3013
Description =

Error - 5/19/2009 3:38:29 PM | Computer Name = CUELAPTOP | Source = Windows Search Service | ID = 3013
Description =

Error - 5/19/2009 3:38:41 PM | Computer Name = CUELAPTOP | Source = Windows Search Service | ID = 3013
Description =

Error - 5/19/2009 10:09:25 PM | Computer Name = CUELAPTOP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18226 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 870 Start Time: 01c9d8a9fbd11f58 Termination Time: 32

Error - 5/20/2009 3:37:49 PM | Computer Name = CUELAPTOP | Source = EventSystem | ID = 4621
Description =

Error - 5/20/2009 9:26:28 PM | Computer Name = CUELAPTOP | Source = EventSystem | ID = 4621
Description =

Error - 5/25/2009 1:52:37 PM | Computer Name = CUELAPTOP | Source = EventSystem | ID = 4621
Description =

Error - 5/26/2009 11:09:59 PM | Computer Name = CUELAPTOP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18226 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e88 Start Time: 01c9de77afc353de Termination Time: 15

Error - 5/27/2009 2:05:56 AM | Computer Name = CUELAPTOP | Source = Windows Search Service | ID = 3013
Description =

Error - 5/27/2009 1:44:55 PM | Computer Name = CUELAPTOP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18226 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1654 Start Time: 01c9dee17be72734 Termination Time: 19

[ Media Center Events ]
Error - 4/16/2008 6:57:52 PM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 4/17/2008 10:48:59 AM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/23/2008 1:48:31 AM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 8:31:53 PM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/6/2008 7:41:11 AM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 9:05:28 AM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 2/5/2009 2:30:59 PM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/27/2009 2:29:34 PM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 9:01:15 AM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 6:01:38 PM | Computer Name = CUELAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 5/14/2008 1:17:36 PM | Computer Name = CUELAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/12/2009 5:39:11 PM | Computer Name = CUELAPTOP | Source = Service Control Manager | ID = 7000
Description =

Error - 6/12/2009 6:57:28 PM | Computer Name = CUELAPTOP | Source = Service Control Manager | ID = 7030
Description =

Error - 6/12/2009 7:06:31 PM | Computer Name = CUELAPTOP | Source = DCOM | ID = 10016
Description =

Error - 6/12/2009 7:06:31 PM | Computer Name = CUELAPTOP | Source = DCOM | ID = 10016
Description =

Error - 6/12/2009 7:55:26 PM | Computer Name = CUELAPTOP | Source = DCOM | ID = 10010
Description =

Error - 6/12/2009 7:57:39 PM | Computer Name = CUELAPTOP | Source = HTTP | ID = 15016
Description =

Error - 6/12/2009 7:58:41 PM | Computer Name = CUELAPTOP | Source = Service Control Manager | ID = 7000
Description =

Error - 6/12/2009 8:03:18 PM | Computer Name = CUELAPTOP | Source = Service Control Manager | ID = 7034
Description =

Error - 6/12/2009 8:06:04 PM | Computer Name = CUELAPTOP | Source = HTTP | ID = 15016
Description =

Error - 6/12/2009 8:07:44 PM | Computer Name = CUELAPTOP | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#4
alwaysoncue

alwaysoncue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the other log:



GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-13 08:52:45
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code 85F8C2F8 ZwEnumerateKey
Code 860A5338 ZwFlushInstructionCache
Code 8611F2BD IofCallDriver
Code 8611F396 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 81C41FE2 5 Bytes JMP 8611F39B
.text ntkrnlpa.exe!IofCallDriver 81CC3F6F 5 Bytes JMP 8611F2C2
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81DBA30B 1 Byte [E9]
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81DBA30B 5 Bytes JMP 860A533C
PAGE ntkrnlpa.exe!ZwEnumerateKey 81E0FBA2 5 Bytes JMP 85F8C2FC

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\a-squared Free\a2service.exe[1108] kernel32.dll!CreateThread + 1A 763D46E2 4 Bytes CALL 00454935 C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\a-squared Free\a2service.exe[1108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00454A8C] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1108] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!QueueUserWorkItem] [00454A8C] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\SKYNETnfwvrytx.sys (*** hidden *** ) [SYSTEM] SKYNETcppatxrt <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \systemroot\system32\drivers\SKYNETnfwvrytx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\[email protected] 10038
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\[email protected] 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\main\[email protected]* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\drivers\SKYNETnfwvrytx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETutqpfbiw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETtnwxscrr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETgkqfwxwe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETmcbjpuhv.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] \systemroot\system32\drivers\SKYNETnfwvrytx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\main
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\[email protected] 10038
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\[email protected] 7200
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\main\[email protected]* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\modules
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\drivers\SKYNETnfwvrytx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETutqpfbiw.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETtnwxscrr.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETgkqfwxwe.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETmcbjpuhv.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \systemroot\system32\drivers\SKYNETnfwvrytx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\main
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\[email protected] 10038
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\[email protected] 7200
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\main\[email protected]* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\modules
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\drivers\SKYNETnfwvrytx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETutqpfbiw.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETtnwxscrr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETgkqfwxwe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcppatxrt\[email protected] \systemroot\system32\SKYNETmcbjpuhv.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected]:\Program Files\Nova Development\Art Explosion Publisher Pro\1.0\Wizards\Desktop\Calendars\Year on a Page\8\xbdx11 inch\Business.npp 1

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS03B34.log 131072 bytes
File C:\Users\Cue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPZRJFU0\Skynet-virus-others-t242255[1].htm 117929 bytes
File C:\Windows\System32\drivers\SKYNETnfwvrytx.sys 69632 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\SKYNETgkqfwxwe.dll 20992 bytes executable
File C:\Windows\System32\SKYNETtnwxscrr.dat 18348 bytes
File C:\Windows\System32\SKYNETutqpfbiw.dll 44544 bytes executable
File C:\Windows\Temp\SKYNETicumnvyowb.tmp 20992 bytes executable
File C:\Windows\Temp\SKYNETnfnqvmpjtp.tmp 20992 bytes executable
File C:\Windows\Temp\SKYNETxbmrmhmeyo.tmp 20992 bytes executable

---- EOF - GMER 1.0.15 ----
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

  • 0

#6
alwaysoncue

alwaysoncue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix Log:


ComboFix 09-06-12.04 - Cue 06/13/2009 12:45.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.1235 [GMT -4:00]
Running from: c:\users\Cue\Desktop\CF2.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEToolbar
c:\program files\runit
c:\windows\mdhhh0806.exe
c:\windows\sqdn1023.exe
c:\program files\IEToolbar\Bullseye Tool Bar\basis.xml
c:\program files\IEToolbar\Bullseye Tool Bar\date2.html
c:\program files\IEToolbar\Bullseye Tool Bar\icons.bmp
c:\program files\IEToolbar\Bullseye Tool Bar\info.txt
c:\program files\IEToolbar\Bullseye Tool Bar\lw.crc
c:\program files\IEToolbar\Bullseye Tool Bar\lwpopper.html
c:\program files\IEToolbar\Bullseye Tool Bar\popper3.html
c:\program files\IEToolbar\Bullseye Tool Bar\popup1.html
c:\program files\IEToolbar\Bullseye Tool Bar\popup2.html
c:\program files\IEToolbar\Bullseye Tool Bar\tbhelper.dll
c:\program files\IEToolbar\Bullseye Tool Bar\uninstall.exe
c:\program files\IEToolbar\Bullseye Tool Bar\version.txt
c:\program files\IEToolbar\Bullseye Tool Bar\your_logo.png
c:\program files\runit\config.txt
c:\program files\runit\runit_32.exe
c:\program files\runit\runitu_32.exe
c:\users\Cue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runit_32.lnk
c:\windows\system32\drivers\SKYNETnfwvrytx.sys
c:\windows\system32\mdm.exe
c:\windows\system32\SKYNETgkqfwxwe.dll
c:\windows\system32\SKYNETmcbjpuhv.dat
c:\windows\system32\SKYNETtnwxscrr.dat
c:\windows\system32\SKYNETutqpfbiw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETcppatxrt


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 16:53 . 2009-06-13 16:54 -------- d-----w- c:\users\Cue\AppData\Local\temp
2009-06-13 16:33 . 2009-06-13 16:34 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-12 22:57 . 2009-06-12 23:08 -------- d-----w- c:\program files\a-squared Free
2009-06-12 22:53 . 2009-06-12 22:53 -------- d-----w- c:\windows\BDOSCAN8
2009-06-12 22:44 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-12 22:44 . 2009-06-12 22:44 -------- d-----w- c:\program files\Panda Security
2009-06-12 22:34 . 2009-06-12 22:34 -------- d-----w- c:\users\Cue\AppData\Roaming\Malwarebytes
2009-06-12 22:33 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 22:33 . 2009-06-12 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 22:33 . 2009-06-12 22:33 -------- d-----w- c:\programdata\Malwarebytes
2009-06-12 22:33 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 22:12 . 2004-08-04 11:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-06-12 20:12 . 2009-06-12 20:12 -------- d-----w- c:\program files\Trend Micro
2009-06-12 18:56 . 2009-06-13 16:30 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-12 18:55 . 2009-06-12 18:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-12 18:55 . 2009-06-12 18:55 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-12 18:55 . 2009-06-12 18:55 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-12 18:55 . 2009-06-13 13:28 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-12 18:55 . 2009-06-12 18:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-12 18:55 . 2009-06-12 23:57 -------- d-----w- c:\programdata\avg8
2009-06-12 18:44 . 2009-06-12 18:44 93696 ----a-w- c:\windows\hqfh71418.exe
2009-06-12 17:45 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 17:45 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-09 13:01 . 2009-06-09 13:01 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-02 21:18 . 2009-06-02 21:18 10134 ----a-r- c:\users\Cue\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-02 21:18 . 2009-06-02 21:18 -------- d-----w- c:\program files\Microsoft WSE
2009-06-02 21:18 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-02 20:55 . 2009-06-02 21:18 -------- d-----w- c:\program files\Electronic Arts
2009-05-24 20:22 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-24 20:22 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-05-24 20:22 . 2009-05-24 20:22 -------- d-----w- c:\program files\iPod
2009-05-24 20:22 . 2009-05-24 20:22 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-24 20:22 . 2009-05-24 20:22 -------- d-----w- c:\program files\iTunes
2009-05-24 20:18 . 2009-05-24 20:18 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-19 20:46 . 2009-05-19 20:46 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-18 19:30 . 2009-05-18 19:30 -------- d-----w- C:\safgv180

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 07:08 . 2007-08-30 15:58 -------- d-----w- c:\program files\Microsoft Works
2009-06-13 07:07 . 2007-08-30 16:02 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 21:18 . 2007-12-25 19:57 111856 ----a-w- c:\users\Cue\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-12 18:49 . 2008-07-08 23:12 -------- d-----w- c:\users\Cue\AppData\Roaming\LimeWire
2009-06-12 11:26 . 2008-01-17 14:24 -------- d-----w- c:\users\Cue\AppData\Roaming\CoreFTP
2009-06-02 21:22 . 2008-09-21 18:09 -------- d-----w- c:\programdata\Electronic Arts
2009-06-02 20:55 . 2007-08-22 19:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-24 20:22 . 2009-01-23 18:03 -------- d-----w- c:\program files\Common Files\Apple
2009-05-24 20:22 . 2009-01-23 17:59 -------- d-----w- c:\programdata\Apple Computer
2009-05-24 20:17 . 2009-01-23 18:01 -------- d-----w- c:\program files\Safari
2009-05-19 19:35 . 2009-05-14 02:49 -------- d-----w- c:\users\Cue\AppData\Roaming\Move Networks
2009-05-14 02:49 . 2009-05-14 02:49 127877 ----a-w- c:\users\Cue\AppData\Roaming\Move Networks\uninstall.exe
2009-05-14 02:49 . 2009-05-01 06:30 4183416 ----a-w- c:\users\Cue\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
2009-05-13 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 13:23 . 2009-05-05 23:13 -------- d-----w- c:\users\Cue\AppData\Roaming\Audacity
2009-05-08 13:22 . 2009-05-08 13:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-05 23:25 . 2009-05-05 23:25 -------- d-----w- c:\program files\Lame for Audacity
2009-05-05 23:13 . 2009-05-05 23:13 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\users\Cue\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-24 16:05 . 2009-06-12 17:44 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 17:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-12 17:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-12 17:44 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-15 14:17 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 14:17 24064 ----a-w- c:\windows\system32\amxread.dll
2003-01-13 15:20 . 2003-01-13 15:20 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 20:00 . 1999-04-30 20:00 98304 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-22 1862144]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"AVG_CC"="c:\progra~1\Grisoft\AVG6\avgcc32.exe" [2004-05-18 345661]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-10 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-10 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{474FEE63-388E-4A55-B5ED-EAA00F7B086D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA9FA35B-7640-4B8A-B286-A6EF5492C6BA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A6C94682-B99A-4A89-9F83-267D29A7A275}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB8EEEBA-D6E5-4BE0-9695-17BB47449F8F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1A35FEE3-CAF1-4CEF-8004-8C4B6605D8FC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC4E8D3A-A389-41F1-9BCC-81F2EB23F2E6}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3240F517-A25F-49C1-AF76-2E8EB33E3D54}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B9A42C40-02D7-47ED-B612-D53E2A17E3B0}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{41DC2591-3AAD-4253-A798-E45256A95627}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{7129B4E1-6116-455D-8261-AA91642AF059}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ADEA8488-4B38-4318-ADE5-EDEA8242780A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{BE4E6BEA-F1D8-41D6-B6DD-C410C6AA987D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{01A9ECE6-4F39-4363-8A3D-299025920F4F}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8C575C6C-BC1B-4864-AC15-B42E2AE90AEC}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{53429096-F3BA-4341-80EF-31E3169806E7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F70A85CA-DADB-4D91-9FE6-004759BB8C2E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9EF0F094-8B38-4757-8364-154D3719A5C9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{520C5944-6152-4472-A345-21C1385F7823}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{64CCE7D8-CFC6-472F-9C97-F185DEE8311D}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{B37607F3-5500-40C7-95E4-104685376D40}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{D5667CDD-A0D0-4372-B4A4-90E3229CE375}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{82B93D1F-8173-4801-96BB-C23A32F356F2}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{7F0D3255-F1B3-4D15-91BE-5FA21126ED65}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{8B7C7354-DD30-41E3-AABB-2E90D638A64D}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [6/12/2009 6:44 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/12/2009 2:55 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/12/2009 2:55 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/12/2009 2:55 PM 298776]
R2 AvgCore;AVG6 Kernel;c:\progra~1\Grisoft\AVG6\avgcore.sys [2/28/2009 9:59 AM 456416]
R2 AvgFsh;AVG6 Rezident Driver;c:\progra~1\Grisoft\AVG6\avgfsh.sys [2/28/2009 9:59 AM 19136]
R2 AvgServ;AVG6 Service;c:\progra~1\Grisoft\AVG6\avgserv.exe [2/28/2009 9:59 AM 20480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/19/2008 7:24 PM 24652]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/22/2007 3:53 PM 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [8/30/2007 12:13 PM 252416]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [6/12/2009 6:33 PM 40160]
S3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [3/28/2007 10:51 AM 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{41F506A0-35CD-4C59-B738-3C81F1F443B5}.job
- c:\windows\system32\msfeedssync.exe [2008-06-13 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Cue\AppData\Roaming\Mozilla\Firefox\Profiles\llrrc96o.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Cue\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 12:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????w?<? h??? [???[[email protected]?[?X?[?p?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-06-13 12:56
ComboFix-quarantined-files.txt 2009-06-13 16:56

Pre-Run: 128,868,487,168 bytes free
Post-Run: 128,948,011,008 bytes free

236 --- E O F --- 2009-06-13 07:09
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    c:\windows\hqfh71418.exe
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#8
alwaysoncue

alwaysoncue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
========== FILES ==========
c:\windows\hqfh71418.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Cue\AppData\Local\temp\Low\~DFF6EE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.

OTL by OldTimer - Version 2.1.1.0 log created on 06142009_162615

Files moved on Reboot...
C:\Users\Cue\AppData\Local\temp\Low\~DFF6EE.tmp moved successfully.

Registry entries deleted on Reboot...
  • 0

#9
alwaysoncue

alwaysoncue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes' Anti-Malware 1.37
Database version: 2268
Windows 6.0.6001 Service Pack 1

6/14/2009 8:03:57 PM
mbam-log-2009-06-14 (20-03-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 318487
Time elapsed: 3 hour(s), 25 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Adware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runit (Adware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\program files\ietoolbar\bullseye tool bar\tbhelper.dll.vir (Adware.BullseyeToolbar) -> No action taken.
c:\Qoobox\quarantine\C\program files\runit\runit_32.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\sqdn1023.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\System32\SKYNETgkqfwxwe.dll.vir (Trojan.TDSS) -> No action taken.
C:\Windows\kdiue732.txt (Malware.Trace) -> No action taken.
  • 0

#10
alwaysoncue

alwaysoncue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes' Anti-Malware 1.37
Database version: 2268
Windows 6.0.6001 Service Pack 1

6/14/2009 8:06:21 PM
mbam-log-2009-06-14 (20-06-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 318487
Time elapsed: 3 hour(s), 25 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runit (Adware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\program files\ietoolbar\bullseye tool bar\tbhelper.dll.vir (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\runit\runit_32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\sqdn1023.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\System32\SKYNETgkqfwxwe.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Windows\kdiue732.txt (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#11
alwaysoncue

alwaysoncue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 6/14/2009 8:19:03 PM - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Cue\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.21% Memory free
3.99 Gb Paging File | 2.89 Gb Available in Paging File | 72.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 117.93 Gb Free Space | 63.80% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CUELAPTOP
Current User Name: Cue
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG6\avgserv.exe (GRISOFT© SOFTWARE s.r.o)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Grisoft\AVG6\avgcc32.exe (GRISOFT s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe ()
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Users\Cue\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AvgServ [Auto | Running]) -- C:\Program Files\Grisoft\AVG6\avgserv.exe (GRISOFT© SOFTWARE s.r.o)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [Auto | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (pinger [Auto | Running]) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Swupdtmr [Auto | Running]) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AvgCore [Auto | Running]) -- C:\Program Files\Grisoft\AVG6\avgcore.sys (GRISOFT, s.r.o.)
DRV - (AvgFsh [Auto | Running]) -- C:\Program Files\Grisoft\AVG6\avgfsh.sys (GRISOFT, s.r.o.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HPFXBULK [On_Demand | Stopped]) -- C:\Windows\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KR10I [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR3NPXP [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (RTL8187B [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosrfec [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winbondcir [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/12 14:55:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/27 01:59:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/27 01:59:24 | 00,000,000 | ---D | M]

[2008/10/31 21:54:15 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Extensions
[2008/10/31 21:54:15 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/10/31 21:54:15 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Firefox\Profiles\iy6x0ovo.default\extensions
[2009/06/13 13:11:26 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Firefox\Profiles\llrrc96o.default\extensions
[2009/06/09 16:00:51 | 00,000,000 | ---D | M] -- C:\Users\Cue\AppData\Roaming\mozilla\Firefox\Profiles\llrrc96o.default\extensions\[email protected]
[2008/10/31 21:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/27 01:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/27 01:59:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/27 01:59:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/27 01:59:15 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/27 01:59:15 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/27 01:59:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/27 01:59:15 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/27 01:59:15 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/27 01:59:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP (GRISOFT s.r.o.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (Electronic Arts)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\wshtcpip.dll,-60103] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [NTDS] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\system32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\system32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 22:57:16 | 00,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 18:22:16 | 00,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{664f6513-5710-11dc-9f27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{664f6513-5710-11dc-9f27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 22:57:16 | 00,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/14 20:03:57 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/06/14 16:26:15 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/06/13 19:43:53 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/13 19:43:52 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/13 19:43:52 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/13 19:43:52 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/13 19:43:51 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/06/13 18:12:49 | 00,001,711 | ---- | C] () -- C:\Users\Cue\Desktop\LimeWire 5.1.3.lnk
[2009/06/13 12:56:30 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/06/13 12:36:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/06/13 12:36:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/06/13 12:36:31 | 00,155,136 | ---- | C] () -- C:\Windows\PEV.exe
[2009/06/13 12:36:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/06/13 12:36:31 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/06/13 12:36:31 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/06/13 12:36:31 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/06/13 12:36:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/06/13 12:36:02 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/06/13 12:36:01 | 00,000,000 | --SD | C] -- C:\CF2
[2009/06/13 12:35:09 | 03,022,899 | R--- | C] () -- C:\Users\Cue\Desktop\CF2.exe
[2009/06/13 12:34:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/13 12:33:54 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/06/12 20:24:06 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Cue\Desktop\OTL.exe
[2009/06/12 20:22:44 | 00,286,208 | ---- | C] () -- C:\Users\Cue\Desktop\uit845f4.exe
[2009/06/12 18:53:49 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/06/12 18:44:56 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2009/06/12 18:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/06/12 18:34:01 | 00,000,000 | ---D | C] -- C:\Users\Cue\AppData\Roaming\Malwarebytes
[2009/06/12 18:33:59 | 00,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 18:33:56 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/12 18:33:55 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/12 18:33:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/12 18:33:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/12 18:12:23 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/06/12 18:12:15 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2009/06/12 18:12:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STKIT432.DLL
[2009/06/12 18:12:13 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/06/12 16:12:08 | 00,001,885 | ---- | C] () -- C:\Users\Cue\Desktop\HijackThis.lnk
[2009/06/12 16:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/12 14:56:28 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/12 14:55:45 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/06/12 14:55:45 | 00,001,658 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/06/12 14:55:44 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/06/12 14:55:35 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/06/12 14:55:34 | 37,117,043 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/12 14:55:34 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/06/12 14:55:34 | 00,434,673 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/06/12 14:55:34 | 00,077,437 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/12 14:55:34 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/06/12 14:55:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/06/12 14:55:26 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/06/12 13:45:02 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/12 13:45:00 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/12 13:44:28 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/12 13:44:19 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/12 13:44:12 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/12 13:44:11 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/12 13:44:11 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/12 13:44:10 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/12 13:44:10 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/12 13:44:10 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/12 13:44:08 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/12 13:44:07 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/12 13:44:07 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/12 13:44:07 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/06/12 13:44:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/12 13:44:06 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/12 13:44:05 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/12 13:44:04 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/11 18:22:45 | 00,026,112 | ---- | C] () -- C:\Users\Cue\Desktop\epms.doc
[2009/06/09 13:33:36 | 00,026,112 | ---- | C] () -- C:\Users\Cue\Desktop\wahm lwtter.doc
[2009/06/09 10:10:32 | 00,006,970 | ---- | C] () -- C:\Users\Cue\Desktop\photo.jpg
[2009/06/08 17:20:04 | 00,366,497 | ---- | C] () -- C:\Users\Cue\Desktop\Longview.JPG
[2009/06/02 17:22:08 | 00,000,000 | ---D | C] -- C:\Users\Cue\Documents\Electronic Arts
[2009/06/02 17:18:33 | 00,000,935 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2009/06/02 17:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/06/02 17:18:00 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/06/02 17:17:55 | 00,001,859 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2009/06/02 16:55:59 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/05/30 13:03:06 | 00,031,744 | ---- | C] () -- C:\Users\Cue\Desktop\games.doc
[2009/05/24 16:22:50 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/24 16:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/24 16:22:00 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/24 16:22:00 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/20 21:14:39 | 00,032,768 | ---- | C] () -- C:\Users\Cue\Desktop\insurance.doc
[2009/05/20 13:35:47 | 00,013,824 | ---- | C] () -- C:\Users\Cue\Desktop\bills.xls
[2009/05/18 15:30:38 | 00,000,000 | ---D | C] -- C:\safgv180
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/04/21 06:45:46 | 00,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/10 15:16:11 | 00,000,862 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008/01/02 20:38:12 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 20:38:11 | 00,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2008/01/02 20:38:07 | 00,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2007/08/22 16:33:11 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/22 16:18:54 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/22 16:18:54 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/22 16:18:54 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/22 16:18:54 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/22 16:18:54 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/22 16:18:54 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/22 15:49:10 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/22 15:49:10 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/22 15:49:10 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/22 15:49:10 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/22 15:45:08 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/28 02:26:30 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/05 16:05:04 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/06 19:42:56 | 00,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll
[2006/03/09 13:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/06/14 20:08:47 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/14 20:08:47 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/14 20:08:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/14 20:08:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/14 16:56:38 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{41F506A0-35CD-4C59-B738-3C81F1F443B5}.job
[2009/06/14 16:21:17 | 37,117,043 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/14 16:21:17 | 00,077,437 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/13 19:28:57 | 00,111,856 | ---- | M] () -- C:\Users\Cue\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/06/13 18:12:49 | 00,001,711 | ---- | M] () -- C:\Users\Cue\Desktop\LimeWire 5.1.3.lnk
[2009/06/13 16:16:14 | 00,002,838 | ---- | M] () -- C:\Windows\machine.ver
[2009/06/13 12:54:11 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/06/13 12:35:25 | 03,022,899 | R--- | M] () -- C:\Users\Cue\Desktop\CF2.exe
[2009/06/13 03:18:22 | 00,374,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/12 20:24:13 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Cue\Desktop\OTL.exe
[2009/06/12 20:23:20 | 00,286,208 | ---- | M] () -- C:\Users\Cue\Desktop\uit845f4.exe
[2009/06/12 19:00:05 | 00,000,052 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.idx
[2009/06/12 18:33:59 | 00,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 17:11:31 | 00,001,885 | ---- | M] () -- C:\Users\Cue\Desktop\HijackThis.lnk
[2009/06/12 14:55:45 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/06/12 14:55:45 | 00,001,658 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/06/12 14:55:44 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/06/12 14:55:35 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/06/12 14:55:34 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/06/12 14:55:34 | 00,434,673 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/06/12 14:55:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/06/11 18:22:47 | 00,026,112 | ---- | M] () -- C:\Users\Cue\Desktop\epms.doc
[2009/06/09 17:13:26 | 00,026,112 | ---- | M] () -- C:\Users\Cue\Desktop\wahm lwtter.doc
[2009/06/09 10:10:32 | 00,006,970 | ---- | M] () -- C:\Users\Cue\Desktop\photo.jpg
[2009/06/08 17:20:04 | 00,366,497 | ---- | M] () -- C:\Users\Cue\Desktop\Longview.JPG
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\Windows\PEV.exe
[2009/06/05 19:35:46 | 00,013,824 | ---- | M] () -- C:\Users\Cue\Desktop\bills.xls
[2009/06/04 07:57:58 | 00,000,935 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2009/06/02 17:17:55 | 00,001,859 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/30 13:44:57 | 00,031,744 | ---- | M] () -- C:\Users\Cue\Desktop\games.doc
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/24 16:22:50 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/24 16:17:33 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/05/20 21:14:40 | 00,032,768 | ---- | M] () -- C:\Users\Cue\Desktop\insurance.doc
[2009/05/18 15:11:57 | 00,709,154 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/18 15:11:57 | 00,608,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/18 15:11:57 | 00,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#13
alwaysoncue

alwaysoncue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Scan
----
Scanned: 679017
Detected: 0
Untreated: 0
Start time: 6/17/2009 9:21:23 AM
Duration: 09:15:37
Finish time: 6/17/2009 6:37:00 PM


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good how are things running?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP