Vista Defender Pro [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Vista Defender Pro [Closed] malware

#1 MannyRay

Group: Member
Posts: 7
Joined: 17-March 10

Posted 17 March 2010 - 05:55 AM

Hi there

I have recently been attacked by a piece of malware that has taken over the windows security system on my laptop. Where the default security system once was is now a fake security system calling itself Vista Defender Pro. This tells me i have numerous viruses, though after scanning my system with Norton antivirus (my primary antivirus software) i can definitely see that i have no viruses. How can i remove this malware from my system?

I would really appreciate your help

#2 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 17 March 2010 - 12:35 PM

Hello MannyRay and welcome to GeeksToGo

I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
Please do no attach logs or post them in Quote/Code boxes unless requested.
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
If in doubt about anything, please ask.

Please follow these steps.

-- Step 1 --

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked. UNCHECK the following boxes
- Sections
- IAT/EAT
- Drives/Partition other than System drive (typically C:\)
- Show all (important)
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

#3 MannyRay

Group: Member
Posts: 7
Joined: 17-March 10

Posted 17 March 2010 - 05:32 PM

--------------------OTL.Txt--------------------
OTL logfile created on: 17/03/2010 23:05:47 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\Priceybabes\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.45 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73.06 Gb Total Space | 72.97 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVIDS-LAPTOP
Current User Name: Priceybabes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Priceybabes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Priceybabes\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (CTUPnPSv) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100316.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100316.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (btaudio) -- C:\Windows\System32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\Windows\System32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\Windows\System32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\Windows\System32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\Windows\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - Startup: C:\Users\Priceybabes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Priceybabes\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Priceybabes\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 11:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/03/17 23:03:51 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Users\Priceybabes\Desktop\OTL.exe
[2010/03/17 03:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010/03/11 23:39:53 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 23:39:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/24 10:32:54 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 10:32:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 10:31:39 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 10:31:38 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 10:31:38 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 10:31:38 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 10:31:38 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 10:31:37 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 10:31:37 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 10:31:37 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 10:31:37 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 04:27:49 | 000,000,000 | ---D | C] -- C:\Users\Priceybabes\AppData\Roaming\Malwarebytes
[2010/02/24 04:27:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/24 04:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/24 04:27:39 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/24 04:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/21 11:35:15 | 000,000,000 | ---D | C] -- C:\Users\Priceybabes\Documents\Pes Editor 2010
[2010/02/20 12:05:17 | 000,000,000 | ---D | C] -- C:\Users\Priceybabes\AppData\Local\ElevatedDiagnostics
[2010/02/20 12:03:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/02/20 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2009/01/12 20:56:11 | 000,074,432 | ---- | C] (GSC Game World) -- C:\Program Files\ddraw.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/17 23:04:32 | 003,407,872 | -HS- | M] () -- C:\Users\Priceybabes\ntuser.dat
[2010/03/17 23:03:57 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\Priceybabes\Desktop\OTL.exe
[2010/03/17 22:53:18 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/17 22:52:40 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/17 22:50:12 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 22:50:12 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 22:50:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/17 22:50:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/17 22:49:58 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/17 20:24:45 | 003,102,589 | -H-- | M] () -- C:\Users\Priceybabes\AppData\Local\IconCache.db
[2010/03/17 19:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/17 10:33:09 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{495223FD-5B82-4432-98DA-DFB54B6A4544}.job
[2010/03/16 23:56:19 | 000,000,358 | ---- | M] () -- C:\Users\Priceybabes\Desktop\fix.reg
[2010/03/01 13:22:49 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/01 13:22:49 | 000,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/01 13:22:49 | 000,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/01 12:06:28 | 000,002,595 | ---- | M] () -- C:\Users\Priceybabes\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/02/28 21:45:09 | 000,002,627 | ---- | M] () -- C:\Users\Priceybabes\Desktop\Microsoft Office Word 2007.lnk
[2010/02/24 13:28:57 | 000,074,928 | ---- | M] () -- C:\Users\Priceybabes\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 13:25:50 | 000,294,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/20 23:54:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/20 23:51:43 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/20 12:02:03 | 002,555,904 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/02/20 12:02:03 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/02/20 12:02:02 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/16 23:56:19 | 000,000,358 | ---- | C] () -- C:\Users\Priceybabes\Desktop\fix.reg
[2010/02/20 12:01:39 | 002,555,904 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/02/20 12:01:39 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/02/20 12:01:39 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2009/09/07 13:11:06 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/07 13:11:05 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/07 10:35:33 | 000,000,244 | ---- | C] () -- C:\Windows\RomeTW Demo.ini
[2009/01/13 15:35:20 | 000,424,468 | ---- | C] () -- C:\Program Files\Over The Hills And Far Away.ra
[2009/01/13 15:35:20 | 000,367,836 | ---- | C] () -- C:\Program Files\Sharpe's Theme.ra
[2009/01/13 15:35:20 | 000,042,988 | ---- | C] () -- C:\Program Files\Credits.jpg
[2009/01/13 15:35:20 | 000,033,826 | ---- | C] () -- C:\Program Files\Richard Sharpe.jpg
[2009/01/13 15:35:20 | 000,033,699 | ---- | C] () -- C:\Program Files\Sharpe - Badajoz.jpg
[2009/01/13 15:35:20 | 000,027,794 | ---- | C] () -- C:\Program Files\Chosen Men0.jpg
[2009/01/13 15:35:20 | 000,026,896 | ---- | C] () -- C:\Program Files\My Name is Sharpe.ra
[2009/01/13 15:35:20 | 000,026,200 | ---- | C] () -- C:\Program Files\Fight dirty.ra
[2009/01/13 15:35:20 | 000,025,694 | ---- | C] () -- C:\Program Files\Chosen Men2.jpg
[2009/01/13 15:35:20 | 000,025,565 | ---- | C] () -- C:\Program Files\frederickson.jpg
[2009/01/13 15:35:20 | 000,022,384 | ---- | C] () -- C:\Program Files\Captain Richard Sharpe.ra
[2009/01/13 15:35:20 | 000,020,669 | ---- | C] () -- C:\Program Files\tongue.jpg
[2009/01/13 15:35:20 | 000,020,350 | ---- | C] () -- C:\Program Files\Sharpe & Harper.jpg
[2009/01/13 15:35:20 | 000,019,240 | ---- | C] () -- C:\Program Files\Tea and bed.ra
[2009/01/13 15:35:20 | 000,018,892 | ---- | C] () -- C:\Program Files\Bridge to blow up.ra
[2009/01/13 15:35:20 | 000,018,402 | ---- | C] () -- C:\Program Files\Harper.jpg
[2009/01/13 15:35:20 | 000,018,305 | ---- | C] () -- C:\Program Files\Chosen Men1.jpg
[2009/01/13 15:35:20 | 000,016,804 | ---- | C] () -- C:\Program Files\Soldier not spying.ra
[2009/01/13 15:35:20 | 000,015,412 | ---- | C] () -- C:\Program Files\Back to barracks.ra
[2009/01/13 15:35:20 | 000,014,691 | ---- | C] () -- C:\Program Files\Sharpe & Jane.jpg
[2009/01/13 15:35:20 | 000,014,450 | ---- | C] () -- C:\Program Files\cooper1.jpg
[2009/01/13 15:35:20 | 000,014,368 | ---- | C] () -- C:\Program Files\Nil Desperandum.ra
[2009/01/13 15:35:20 | 000,014,341 | ---- | C] () -- C:\Program Files\harper1.jpg
[2009/01/13 15:35:20 | 000,014,020 | ---- | C] () -- C:\Program Files\Freedom to starve.ra
[2009/01/13 15:35:20 | 000,013,672 | ---- | C] () -- C:\Program Files\Rifles make ready.ra
[2009/01/13 15:35:20 | 000,013,591 | ---- | C] () -- C:\Program Files\perkins.jpg
[2009/01/13 15:35:20 | 000,013,554 | ---- | C] () -- C:\Program Files\Sharpe.hlp
[2009/01/13 15:35:20 | 000,013,397 | ---- | C] () -- C:\Program Files\harris1.jpg
[2009/01/13 15:35:20 | 000,012,793 | ---- | C] () -- C:\Program Files\hagman1.jpg
[2009/01/13 15:35:20 | 000,012,628 | ---- | C] () -- C:\Program Files\French.ra
[2009/01/13 15:35:20 | 000,012,175 | ---- | C] () -- C:\Program Files\Cooper.jpg
[2009/01/13 15:35:20 | 000,011,814 | ---- | C] () -- C:\Program Files\Harris.jpg
[2009/01/13 15:35:20 | 000,011,584 | ---- | C] () -- C:\Program Files\You speak.ra
[2009/01/13 15:35:20 | 000,011,496 | ---- | C] () -- C:\Program Files\Wellington.jpg
[2009/01/13 15:35:20 | 000,010,602 | ---- | C] () -- C:\Program Files\Sharpe & Lucille.jpg
[2009/01/13 15:35:20 | 000,010,536 | ---- | C] () -- C:\Program Files\Hagman.jpg
[2009/01/13 15:35:20 | 000,009,844 | ---- | C] () -- C:\Program Files\Miranda.ra
[2009/01/13 15:35:20 | 000,009,844 | ---- | C] () -- C:\Program Files\Methodist.ra
[2009/01/13 15:35:20 | 000,001,686 | ---- | C] () -- C:\Program Files\Readme.txt
[2009/01/13 15:35:20 | 000,000,157 | ---- | C] () -- C:\Program Files\Sharpe.cnt
[2009/01/12 21:12:03 | 000,000,552 | ---- | C] () -- C:\Users\Priceybabes\AppData\Local\d3d8caps.dat
[2009/01/12 20:56:11 | 000,000,505 | ---- | C] () -- C:\Program Files\ReadMe_RU.txt
[2009/01/12 20:56:11 | 000,000,487 | ---- | C] () -- C:\Program Files\ReadMe_EN.txt
[2009/01/12 18:59:36 | 000,008,654 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/12/31 01:17:02 | 000,000,334 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/30 23:45:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/11/04 18:09:48 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/09 18:09:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/10/09 18:03:00 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2007/10/07 18:20:50 | 000,048,128 | ---- | C] () -- C:\Users\Priceybabes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/07 17:17:49 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/03/07 17:17:49 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/03/07 17:17:49 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/03/07 17:17:49 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/03/07 17:17:49 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/03/07 17:17:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/03/07 17:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/03/07 16:47:02 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/03/07 16:47:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/03/07 16:47:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/03/07 16:47:02 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/07 16:33:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/07 15:52:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
[2005/11/23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/06/14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/10/27 10:19:40 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Adobe
[2007/10/07 17:52:02 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\AdobeUM
[2009/03/12 14:23:04 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Apple Computer
[2009/10/27 10:20:29 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/08/27 12:04:05 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\CameraWindowDC
[2009/12/01 23:11:09 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Canon
[2009/04/07 09:37:06 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\CANON INC
[2009/10/09 11:08:49 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Creative
[2009/03/23 02:41:23 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\EPSON
[2009/03/07 11:09:00 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\GetRightToGo
[2007/10/29 19:54:46 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Hemera
[2007/10/07 15:59:17 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Identities
[2008/01/18 14:33:48 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\InterVideo
[2008/08/25 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Macromedia
[2010/02/24 04:27:49 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Malwarebytes
[2006/11/02 12:37:34 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Media Center Programs
[2008/12/31 11:38:55 | 000,000,000 | --SD | M] -- C:\Users\Priceybabes\AppData\Roaming\Microsoft
[2008/11/07 23:21:11 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\NCH Software
[2008/11/07 23:13:59 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\NCH Swift Sound
[2008/08/24 01:38:02 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Philips Device Manager
[2008/11/04 18:09:33 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\ScanSoft
[2010/02/24 13:48:34 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Spotify
[2009/01/12 20:25:00 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Symantec
[2010/02/20 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Toshiba
[2008/02/04 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\Ulead Systems
[2009/08/27 12:13:23 | 000,000,000 | ---D | M] -- C:\Users\Priceybabes\AppData\Roaming\ZoomBrowser EX

< %APPDATA%\*.exe /s >
[2009/11/01 12:06:51 | 015,840,168 | ---- | M] () -- C:\Users\Priceybabes\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
[2007/08/29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Priceybabes\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
[2008/04/02 18:07:14 | 002,613,088 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Setup.exe
[2008/02/19 23:03:53 | 000,778,080 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Stub.exe
[2008/01/25 23:57:36 | 000,031,576 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\FWCfg.exe
[2008/01/19 01:43:28 | 001,250,656 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH32\COH32.exe
[2008/01/19 01:58:48 | 001,996,336 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH64\COH64.exe
[2008/02/26 14:50:42 | 000,448,352 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\MainStub.exe
[2008/02/26 14:50:42 | 000,370,528 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\NSWRedir.exe
[2008/02/26 14:50:44 | 000,988,512 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\osCheck.exe
[2008/02/26 14:50:44 | 000,404,320 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\ScanStub.exe
[2008/02/26 14:50:46 | 000,972,640 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\tpNetMap.exe
[2008/02/25 05:21:32 | 000,096,424 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\WSCStub.exe
[2008/02/21 22:49:04 | 000,051,576 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\HSLoader.exe
[2008/02/21 22:49:08 | 000,036,728 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\isUAC.exe
[2008/02/21 22:49:14 | 000,042,360 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLULdr.exe
[2008/02/21 22:49:16 | 000,082,808 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLUStb.exe
[2008/02/24 00:41:38 | 000,423,304 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\cltUAC.exe
[2008/02/24 00:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SSAutoRN.exe
[2008/02/24 00:41:28 | 000,611,712 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SYMCUW.exe
[2008/01/22 22:09:02 | 002,368,888 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\IDS\IdsInst.exe
[2008/02/07 06:49:36 | 000,443,760 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\SecHist\MCUI32.exe
[2007/08/22 08:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN\comHost.exe
[2007/08/22 08:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN64\comHost.exe
[2008/02/24 00:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\OPC\SSAutoRN.exe
[2008/01/30 20:55:54 | 001,279,368 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\pifCrawl.exe
[2008/01/30 20:55:34 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\PIFSvc.exe
[2008/01/25 17:16:59 | 001,022,848 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Supp64\SEVINST\Sevntx64.exe
[2008/02/26 08:34:20 | 000,137,568 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Backup\Backup\buDump.exe
[2008/02/18 19:37:38 | 000,051,048 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccApp.exe
[2008/02/18 19:37:40 | 000,056,168 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccEvtMgr.exe
[2008/02/18 19:37:10 | 000,268,648 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccLgView.exe
[2008/02/18 19:37:18 | 000,046,440 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSetMgr.exe
[2008/02/18 19:37:54 | 000,876,392 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSEUPDT.exe
[2008/02/18 19:37:20 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSvcHst.exe
[2008/02/21 22:02:33 | 000,152,952 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUNOTIF.EXE
[2008/02/21 22:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUSDSVC.EXE
[2008/02/21 22:02:34 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\AUPDATE.EXE
[2008/02/21 22:03:06 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LSETUP.EXE
[2008/02/21 22:02:38 | 000,873,848 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUALL.EXE
[2008/02/21 22:02:46 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCBPRXY.EXE
[2008/02/21 22:03:06 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCheck.exe
[2008/02/21 22:02:44 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCOMSVR.EXE
[2008/02/21 22:02:40 | 000,804,216 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LuConfig.EXE
[2008/02/21 22:02:42 | 000,016,760 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\NotifyHA.exe
[2005/05/19 21:50:36 | 002,584,848 | ---- | M] (Microsoft Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\MSI\wiupdate.exe
[2008/02/24 02:08:52 | 000,382,320 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\COExport.exe
[2008/02/24 02:08:18 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\coVisPrx.exe
[2007/11/30 00:15:06 | 000,288,088 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe
[2008/02/19 23:03:58 | 000,160,112 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Remover\Remover.exe
[2008/02/19 23:03:51 | 000,990,056 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Reporter\Reporter.exe
[2008/01/25 17:16:58 | 000,832,896 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SEVINST\SEVINST.EXE
[2008/01/26 08:27:32 | 000,661,896 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe
[2008/02/19 23:03:49 | 000,687,976 | ---- | M] (Symantec Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SymLnch\SymLnch.exe
[2007/02/13 03:10:44 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist32.exe
[2007/02/13 03:10:44 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Users\Priceybabes\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist64.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/25 21:50:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/10/25 21:50:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/10/25 21:50:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/10/25 21:50:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2007/01/18 14:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys
[2007/01/18 14:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys
[2007/01/18 14:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\drivers\KR10N.sys
[2007/01/18 14:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_95888b8d\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 09:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 07:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 09:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 09:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/10/25 21:34:21 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/03/07 15:58:46 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/03/07 15:58:45 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/03/07 15:58:47 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/03/07 15:58:55 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/03/07 15:58:57 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< End of report >

--------------------Extras.Txt--------------------
OTL Extras logfile created on: 17/03/2010 23:05:47 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\Priceybabes\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.45 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73.06 Gb Total Space | 72.97 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVIDS-LAPTOP
Current User Name: Priceybabes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{223B79AF-EA79-467B-B242-CCDA7FD057A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{268D9152-5A96-4925-AF84-18F616D9643A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39A80B96-3D3B-4488-9E9E-2A536C96D1D0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{51D972E4-2729-453F-A306-6D96D44ECC69}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67B55CF9-6D40-4D64-94ED-099500F04134}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{67BE0408-9E6B-4DBC-975E-1EDA02BE41AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AD53B834-2FBF-4F62-A011-A7BCC6D26B7D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4E759FD-1D58-460F-BB19-F03AB475F3FF}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{F7A230A9-6580-484D-B25E-2314D7CBCF5E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FE060D2D-DBD2-4D71-BD1E-BF4AD6D4DB13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0900B4D5-B94A-4B08-9EB6-03C9D61D2975}" = Rome - Total War™ Demo
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EC1C320-2232-11D5-9B09-FB8303A8EE1B}" = Sharpe Screen Saver
"{60451544-C17E-4057-9273-5F10176472BD}" = Creative ZEN X-Fi Video Converter
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3599AD-23F9-4CF4-9BA2-148850B80277}" = SymNet
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}" = iTunes
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"American Conquest" = American Conquest
"American Conquest - Divided Nation" = American Conquest - Divided Nation
"American Conquest Fight Back" = American Conquest Fight Back
"Applian FLV Player2.0.24" = Applian FLV Player
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP220 series User Registration" = Canon MP220 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cossacks : Back To War" = Cossacks - Back To War
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"Creative Centrale" = Creative Centrale
"Creative ZEN X-Fi Video Converter" = Creative ZEN X-Fi Video Converter
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 User's Guide" = ESDX6000_CX5900 User's Guide
"EW : Cossacks" = Cossacks - European Wars
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{0900B4D5-B94A-4B08-9EB6-03C9D61D2975}" = Rome - Total War™ Demo
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{471BB1D9-6F59-4093-B46D-373772D5C111}" = Far Cry Demo
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lemonade Tycoon_is1" = Lemonade Tycoon
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MaxDrive PS2" = MaxDrive PS2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"myphotobook" = myphotobook 3.1
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PS2 EyeToy SLEH-00031 Webcam" = PS2 EyeToy SLEH-00031 Webcam
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spotify" = Spotify
"Switch" = Switch Sound File Converter
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"XviD_is1" = XviD 1.1 final uninstall
"ZENX-FI" = Creative ZEN X-Fi User's Guide
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/08/2009 16:31:25 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 21/08/2009 17:05:06 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 21/08/2009 17:31:25 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 22/08/2009 08:57:32 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 22/08/2009 09:02:31 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 22/08/2009 09:05:05 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 22/08/2009 10:02:32 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 22/08/2009 10:05:05 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 22/08/2009 11:02:31 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

Error - 22/08/2009 11:05:05 | Computer Name = Davids-laptop | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 16/03/2010 19:07:29 | Computer Name = Davids-laptop | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 16/03/2010 19:07:29 | Computer Name = Davids-laptop | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 16/03/2010 19:07:29 | Computer Name = Davids-laptop | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 17/03/2010 13:04:24 | Computer Name = Davids-laptop | Source = DCOM | ID = 10010
Description =

Error - 17/03/2010 13:09:10 | Computer Name = Davids-laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 17/03/2010 16:25:21 | Computer Name = Davids-laptop | Source = DCOM | ID = 10010
Description =

Error - 17/03/2010 18:51:09 | Computer Name = Davids-laptop | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did
not allow the name to be claimed by this computer.

Error - 17/03/2010 18:51:44 | Computer Name = Davids-laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 17/03/2010 18:56:19 | Computer Name = Davids-laptop | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did
not allow the name to be claimed by this computer.

Error - 17/03/2010 19:01:30 | Computer Name = Davids-laptop | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did
not allow the name to be claimed by this computer.

< End of report >

#4 MannyRay

Group: Member
Posts: 7
Joined: 17-March 10

Posted 17 March 2010 - 06:08 PM

---------------------GMER----------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 00:04:57
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\PRICEY~1\AppData\Local\Temp\fxliikoc.sys

---- System - GMER 1.0.15 ----

SSDT 8680B4C0 ZwAlertResumeThread
SSDT 8680B5A0 ZwAlertThread
SSDT 86809070 ZwAllocateVirtualMemory
SSDT 86764240 ZwAlpcConnectPort
SSDT 8680B210 ZwCreateMutant
SSDT 8680BDB8 ZwCreateThread
SSDT 8680AE30 ZwDebugActiveProcess
SSDT 868092C8 ZwFreeVirtualMemory
SSDT 8680B300 ZwImpersonateAnonymousToken
SSDT 8680B3E0 ZwImpersonateThread
SSDT 867ECF28 ZwMapViewOfSection
SSDT 8680B130 ZwOpenEvent
SSDT 86809C20 ZwOpenProcessToken
SSDT 867EC008 ZwOpenThreadToken
SSDT 867F1BA8 ZwResumeThread
SSDT 867EC1F0 ZwSetContextThread
SSDT 867ECDD0 ZwSetInformationProcess
SSDT 867EC100 ZwSetInformationThread
SSDT 8680AF10 ZwSuspendProcess
SSDT 8680B6E8 ZwSuspendThread
SSDT 86802418 ZwTerminateProcess
SSDT 8680B7C8 ZwTerminateThread
SSDT 867EAF78 ZwUnmapViewOfSection
SSDT 86809398 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Thanks for helping me with this

#5 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 18 March 2010 - 01:35 AM

Hi,

Please follow these steps.

-- Step 1 --

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 2 --

Run Malwarebytes' Anti-Malware.

Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
Select the Scanner tab, select "Perform Quick Scan", then click Scan
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

Download avz4.zip from HERE

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#6 MannyRay

Group: Member
Posts: 7
Joined: 17-March 10

Posted 20 March 2010 - 10:55 AM

Here is the log from malwarebytes scan:

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 6.0.6000
Internet Explorer 8.0.6001.18882

20/03/2010 13:20:42
mbam-log-2010-03-20 (13-20-42).txt

Scan type: Quick Scan
Objects scanned: 118055
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here are the AVZ results:

virusinfo_syscheck.zip (23.17K)
Number of downloads: 52

virusinfo_syscure.zip (24.18K)
Number of downloads: 51

#7 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 20 March 2010 - 12:39 PM

Hi,

Can you please give me an update on the problems you are having.

#8 MannyRay

Group: Member
Posts: 7
Joined: 17-March 10

Posted 20 March 2010 - 05:20 PM

Hi there,

I think the malware is gone. Dont really understand how. Did try a number of scan and removal techniques before finding this site. Though everything seems ok, the one thing that does seem strange is that my disc drive isnt always appearing on mycomputer. I dont know the reason for this and it doesnt seem to have any pattern. Sometimes i turn it on and its there and sometimes its not. Also the security centre that was infected by virus is turned off atm. Should i activate it again and have a look?

Thanks again for your help with this. Do the virus logs look ok then?

#9 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 20 March 2010 - 05:27 PM

Hi,

Go ahead and activate the security centre. I'm not seeing much in the logs. If the security centre is OK, we'll carry on and run a thorough scan of your system.

#10 MannyRay

Group: Member
Posts: 7
Joined: 17-March 10

Posted 20 March 2010 - 05:32 PM

There appears to be nothing wrong with windows security centre now

#11 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 20 March 2010 - 05:34 PM

Let's run a thorough scan then. This may take a few hours.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on Settings
In the scan settings, select the following:
- Scan using the following Anti-Virus database:
- Scan Options:
Click Save
Now under Scan
This will start the scanning of your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on View Report and then Save Report
Save the file to your desktop as a text file.
Copy and paste that information in your next post.

#12 MannyRay

Group: Member
Posts: 7
Joined: 17-March 10

Posted 20 March 2010 - 05:41 PM

ok thanks for the advice. May not be able to do this for a couple of days though as wont have internet for my laptop.

#13 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 20 March 2010 - 05:43 PM

OK. Thank's for letting me know

#14 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 30 March 2010 - 01:09 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Vista Defender Pro [Closed] - Geeks to Go Forums