Inactive svchost - taskbar turns grey,random tabs open, no internet

Raf18 · 2010/08/06

[Inactive] svchost - taskbar turns grey,random tabs open, no internet

Hi. Recently, once i had turned on my PC, the taskbar turned grey to the old classic presentation, followed by a loss of internet connection only on this pc. This happens around 15mins after logging in. In addition, I have also noticed that random tabs open up by themselves. At first, google.com would open up. This is also my homepage so i thought nothing of it. But then a tab opened directing me to the following address which brought up a black page - http://78.140.143.83/go.php . I attempted to restore my system to an earlier date, but was unable to restore to any points before the problem arose.

My antivirus is currenty out of date, which i know is asking for trouble, but I shall correct this asap. I have only had one issue previously, where I have had to seek some help online. This was a couple of years ago. With regards to P2P software, i rarely use it and understand the risks. The only major event that happened prior to the problem arising, was the installation of microsoft office 2007. I carried this out within the last week.

I would greatly appreciate some help with thins. I am going on holiday on the 9th for around 10days, so will not have access to the main PC where the problem is occurring. I was unsure whether to post this problem now or once i return, but the situation is becoming more and more irritating. I hope to cooperate as much as I can in the next few days.

DDS File ---

DDS (Ver_10-03-17.01) - NTFSx86
Run by Raf at 18:27:20.03 on 06/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.235 [GMT 1:00]

AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe
C:\Program Files\Wireless\Client Manager\Cmags.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Raf\Desktop\dds.scr
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe "
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe "
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [DLD.EXE] c:\program files\download direct\DLD.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [{E938E0F1-E11D-7E79-FF79-212BC0FB8E55}] "c:\windows\system32\config\systemprofile\application data\tuahhu\cyimz.exe "
uRun: [Rhababex] rundll32.exe "c:\windows\msrnsht.dll ",Startup
uRun: [{8A24D078-3D02-5DD0-C1EF-A061F18840F7}] "c:\windows\system32\config\systemprofile\application data\cydev\unqa.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [PDService.exe] c:\program files\utimaco\safeguard privatedisk\pdservice.exe
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe "
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe "
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe "
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe "
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Mfacibiqorefub] rundll32.exe "c:\windows\egakutege.dll ",Startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\raf\start menu\programs\startup\wwwrfd32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\record~1.lnk - c:\program files\sony\vaio entertainment\VzTrayIcon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\wireless\client manager\Cmags.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: adobe.com\eurostore
Trusted Zone: adobe.com\istore
Trusted Zone: club-vaio.com\www
Trusted Zone: moodlogic.com\www
Trusted Zone: sony-europe.com
Trusted Zone: sony-europe.com\www.club-vaio
Trusted Zone: sony-europe.com\www.vaio
Trusted Zone: sonystyle-europe.com
Trusted Zone: sonystyle-europe.com\shop
Trusted Zone: sonystyle-europe.com\www
Trusted Zone: symantecstore.com\www
Trusted Zone: tvtv.co.uk\www
Trusted Zone: tvtv.de\www
Trusted Zone: tvtv.es\www
Trusted Zone: tvtv.fr\www
Trusted Zone: tvtv.it\www
Trusted Zone: tvtv.nl\www
Trusted Zone: utimaco.com\www
Trusted Zone: vaio-link.com
Trusted Zone: yahoo.com\*.personals
Trusted Zone: yahoo.com\*.rd
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199560942718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LMIinit - LMIinit.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\tuvadajo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
IFEO: RapportMgmtService.exe - ZASRAKOMONDOHUI31338.EXE
IFEO: RapportService.exe - ZASRAKOMONDOHUI31338.EXE

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\raf\applic~1\mozilla\firefox\profiles\qk41mv49.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\documents and settings\raf\application data\mozilla\firefox\profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {E04C0294-C936-40FA-96AA-3D6F3B18D721} - c:\documents and settings\raf\local settings\application data\{E04C0294-C936-40FA-96AA-3D6F3B18D721}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-16 130936]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-4-29 96384]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-8-29 14336]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-3-25 47640]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-24 102448]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-1-31 17152]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [2009-4-29 155648]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-2-26 29183504]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091231.041\NAVENG.SYS [2010-1-1 84912]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091231.041\NAVEX15.SYS [2010-1-1 1323568]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-4-5 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-4-5 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-4-5 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-4-5 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-4-5 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-4-5 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-4-5 115752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-16 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-16 1095560]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-12-31 1245064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-08-06 08:45:03 105672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-04 17:26:12 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-04 17:08:56 175 ----a-w- c:\windows\system32\MRT.INI
2010-08-04 15:47:39 0 d-----w- C:\c4046617ce317c1dbc27373519
2010-08-04 15:47:20 0 d-----w- C:\397a74c4e09d3f23bc4b
2010-08-04 13:36:13 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-31 09:49:36 0 ----a-w- c:\windows\Kqixisadoqenez.bin
2010-07-31 09:49:35 120 ----a-w- c:\windows\Inicer.dat
2010-07-30 23:31:17 4 ----a-w- c:\docume~1\raf\applic~1\avdrn.dat
2010-07-30 19:23:26 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-30 19:02:02 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 14:55:44 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-07-14 15:59:21 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 13:53:52 0 d-----w- c:\program files\iPod
2010-07-12 13:53:16 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-12 13:32:18 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-07-31 10:40:32 82964 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-09 23:01:10 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01:10 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01:10 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-08-21 10:31:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082120090822\index.dat

============= FINISH: 18:29:59.82 ===============

Attach file ---

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 05/01/2008 14:22:18
System Uptime: 08/06/2010 18:10:37 (1416 hours ago)

Motherboard: Intel Corporation | | PRAGUE
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 1.199 GiB free.
D: is FIXED (NTFS) - 217 GiB total, 0.364 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: a734gcun

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Symantec Network Security Miniport
Device ID: ROOT\SYMC_SYMIMMP\0000
Manufacturer: Symantec
Name: Symantec Network Security Miniport
PNP Device ID: ROOT\SYMC_SYMIMMP\0000
Service: SymIMMP

==== System Restore Points ===================

RP630: 06/08/2010 09:43:01 - Software Distribution Service 3.0

==== Installed Programs ======================

ACE Mega CoDecS Pack
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Elements 3.0
Adobe Premiere Standard
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
Akamai NetSession Interface
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Extreme
Avanquest update
AviSynth 2.5
Backup
Belkin 54Mbps Wireless Network Adapter
BitComet 0.98
BlueJ 2.5.0
Bonjour
BUFFALO TurboUSB for FLASH/HDD
ccCommon
Click to DVD 2.0.03 Menu Data
Click to DVD 2.4.12
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 8 Professional
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DSD Direct
DSD Playback Plug-in 1.0
DVD Decrypter (Remove Only)
DVgate Plus
EPSON Scan
FaceGen Customizer 1.1
FaceGen Modeller 3.1
FaceGen Modeller 3.2 Free
ffdshow
FlashSee
FLV Player 2.0, build 23
FM Modifier 2.25
fmXML version 0.3
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GearDrvs
GIMP 2.6.4
Google Toolbar for Internet Explorer
Grand Theft Auto IV Screenshot Screen Saver
Hauppauge WinTV IR Blaster
Hauppauge WinTV Scheduler
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP My Display
Image Converter 2
Incomedia WebSite X5 v8 - Evolution
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD for VAIO
InterVideo WinDVDX
iPhone Configuration Utility
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 3D 1.5.1
Java DB 10.3.1.4
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) SE Development Kit 6 Update 4
K-Lite Mega Codec Pack 4.1.4
KPT 6
LimeWire
LimeWire 5.5.8
Livestation
LiveUpdate (Symantec Corporation)
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech® Camera Driver
Malwarebytes' Anti-Malware
ManyCam 2.3 (remove only)
MediaCoder 0.6.1
Memory Stick Formatter
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
MoodLogic
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA Drivers
OpenAL
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Opera 10.00
PDF Settings CS5
PictureGear Studio 2.0
Pivot Software
Project64 1.6
PUÃÃ¸Ã‚Ã§µÃ§ÃŠÃ“
PuTTY version 0.60
QuickTime
RealPlayer
Registry Mechanic 8.0
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
SDK
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Serif WebPlus X2
Serif WebPlus X2 Resources
SICStus Prolog 4.0.5
SigmaTel Audio
Sky Player
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Sogou PXP Accelerator 1.0.0.10
SonicStage 4.3
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Plugins
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 4.010.00
Sony Media Manager 2.0
Sony Media Manager 2.3
Sony MP4 Shared Library
Sony Utilities DLL
Sony Vegas 6.0
Sony Vegas Pro 8.0
Sony Video Shared Library
SopCast 3.0.1
SPBBC 32bit
Spybot - Search & Destroy
Spyware Doctor 6.0
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
The Cleaner 2010
TVAnts 1.0
TVUPlayer 2.3.5.4
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UScreenCapture (x86)
VAIO Control Center
VAIO Edit Components
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.2
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Online Registration (English)
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion HD Normal Contents
VAIO Original Screen Saver VAIO Scene HD Normal Contents
VAIO Product Survey
VAIO TV Tuner Library 1.4
VAIO Update 3
VAIO Zone
VAIO Zone Remote Commander
VC80CRTRedist - 8.0.50727.4053
Videora iPod touch Converter 3.08
VLC media player 0.9.9
VOR
VPS
WebFldrs XP
Winamp
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Wireless Client
Wireless Client Manager V3.30
WM Capture
x264 Revision 527 x264.nl (remove only)
XML Paper Specification Shared Components Pack 1.0
XoftSpySE
Yahoo! Messenger
Zattoo 3.3.2 Beta

==== Event Viewer Messages From Past Week ========

06/08/2010 18:25:00, error: Dhcp [1002] - The IP address lease 192.168.0.107 for the Network Card with network address 0022754FC8B9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
06/08/2010 09:08:00, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
06/08/2010 09:08:00, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/08/2010 09:07:27, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VAIO Entertainment Aggregation and Control Service service to connect.
06/08/2010 09:07:27, error: Service Control Manager [7000] - The VAIO Entertainment Aggregation and Control Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/08/2010 09:07:27, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VAIO Entertainment Aggregation and Control Service with arguments " " in order to run the server: {21ADFCC3-710C-492D-847C-342CE7B7BEC4}
04/08/2010 18:09:07, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.OpenMP. Reference error message: The referenced assembly is not installed on your system. .
04/08/2010 18:09:07, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\GCPlayer.dll. Reference error message: The operation completed successfully. .
04/08/2010 18:09:07, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.OpenMP could not be found and Last Error was The referenced assembly is not installed on your system.
04/08/2010 18:00:14, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
04/08/2010 17:41:15, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).
04/08/2010 17:31:16, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
04/08/2010 17:29:11, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/08/2010 17:28:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
04/08/2010 17:18:29, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
04/08/2010 17:08:01, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s).
04/08/2010 17:08:01, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/08/2010 16:57:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD archlp DMICall eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT Pivot PrivateDisk RasAcd Rdbss SPBBCDrv SRTSPX StarOpen SYMTDI Tcpip WS2IFSL
04/08/2010 16:57:45, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
04/08/2010 16:57:45, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2010 16:57:45, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2010 16:57:45, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2010 16:57:45, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2010 16:57:45, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2010 16:57:45, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2010 16:51:47, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
04/08/2010 16:51:47, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
04/08/2010 16:51:47, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/08/2010 14:50:55, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
04/08/2010 14:29:20, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
04/08/2010 14:29:20, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

==== End Of File ===========================

PeteC · 2010/08/06

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/08/06

Uninstall Norton, using Norton Removal Tool: http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

Download and install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
After installation, run full scan.
Make sure, Windows firewall is turned ON.

When done....

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Raf18 · 2010/08/07

MBAM Log ---

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4402

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/08/2010 12:32:28
mbam-log-2010-08-07 (12-32-28).txt

Scan type: Quick scan
Objects scanned: 230636
Time elapsed: 21 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e2745192-8f50-4acc-aa27-2ac0b85a875f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a74bf134-5213-46b5-af36-ce1888315dc7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\putv\tvcode\pipi\PIPIWebPlayer.ocx (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Raf\Local Settings\Temp\9c274a25.exe (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM1E.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Raf\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

Raf18 · 2010/08/07

GMER Log ---

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-07 22:43:01
Windows 5.1.2600 Service Pack 3
Running: lkrtj75r.exe; Driver: C:\DOCUME~1\Raf\LOCALS~1\Temp\ugldrpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB341CCD2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF71D3514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF71C2282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF71C2474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF71D3D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF71D3FB8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB341C764]
SSDT sphu.sys ZwEnumerateKey [0xF73AFCA2]
SSDT sphu.sys ZwEnumerateValueKey [0xF73B0030]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF71D23FA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB341C6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB341C708]
SSDT sphu.sys ZwQueryKey [0xF73B0108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB341CD88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF71D4422]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB341CD48]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF71D37D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF71C1F32]

INT 0x62 ? 8776ABF8
INT 0x83 ? 86BCDBF8
INT 0x94 ? 86BCDBF8
INT 0xB4 ? 877D8BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB34299C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB3429AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B3429AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B34299C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B34255B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B3426F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? sphu.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF60C6360, 0x1DE8FD, 0xE8000020]
.text USBPORT.SYS!DllUnload F603E8AC 5 Bytes JMP 86BCD1D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\System32\svchost.exe[1212] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F5000A
.text C:\WINDOWS\System32\svchost.exe[1212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A1000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\WINDOWS\Explorer.EXE[3104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[3104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[3104] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\wuauclt.exe[5792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[5792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A
.text C:\WINDOWS\system32\wuauclt.exe[5792] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 002A000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7393046] sphu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7393142] sphu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73930C4] sphu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73937CE] sphu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73936A4] sphu.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01472F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01472CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01472D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01472CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 002EBCA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 002EBC50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 002E7EA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 002E9100
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 002EAA10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 002E9370
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 002E9180
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 002EA010
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 002EB950
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 002EB990
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 002EBD30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 002EB810
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 002EA970
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 002E9930
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 002E92E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 002E9660
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 002EC2B0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 002EA360
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 002EA7D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 002EAE90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 002EAC20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 002EAE10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 002EB2F0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 002EB000
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 002E9250
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 002E97E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 002EBA70
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 002EAD60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 002EA910
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 002EA790
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 002EAB20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 002EBD50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 002EAB60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 002EBFF0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 002EBF90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 002EC1E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 002EC280
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 002EC0B0
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01012F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01012CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01012D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01012CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Portrait Displays\Pivot Software\floater.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Portrait Displays\Pivot Software\floater.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Portrait Displays\Pivot Software\floater.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Portrait Displays\Pivot Software\floater.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

Raf18 · 2010/08/07

MBRCheck ---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A90000 \WINDOWS\system32\KDCOM.DLL
0xF79A0000 \WINDOWS\system32\BOOTVID.dll
0xF7391000 sphu.sys
0xF7A92000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF7379000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF734B000 ACPI.sys
0xF733A000 pci.sys
0xF7590000 ohci1394.sys
0xF75A0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF75B0000 isapnp.sys
0xF7B58000 pciide.sys
0xF7810000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF731C000 pcmcia.sys
0xF75C0000 MountMgr.sys
0xF72FD000 ftdisk.sys
0xF7818000 PartMgr.sys
0xF75D0000 VolSnap.sys
0xF72E5000 atapi.sys
0xF7210000 iaStor.sys
0xF75E0000 disk.sys
0xF75F0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF71F0000 fltmgr.sys
0xF71DE000 sr.sys
0xF71BB000 PCTCore.sys
0xF7600000 PxHelp20.sys
0xF71A4000 KSecDD.sys
0xF7117000 Ntfs.sys
0xF70EA000 NDIS.sys
0xF70D0000 Mup.sys
0xF7610000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF77F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF60C6000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF60B2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7640000 \SystemRoot\System32\drivers\pivot.sys
0xF608A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF604A000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF78F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6026000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5F65000 \SystemRoot\system32\DRIVERS\smrt.sys
0xF7630000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF5F42000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5F2E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7620000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7900000 \SystemRoot\system32\drivers\Afc.sys
0xF7670000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7800000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7920000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7C6F000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xF7928000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0xF7C72000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6924000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF63F8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF50BA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6914000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6904000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7988000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF50A9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF68F4000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7990000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7998000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF63EC000 \SystemRoot\System32\Drivers\PdiPorts.sys
0xF68E4000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7828000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7830000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B0E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xEF4DF000 \SystemRoot\system32\DRIVERS\update.sys
0xF421E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEBD06000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB45C8000 \SystemRoot\system32\drivers\sthda.sys
0xB45A4000 \SystemRoot\system32\drivers\portcls.sys
0xEBCE6000 \SystemRoot\system32\drivers\drmk.sys
0xB379E000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB36A1000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB35F2000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xEB115000 \SystemRoot\System32\Drivers\Modem.SYS
0xF11F5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B0C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B10000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB3CBD000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B12000 \SystemRoot\System32\Drivers\Beep.SYS
0xEB0E5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEB0DD000 \SystemRoot\System32\drivers\vga.sys
0xEC0A4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xEC0A2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF1313000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF131B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB447A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB359F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3546000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF1205000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB3520000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB34F8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3F3A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4462000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB34D6000 \SystemRoot\System32\drivers\afd.sys
0xB3F2A000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB3F1A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF1323000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xB34AB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3F0A000 \SystemRoot\System32\Drivers\PrivateDiskM.sys
0xB343B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB3EFA000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3B97000 \SystemRoot\system32\DRIVERS\DMICall.sys
0xB3414000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB33FE000 \SystemRoot\system32\drivers\archlp.sys
0xF7960000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB3DE4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB3ECA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB3E4A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB338F000 \SystemRoot\system32\DRIVERS\rt73.sys
0xB3E42000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB3DD8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3EBA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB380A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB3EAA000 \??\C:\WINDOWS\system32\drivers\pivotmou.sys
0xB3B56000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xB3043000 \SystemRoot\system32\DRIVERS\LVCM.sys
0xB2E28000 \SystemRoot\system32\DRIVERS\lvsvf2.sys
0xB3B46000 \SystemRoot\system32\drivers\usbaudio.sys
0xB2D53000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xEFC02000 \SystemRoot\System32\drivers\Dxapi.sys
0xF449F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB3DF9000 \SystemRoot\System32\drivers\dxgthk.sys
0xEFBFE000 \SystemRoot\System32\DRIVERS\pdiddcci.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xED0F1000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF4212000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB1077000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB0F0A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF6964000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB0DEB000 \SystemRoot\system32\DRIVERS\srv.sys
0xB0E4E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB021B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0258000 \SystemRoot\system32\drivers\sysaudio.sys
0xF134B000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xAF58C000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3E0A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xADD2F000 \??\C:\DOCUME~1\Raf\LOCALS~1\Temp\ugldrpog.sys
0xABCFC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
856 csrss.exe
880 C:\WINDOWS\system32\winlogon.exe
932 C:\WINDOWS\system32\services.exe
944 C:\WINDOWS\system32\lsass.exe
1108 C:\WINDOWS\system32\svchost.exe
1168 svchost.exe
1212 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1380 svchost.exe
1616 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1716 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
436 C:\WINDOWS\system32\spoolsv.exe
484 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1504 svchost.exe
1540 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1560 C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
1636 C:\WINDOWS\system32\svchost.exe
1740 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1796 C:\Program Files\Bonjour\mDNSResponder.exe
616 C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
692 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
724 C:\Program Files\Java\jre6\bin\jqs.exe
752 C:\Program Files\Kontiki\KService.exe
788 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
1844 C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
1876 C:\WINDOWS\system32\nvsvc32.exe
1932 sqlbrowser.exe
2284 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2332 C:\WINDOWS\system32\svchost.exe
2536 C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
2584 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2980 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
3104 C:\WINDOWS\explorer.exe
3124 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
3404 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
296 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
312 C:\Program Files\Java\jre6\bin\jusched.exe
324 C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
336 C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
548 C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
520 C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
764 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
848 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
948 C:\Program Files\Winamp\winampa.exe
1428 C:\Program Files\Kontiki\KHost.exe
1996 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2168 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2380 C:\Program Files\Logitech\QuickCam\Quickcam.exe
2440 C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
2632 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
3524 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
3528 C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
3876 C:\Program Files\iTunes\iTunesHelper.exe
1224 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1980 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2448 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3084 C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
2976 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3392 C:\WINDOWS\system32\ctfmon.exe
3724 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
2908 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
1448 C:\Program Files\Registry Mechanic\RegMech.exe
4160 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
4876 alg.exe
5392 C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe
5504 C:\Program Files\Wireless\Client Manager\Cmags.exe
5744 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
5792 C:\WINDOWS\system32\wuauclt.exe
5904 C:\Program Files\iPod\bin\iPodService.exe
4192 C:\WINDOWS\system32\vsjitdebugger.exe
4268 C:\WINDOWS\system32\vsjitdebugger.exe
5148 <unknown>
6072 C:\WINDOWS\system32\wuauclt.exe
1196 C:\Documents and Settings\Raf\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`bf1f2000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`5fee1c00 (NTFS)

PhysicalDrive0 Model Number:

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Raf18 · 2010/08/07

GMER log ---- PART 1 OF LOG

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-07 22:43:01
Windows 5.1.2600 Service Pack 3
Running: lkrtj75r.exe; Driver: C:\DOCUME~1\Raf\LOCALS~1\Temp\ugldrpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB341CCD2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF71D3514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF71C2282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF71C2474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF71D3D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF71D3FB8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB341C764]
SSDT sphu.sys ZwEnumerateKey [0xF73AFCA2]
SSDT sphu.sys ZwEnumerateValueKey [0xF73B0030]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF71D23FA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB341C6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB341C708]
SSDT sphu.sys ZwQueryKey [0xF73B0108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB341CD88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF71D4422]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB341CD48]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF71D37D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF71C1F32]

INT 0x62 ? 8776ABF8
INT 0x83 ? 86BCDBF8
INT 0x94 ? 86BCDBF8
INT 0xB4 ? 877D8BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB34299C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB3429AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B3429AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B34299C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B34255B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B3426F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? sphu.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF60C6360, 0x1DE8FD, 0xE8000020]
.text USBPORT.SYS!DllUnload F603E8AC 5 Bytes JMP 86BCD1D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\System32\svchost.exe[1212] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F5000A
.text C:\WINDOWS\System32\svchost.exe[1212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A1000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\WINDOWS\Explorer.EXE[3104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[3104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[3104] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\wuauclt.exe[5792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[5792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A
.text C:\WINDOWS\system32\wuauclt.exe[5792] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 002A000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7393046] sphu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7393142] sphu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73930C4] sphu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73937CE] sphu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73936A4] sphu.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01472F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01472CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01472D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01472CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 002EBCA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 002EBC50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 002E7EA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 002E9100
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 002EAA10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 002E9370
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 002E9180
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 002EA010
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 002EB950
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 002EB990
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 002EBD30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 002EB810
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 002EA970
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 002E9930
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 002E92E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 002E9660
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 002EC2B0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 002EA360
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 002EA7D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 002EAE90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 002EAC20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 002EAE10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 002EB2F0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 002EB000
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 002E9250
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 002E97E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 002EBA70
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 002EAD60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 002EA910
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 002EA790
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 002EAB20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 002EBD50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 002EAB60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 002EBFF0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 002EBF90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 002EC1E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 002EC280
IAT C:\Program Files\Registry Mechanic\RegMech.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 002EC0B0
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01012F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01012CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01012D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01012CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Portrait Displays\Pivot Software\floater.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Portrait Displays\Pivot Software\floater.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Portrait Displays\Pivot Software\floater.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Portrait Displays\Pivot Software\floater.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01512F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01512CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01512D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01512CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

broni · 2010/08/07

I still need 2nd part of GMER log.

Raf18 · 2010/08/08

Yes Sorry. It took a while for my posts to appear so was unsure as to what had come through.

GMER LOG PART 2 ---

IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [1002DE60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRect] [1002DED0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3724] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\vsjitdebugger.exe[4192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\vsjitdebugger.exe[4192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\vsjitdebugger.exe[4192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\vsjitdebugger.exe[4192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\vsjitdebugger.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\vsjitdebugger.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\vsjitdebugger.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\vsjitdebugger.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Raf\Desktop\lkrtj75r.exe[5148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Raf\Desktop\lkrtj75r.exe[5148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Raf\Desktop\lkrtj75r.exe[5148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Raf\Desktop\lkrtj75r.exe[5148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe[5392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe[5392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe[5392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe[5392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Wireless\Client Manager\Cmags.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Wireless\Client Manager\Cmags.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Wireless\Client Manager\Cmags.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Wireless\Client Manager\Cmags.exe[5504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 877D71F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{59813492-1C62-4779-806D-467B1B03ED01} 86791500
Device \Driver\NetBT \Device\NetBT_Tcpip_{8783373C-8594-4F87-AE7D-0758CBCACC77} 86791500

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbehci \Device\USBPDO-0 86BBE1F8
Device \Driver\usbuhci \Device\USBPDO-1 86BCC1F8
Device \Driver\usbuhci \Device\USBPDO-2 86BCC1F8
Device \Driver\usbuhci \Device\USBPDO-3 86BCC1F8
Device \Driver\usbuhci \Device\USBPDO-4 86BCC1F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 877D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 877D91F8
Device \Driver\Cdrom \Device\CdRom0 86ABF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 877D91F8
Device \Driver\iaStor \Device\Ide\iaStor0 [F7251020] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72EEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F72EEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F72EEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 86ABF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86791500
Device \Driver\NetBT \Device\NetbiosSmb 86791500
Device \Driver\usbstor \Device\00000085 86AC7500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbstor \Device\00000089 86AC7500

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 86BCC1F8
Device \Driver\usbuhci \Device\USBFDO-1 86BCC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A94500
Device \Driver\usbuhci \Device\USBFDO-2 86BCC1F8
Device 86A94500
Device \Driver\usbuhci \Device\USBFDO-3 86BCC1F8
Device \Driver\usbehci \Device\USBFDO-4 86BBE1F8
Device \Driver\Ftdisk \Device\FtControl 877D91F8
Device \Driver\usbstor \Device\0000008a 86AC7500
Device \Driver\usbstor \Device\0000008b 86AC7500
Device \Driver\usbstor \Device\0000008c 86AC7500
Device 869422F8
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xFD 0x97 0x4A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF5 0xEB 0x44 0x53 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x3F 0x49 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xFD 0x97 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF5 0xEB 0x44 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x3F 0x49 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xFD 0x97 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF5 0xEB 0x44 0x53 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x3F 0x49 0x57 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xFD 0x97 0x4A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF5 0xEB 0x44 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x3F 0x49 0x57 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xFD 0x97 0x4A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF5 0xEB 0x44 0x53 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x3F 0x49 0x57 ...

---- EOF - GMER 1.0.15 ----

broni · 2010/08/08

Good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni · 2010/08/20

Reopened...

Raf18 · 2010/08/23

Thanks. The log is below. Think there were a couple of errors that occurred during the process, which you might be able to tell from the log below.

ComboFix 10-08-18.05 - Raf 20/08/2010 13:11:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.597 [GMT 1:00]
Running from: c:\documents and settings\Raf\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Raf\LOCALS~1\Temp\1.wmv
c:\documents and settings\Raf\raf
c:\program files\Internet Explorer\SET502.tmp
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-08 13:31 . 2010-08-08 13:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-07 00:09 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-07 00:09 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-07 00:09 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-07 00:09 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-07 00:09 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-07 00:09 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-07 00:09 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-07 00:09 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-07 00:09 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-07 00:09 . 2010-08-07 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-06 08:45 . 2010-08-06 08:45 105672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-04 17:26 . 2010-08-05 13:13 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-04 15:47 . 2010-08-04 15:47 -------- d-----w- C:\c4046617ce317c1dbc27373519
2010-08-04 15:47 . 2010-08-04 15:51 -------- d-----w- C:\397a74c4e09d3f23bc4b
2010-08-04 13:42 . 2010-08-06 09:13 -------- d-----w- c:\documents and settings\Administrator.RAFI.009\Local Settings\Application Data\Microsoft
2010-08-04 13:42 . 2009-09-05 15:48 -------- d-sh--w- c:\documents and settings\Administrator.RAFI.009\IETldCache
2010-08-04 13:42 . 2010-08-08 13:32 -------- d-----w- c:\documents and settings\Administrator.RAFI.009
2010-08-04 13:00 . 2010-08-04 13:58 -------- d-s---w- c:\documents and settings\Administrator.RAFI.008
2010-08-04 13:00 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.008\Local Settings\Application Data\Microsoft
2010-08-04 13:00 . 2009-09-05 15:48 -------- d-----w- c:\documents and settings\Administrator.RAFI.008\IETldCache
2010-08-03 00:29 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-02 13:11 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.007\Local Settings\Application Data\Microsoft
2010-08-02 13:11 . 2009-09-05 15:48 -------- d-----w- c:\documents and settings\Administrator.RAFI.007\IETldCache
2010-08-02 13:11 . 2010-08-04 13:58 -------- d-s---w- c:\documents and settings\Administrator.RAFI.007
2010-08-02 12:51 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.006\Local Settings\Application Data\Microsoft
2010-08-02 12:51 . 2009-09-05 15:48 -------- d-----w- c:\documents and settings\Administrator.RAFI.006\IETldCache
2010-08-02 12:51 . 2010-08-04 13:58 -------- d-s---w- c:\documents and settings\Administrator.RAFI.006
2010-07-31 09:49 . 2010-08-06 23:27 0 ----a-w- c:\windows\Kqixisadoqenez.bin
2010-07-31 09:49 . 2010-08-06 23:28 120 ----a-w- c:\windows\Inicer.dat
2010-07-31 09:49 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Raf\Local Settings\Application Data\{E04C0294-C936-40FA-96AA-3D6F3B18D721}
2010-07-30 19:23 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-30 19:23 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-30 19:02 . 2010-07-30 19:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 15:16 . 2010-07-30 15:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-30 15:11 . 2010-07-30 15:11 -------- d-----w- c:\documents and settings\Raf\Local Settings\Application Data\Temp
2010-07-30 15:11 . 2010-07-30 15:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-30 14:55 . 2010-08-06 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-22 10:11 . 2010-07-22 10:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Cydev

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 12:28 . 2009-01-31 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-08-20 12:25 . 2010-06-29 19:22 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-20 12:13 . 2010-03-16 04:03 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xofozi
2010-08-20 12:13 . 2008-06-24 04:50 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Zomep
2010-08-20 12:13 . 2009-10-12 19:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Tuahhu
2010-08-20 12:13 . 2008-05-13 12:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Pyefv
2010-08-20 12:13 . 2010-08-04 13:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Ikuk
2010-08-20 12:13 . 2007-11-28 16:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Fotyta
2010-08-20 12:13 . 2010-08-04 13:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Beow
2010-08-20 12:13 . 2010-08-04 13:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Ciyncy
2010-08-20 12:13 . 2007-05-16 09:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Aproy
2010-08-20 11:50 . 2008-09-18 12:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-07 11:10 . 2009-04-14 14:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nowo
2010-08-07 11:08 . 2009-01-02 18:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 06:32 . 2008-04-02 18:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-07 02:09 . 2007-03-22 04:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Heit
2010-08-07 00:09 . 2008-12-03 14:49 -------- d-----w- c:\program files\Alwil Software
2010-08-07 00:08 . 2010-03-07 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-07 00:05 . 2005-08-30 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-07 00:05 . 2005-08-30 12:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-06 23:42 . 2008-01-05 14:23 -------- d-----w- c:\documents and settings\Raf\Application Data\Symantec
2010-08-06 23:28 . 2009-01-23 16:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Idet
2010-08-06 18:18 . 2010-01-14 00:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Ebma
2010-08-06 15:53 . 2006-12-26 00:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Mameh
2010-08-06 08:50 . 2008-11-10 03:54 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Oqexyk
2010-08-06 08:24 . 2008-02-05 20:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Aruly
2010-08-06 08:08 . 2010-04-17 06:32 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Foynqu
2010-08-06 08:08 . 2010-07-30 23:31 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\pnmfzy.dat
2010-08-05 13:04 . 2008-01-05 14:37 -------- d-----w- c:\program files\Microsoft Works
2010-08-05 12:34 . 2008-12-14 22:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Ehalxa
2010-08-04 13:58 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.009\Application Data\Symantec
2010-08-04 13:58 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.009\Application Data\Sony Corporation
2010-08-04 13:58 . 2010-08-04 13:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Paraes
2010-08-04 13:58 . 2010-08-04 13:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Alahc
2010-08-04 13:58 . 2010-08-04 13:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Puacke
2010-08-04 00:10 . 2007-04-14 17:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xogiva
2010-08-03 13:46 . 2006-10-24 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Ysiky
2010-08-03 11:15 . 2008-01-21 23:37 -------- d-----w- c:\documents and settings\Raf\Application Data\DivX
2010-08-03 00:48 . 2009-01-06 14:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Icapyx
2010-07-31 10:40 . 2009-12-24 19:53 82964 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-31 10:30 . 2008-01-05 17:28 105672 ----a-w- c:\documents and settings\Raf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 19:18 . 2008-09-18 11:43 -------- d-----w- c:\program files\MSBuild
2010-07-30 19:16 . 2008-01-05 14:39 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 15:52 . 2005-08-30 11:17 -------- d-----w- c:\program files\Google
2010-07-30 15:43 . 2010-07-30 15:43 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-30 15:17 . 2008-01-19 19:57 -------- d-----w- c:\program files\DivX
2010-07-30 15:17 . 2009-05-03 17:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-30 15:17 . 2010-07-30 15:17 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-30 15:17 . 2010-07-30 15:17 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-30 15:16 . 2010-07-30 15:16 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-30 15:16 . 2010-07-30 15:16 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-30 15:12 . 2010-07-30 15:12 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-30 15:12 . 2010-07-30 15:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-30 15:12 . 2010-07-30 15:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-30 15:12 . 2010-07-30 15:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-30 14:55 . 2010-07-30 15:17 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-30 14:55 . 2010-07-30 15:17 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-28 11:32 . 2010-07-28 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-28 11:32 . 2010-07-28 11:32 -------- d-----w- c:\program files\NOS
2010-07-23 16:22 . 2010-07-30 12:12 1496064 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 16:22 . 2010-07-30 12:12 43008 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 16:22 . 2010-07-30 12:12 338944 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 16:22 . 2010-07-30 12:12 346112 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-22 10:11 . 2010-07-22 10:11 105448 ----a-w- c:\windows\system32\config\systemprofile\Application Data\Cydev\unqa.exe
2010-07-12 13:54 . 2010-07-12 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-12 13:54 . 2008-07-07 17:42 -------- d-----w- c:\program files\iTunes
2010-07-12 13:53 . 2010-07-12 13:53 -------- d-----w- c:\program files\iPod
2010-07-12 13:53 . 2008-07-07 17:40 -------- d-----w- c:\program files\Common Files\Apple
2010-07-12 13:44 . 2010-07-12 13:42 -------- d-----w- c:\program files\QuickTime
2010-07-12 13:39 . 2010-07-12 13:39 -------- d-----w- c:\program files\Apple Software Update
2010-07-12 13:32 . 2010-07-12 13:32 -------- d-----w- c:\program files\Bonjour
2010-07-10 16:34 . 2008-01-05 18:24 -------- d-----w- c:\program files\LimeWire
2010-07-02 09:13 . 2009-04-05 10:12 -------- d-----w- c:\program files\Avanquest update
2010-06-30 00:55 . 2010-06-30 00:55 -------- d-----w- c:\documents and settings\Raf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-06-29 23:08 . 2010-06-29 23:08 -------- d-----w- c:\documents and settings\Raf\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-06-29 21:06 . 2009-03-07 20:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-29 21:01 . 2010-06-29 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-29 20:56 . 2005-08-30 10:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-29 20:53 . 2010-06-29 20:53 -------- d-----w- c:\program files\Adobe Media Player
2010-06-29 20:52 . 2005-08-29 19:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 20:49 . 2010-06-29 20:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-29 20:48 . 2010-08-04 13:42 38784 ----a-w- c:\documents and settings\Administrator.RAFI.009\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-29 20:48 . 2008-07-19 00:07 38784 ----a-w- c:\documents and settings\Raf\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-15 19:01 . 2010-06-15 19:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2005-08-30 01:11 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 23:01 . 2008-01-11 22:38 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2005-08-30 09:22 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2005-08-30 09:22 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2005-08-30 09:22 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2009-03-31 21:47 . 2008-12-31 21:01 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"RegistryMechanic "= "c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-13 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"VZRemoteCommander "= "c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"PDService.exe "= "c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"PivotSoftware "= "c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-01-12 688128]
"DT HPW "= "c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-01-16 280576]
"VAIO Update 3 "= "c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 546936]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2007-12-20 37376]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"F5D7050v3 "= "c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard "= "c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager "= "c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2008-1-5 778240]

c:\documents and settings\Administrator.RAFI.009\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2008-1-5 778240]

c:\documents and settings\Guest.RAFI\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2008-1-5 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Recording Status.lnk - c:\program files\Sony\vaio entertainment\VzTrayIcon.exe [2008-1-5 299008]
Wireless Client Manager.lnk - c:\program files\Wireless\Client Manager\Cmags.exe [2008-1-5 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 21:07 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe "=
"c:\\Program Files\\iTunes\\iTunesHelper.exe "=
"c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\LimeWire\\LimeWire 5 Pro\\LimeWire.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10605:TCP "= 10605:TCP:BitComet 10605 TCP
"10605:UDP "= 10605:UDP:BitComet 10605 UDP
"1036:TCP "= 1036:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16/05/2009 11:45 130936]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [29/04/2009 16:23 96384]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/08/2010 01:09 165456]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 15:07 45627]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29/08/2005 19:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/08/2010 01:09 17744]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 11:06 21632]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [04/10/2004 05:47 98304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [31/01/2009 15:49 17152]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [29/04/2009 16:17 155648]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [26/02/2008 22:08 29183504]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [05/04/2009 11:10 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [05/04/2009 11:10 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [05/04/2009 11:10 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [05/04/2009 11:10 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [05/04/2009 11:10 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [05/04/2009 11:10 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [05/04/2009 11:10 115752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/05/2009 11:45 348752]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/02/2008 12:38 715248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-RAFI-Raf.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-29 02:44]

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-20 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-12-23 17:08]

2010-08-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-12-23 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
Trusted Zone: adobe.com\eurostore
Trusted Zone: adobe.com\istore
Trusted Zone: club-vaio.com\www
Trusted Zone: moodlogic.com\www
Trusted Zone: sony-europe.com
Trusted Zone: sony-europe.com\www.club-vaio
Trusted Zone: sony-europe.com\www.vaio
Trusted Zone: sonystyle-europe.com
Trusted Zone: sonystyle-europe.com\shop
Trusted Zone: sonystyle-europe.com\www
Trusted Zone: symantecstore.com\www
Trusted Zone: tvtv.co.uk\www
Trusted Zone: tvtv.de\www
Trusted Zone: tvtv.es\www
Trusted Zone: tvtv.fr\www
Trusted Zone: tvtv.it\www
Trusted Zone: tvtv.nl\www
Trusted Zone: utimaco.com\www
Trusted Zone: vaio-link.com
Trusted Zone: yahoo.com\*.personals
Trusted Zone: yahoo.com\*.rd
FF - ProfilePath - c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {E04C0294-C936-40FA-96AA-3D6F3B18D721} - c:\documents and settings\Raf\Local Settings\Application Data\{E04C0294-C936-40FA-96AA-3D6F3B18D721}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe
HKCU-Run-Rhababex - c:\windows\msrnsht.dll
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-Mfacibiqorefub - c:\windows\egakutege.dll
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
AddRemove-RapidLeecher - c:\program files\RapidLeecher\Uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 13:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2927975292-1060120474-3591987657-1007\Software\G*e*n*i*e* "!\FM Genie Scout 2009 XE]
"GameDir "= "c:\\Documents and Settings\\Raf\\My Documents\\Sports Interactive\\Football Manager 2009\\games "
"ShortlistDir "= "c:\\Documents and Settings\\Raf\\My Documents\\Sports Interactive\\Football Manager 2009\\shortlists "
"ScreenshotsDir "= "c:\\Documents and Settings\\Raf\\My Documents\\Sports Interactive\\Football Manager 2009 "
"SaveDir "= "c:\\Documents and Settings\\Raf\\My Documents\\Sports Interactive\\Football Manager 2009\\ "
"HistoryDir "= "c:\\DOCUME~1\\Raf\\LOCALS~1\\Temp\\Rar$EX00.515\\FM Genie Scout 2009 XE\\History Points "
"LangDB "= "d:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat "
"LastSaveGame "=" "
"Language "= "English "
"LoadLangDB "=dword:00000001
"CompressHistoryPoints "=dword:00000000
"HighlightedAttributes "=dword:00000000
"MinCondition "=dword:00000050
"SkinName "= "Champions League "
"LastUpdateCheck "=dword:00000000
"HighQualityGUI "=dword:00000001
"AutomaticallyUpdateCheck "=dword:00000001
"AdvancedGeneration "=dword:00000000
"TranslateStaffSkills "=dword:00000001
"TranslatePlayerSkills "=dword:00000001
"TranslatePositions "=dword:00000001
"ShowHistory "=dword:00000001
"Version "=dword:00000067
"UniqueID "= "74-0850-603F "
"UseProxy "=dword:00000000
"ProxyHost "=" "
"ProxyPort "=" "
"UseAuthentication "=dword:00000000
"UserName "=" "
"UserPassword "=" "
"Currency "=dword:00000056
"GraphStep "=dword:00000000

[HKEY_LOCAL_MACHINE\software\Portrait Displays\DisplayTune\PLUG_AP\APPS\{15733AD1-1CEF-459A-9245-0924FC63BDD5}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\HID\Vid_054c&Pid_01db&MI_01&Col05\7&18445798&0&0004\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\LMIinit.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2010-08-20 13:32:49
ComboFix-quarantined-files.txt 2010-08-20 12:32

Pre-Run: 983,990,272 bytes free
Post-Run: 3,257,470,976 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2BB7930F32F0B7D6D6405918B57AF567

broni · 2010/08/23

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Click to expand...

Please, allow recovery console installation on next Combofix run.

=================================================================

Unless you willingly installed Kontiki Player....
Go Start>Control Panel>Add\Remove ( "Programs and Features" in Vista), and uninstall Sky Anytime (if present).
Download, and run KClean.exe: http://static.sky.com/kclean/KClean.exe to remove Kontiki from your computer.
NOTE: Kontiki is a known resource hog.

===============================================================

Uninstall Registry Mechanic
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Kqixisadoqenez.bin
c:\windows\Inicer.dat


Folder::
c:\windows\system32\config\systemprofile\Application Data\Aproy
c:\windows\system32\config\systemprofile\Application Data\Ciyncy
c:\windows\system32\config\systemprofile\Application Data\Beow
c:\windows\system32\config\systemprofile\Application Data\Fotyta
c:\windows\system32\config\systemprofile\Application Data\Ikuk
c:\windows\system32\config\systemprofile\Application Data\Pyefv
c:\windows\system32\config\systemprofile\Application Data\Tuahhu
c:\windows\system32\config\systemprofile\Application Data\Zomep
c:\windows\system32\config\systemprofile\Application Data\Xofozi
c:\windows\system32\config\systemprofile\Application Data\pnmfzy.dat
c:\windows\system32\config\systemprofile\Application Data\Foynqu
c:\windows\system32\config\systemprofile\Application Data\Aruly
c:\windows\system32\config\systemprofile\Application Data\Oqexyk
c:\windows\system32\config\systemprofile\Application Data\Mameh
c:\windows\system32\config\systemprofile\Application Data\Ebma
c:\windows\system32\config\systemprofile\Application Data\Idet
c:\documents and settings\Raf\Application Data\Symantec
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\Symantec
c:\windows\system32\config\systemprofile\Application Data\Heit
c:\windows\system32\config\systemprofile\Application Data\Icapyx
c:\windows\system32\config\systemprofile\Application Data\Ysiky
c:\windows\system32\config\systemprofile\Application Data\Xogiva
c:\windows\system32\config\systemprofile\Application Data\Puacke
c:\windows\system32\config\systemprofile\Application Data\Alahc
c:\windows\system32\config\systemprofile\Application Data\Paraes
c:\documents and settings\Administrator.RAFI.009\Application Data\Symantec
c:\windows\system32\config\systemprofile\Application Data\Ehalxa
c:\windows\system32\config\systemprofile\Application Data\Cydev



Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
 "EnableFirewall "=dword:00000001
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Raf18 · 2010/08/23

Combofix.txt is displayed below. It ran a lot smoother than the last time I ran it. However, there were still 2 error messages. There was one empty message box saying "Error" with an exclamation mark, shortly after running Combofix. During the scan, an error message appeared saying "combofix has detected the presence of rootkit activity and needs to reboot the machine ". After rebooting, the scan automatically ran again.

ComboFix 10-08-22.07 - Raf 23/08/2010 19:28:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.611 [GMT 1:00]
Running from: c:\documents and settings\Raf\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Raf\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Inicer.dat "
"c:\windows\Kqixisadoqenez.bin "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.RAFI.009\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\Backup\bustate.db
c:\documents and settings\All Users\Application Data\Symantec\Backup\bustate.index
c:\documents and settings\All Users\Application Data\Symantec\SubEng\platformid.dat
c:\documents and settings\Raf\Application Data\Symantec
c:\documents and settings\Raf\Application Data\Symantec\NPMDataStore\{e5200f50-6f08-4763-898c-f1cac141ebf4}.ico
c:\documents and settings\Raf\Application Data\Symantec\NPMDataStore\{f549486d-b568-4109-b32f-25bac2a1f8be}.ico
c:\documents and settings\Raf\Application Data\Symantec\NPMDataStore\CIMStore.xml
c:\documents and settings\Raf\Application Data\Symantec\NPMDataStore\CIMStore_bak.xml
c:\documents and settings\Raf\Favorites\Detailed Instructions on How to Jailbreak 1.1.4.url
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\Backup\gearaw32.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\ccL70U.dll
c:\program files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\instopts.dat
c:\program files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe
c:\program files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\SymHTML.dll
c:\program files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\SymTheme.dll
c:\program files\Common Files\Symantec Shared\SPBBC\2010-08-07-0f5a.kc
c:\program files\Common Files\Symantec Shared\Support Controls\clt05PIN.dll
c:\program files\Common Files\Symantec Shared\Support Controls\clt06PIN.dll
c:\program files\Common Files\Symantec Shared\Support Controls\Microsoft.VC80.CRT.manifest
c:\program files\Common Files\Symantec Shared\Support Controls\msvcm80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\msvcp80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\msvcr80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\nprdtinf.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sdcnetck.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssCmdTar.ini
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctrlln.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssextern.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe
c:\program files\Common Files\Symantec Shared\Support Controls\sslisten.exe
c:\program files\Common Files\Symantec Shared\Support Controls\ssrunsa.exe
c:\program files\Common Files\Symantec Shared\Support Controls\SymAData.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymXPep2.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlss.dll
c:\program files\Common Files\Symantec Shared\Support Controls\wificfg.exe
c:\windows\Inicer.dat
c:\windows\Kqixisadoqenez.bin
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\config\systemprofile\Application Data\Alahc
c:\windows\system32\config\systemprofile\Application Data\Aproy
c:\windows\system32\config\systemprofile\Application Data\Aruly
c:\windows\system32\config\systemprofile\Application Data\Beow
c:\windows\system32\config\systemprofile\Application Data\Beow\esfo.exe
c:\windows\system32\config\systemprofile\Application Data\Ciyncy
c:\windows\system32\config\systemprofile\Application Data\Ciyncy\quuhh.exe
c:\windows\system32\config\systemprofile\Application Data\Cydev
c:\windows\system32\config\systemprofile\Application Data\Cydev\unqa.exe
c:\windows\system32\config\systemprofile\Application Data\Ebma
c:\windows\system32\config\systemprofile\Application Data\Ehalxa
c:\windows\system32\config\systemprofile\Application Data\Ehalxa\zyur.max
c:\windows\system32\config\systemprofile\Application Data\Fotyta
c:\windows\system32\config\systemprofile\Application Data\Fotyta\ywubm.exe
c:\windows\system32\config\systemprofile\Application Data\Foynqu
c:\windows\system32\config\systemprofile\Application Data\Foynqu\meva.guk
c:\windows\system32\config\systemprofile\Application Data\Heit
c:\windows\system32\config\systemprofile\Application Data\Icapyx
c:\windows\system32\config\systemprofile\Application Data\Icapyx\wucy.tmp
c:\windows\system32\config\systemprofile\Application Data\Idet
c:\windows\system32\config\systemprofile\Application Data\Idet\cyof.vyn
c:\windows\system32\config\systemprofile\Application Data\Ikuk
c:\windows\system32\config\systemprofile\Application Data\Ikuk\idyx.exe
c:\windows\system32\config\systemprofile\Application Data\Mameh
c:\windows\system32\config\systemprofile\Application Data\Mameh\yxohu.omb
c:\windows\system32\config\systemprofile\Application Data\Oqexyk
c:\windows\system32\config\systemprofile\Application Data\Oqexyk\tole.byz
c:\windows\system32\config\systemprofile\Application Data\Paraes
c:\windows\system32\config\systemprofile\Application Data\Puacke
c:\windows\system32\config\systemprofile\Application Data\Pyefv
c:\windows\system32\config\systemprofile\Application Data\Pyefv\ypiw.exe
c:\windows\system32\config\systemprofile\Application Data\Tuahhu
c:\windows\system32\config\systemprofile\Application Data\Tuahhu\cyimz.exe
c:\windows\system32\config\systemprofile\Application Data\Xofozi
c:\windows\system32\config\systemprofile\Application Data\Xofozi\qiume.exe
c:\windows\system32\config\systemprofile\Application Data\Xogiva
c:\windows\system32\config\systemprofile\Application Data\Xogiva\fuxic.isw
c:\windows\system32\config\systemprofile\Application Data\Ysiky
c:\windows\system32\config\systemprofile\Application Data\Ysiky\yqme.tmp
c:\windows\system32\config\systemprofile\Application Data\Zomep
c:\windows\system32\config\systemprofile\Application Data\Zomep\oxpon.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-22 13:31 . 2010-08-22 13:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-08-21 12:53 . 2010-08-21 12:53 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-07 00:09 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-07 00:09 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-07 00:09 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-07 00:09 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-07 00:09 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-07 00:09 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-07 00:09 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-07 00:09 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-07 00:09 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-07 00:09 . 2010-08-07 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-06 08:45 . 2010-08-06 08:45 105672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-04 17:26 . 2010-08-05 13:13 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-04 15:47 . 2010-08-04 15:47 -------- d-----w- C:\c4046617ce317c1dbc27373519
2010-08-04 15:47 . 2010-08-04 15:51 -------- d-----w- C:\397a74c4e09d3f23bc4b
2010-08-04 13:42 . 2010-08-06 09:13 -------- d-----w- c:\documents and settings\Administrator.RAFI.009\Local Settings\Application Data\Microsoft
2010-08-04 13:42 . 2010-06-29 20:48 38784 ----a-w- c:\documents and settings\Administrator.RAFI.009\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-04 13:42 . 2009-09-05 15:48 -------- d-sh--w- c:\documents and settings\Administrator.RAFI.009\IETldCache
2010-08-04 13:42 . 2010-08-21 12:53 -------- d-----w- c:\documents and settings\Administrator.RAFI.009
2010-08-04 13:00 . 2010-08-04 13:58 -------- d-s---w- c:\documents and settings\Administrator.RAFI.008
2010-08-04 13:00 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.008\Local Settings\Application Data\Microsoft
2010-08-04 13:00 . 2009-09-05 15:48 -------- d-----w- c:\documents and settings\Administrator.RAFI.008\IETldCache
2010-08-03 00:29 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-02 13:11 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.007\Local Settings\Application Data\Microsoft
2010-08-02 13:11 . 2009-09-05 15:48 -------- d-----w- c:\documents and settings\Administrator.RAFI.007\IETldCache
2010-08-02 13:11 . 2010-08-04 13:58 -------- d-s---w- c:\documents and settings\Administrator.RAFI.007
2010-08-02 12:51 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.006\Local Settings\Application Data\Microsoft
2010-08-02 12:51 . 2009-09-05 15:48 -------- d-----w- c:\documents and settings\Administrator.RAFI.006\IETldCache
2010-08-02 12:51 . 2010-08-04 13:58 -------- d-s---w- c:\documents and settings\Administrator.RAFI.006
2010-07-31 09:49 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Raf\Local Settings\Application Data\{E04C0294-C936-40FA-96AA-3D6F3B18D721}
2010-07-30 19:23 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-30 19:23 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-30 19:02 . 2010-07-30 19:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 15:43 . 2010-07-30 15:43 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-30 15:17 . 2010-07-30 14:55 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-30 15:17 . 2010-07-30 14:55 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-30 15:17 . 2009-11-23 10:00 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-07-30 15:17 . 2009-11-23 09:59 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-07-30 15:17 . 2010-07-30 15:17 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-30 15:17 . 2010-07-30 15:17 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-30 15:16 . 2010-07-30 15:16 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-30 15:16 . 2010-07-30 15:16 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-30 15:16 . 2010-07-30 15:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-30 15:12 . 2010-07-30 15:12 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-30 15:12 . 2010-07-30 15:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-30 15:12 . 2010-07-30 15:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-30 15:12 . 2010-07-30 15:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 -------- d-----w- c:\documents and settings\Raf\Local Settings\Application Data\Temp
2010-07-30 15:11 . 2010-07-30 15:11 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-30 15:11 . 2010-07-30 15:11 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-30 15:11 . 2010-07-30 15:11 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-30 14:55 . 2010-08-06 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-30 12:12 . 2010-07-23 16:22 1496064 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-30 12:12 . 2010-07-23 16:22 43008 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-30 12:12 . 2010-07-23 16:22 338944 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-30 12:12 . 2010-07-23 16:22 346112 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-25 11:21 . 2010-03-29 07:53 32576 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-07-25 11:21 . 2010-03-29 07:53 29984 ----a-w- c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 18:43 . 2010-06-29 19:22 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-23 17:50 . 2008-09-18 12:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-22 13:32 . 2008-04-02 18:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-07 11:10 . 2009-04-14 14:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nowo
2010-08-07 11:08 . 2009-01-02 18:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 00:09 . 2008-12-03 14:49 -------- d-----w- c:\program files\Alwil Software
2010-08-07 00:08 . 2010-03-07 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-06 08:08 . 2010-07-30 23:31 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\pnmfzy.dat
2010-08-05 13:04 . 2008-01-05 14:37 -------- d-----w- c:\program files\Microsoft Works
2010-08-04 13:58 . 2010-08-04 13:58 -------- d-----w- c:\documents and settings\Administrator.RAFI.009\Application Data\Sony Corporation
2010-08-03 11:15 . 2008-01-21 23:37 -------- d-----w- c:\documents and settings\Raf\Application Data\DivX
2010-07-31 10:40 . 2009-12-24 19:53 82964 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-31 10:30 . 2008-01-05 17:28 105672 ----a-w- c:\documents and settings\Raf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 19:18 . 2008-09-18 11:43 -------- d-----w- c:\program files\MSBuild
2010-07-30 19:16 . 2008-01-05 14:39 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 15:52 . 2005-08-30 11:17 -------- d-----w- c:\program files\Google
2010-07-30 15:17 . 2008-01-19 19:57 -------- d-----w- c:\program files\DivX
2010-07-30 15:17 . 2009-05-03 17:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-28 11:32 . 2010-07-28 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-28 11:32 . 2010-07-28 11:32 -------- d-----w- c:\program files\NOS
2010-07-12 13:54 . 2010-07-12 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-12 13:54 . 2008-07-07 17:42 -------- d-----w- c:\program files\iTunes
2010-07-12 13:53 . 2010-07-12 13:53 -------- d-----w- c:\program files\iPod
2010-07-12 13:53 . 2008-07-07 17:40 -------- d-----w- c:\program files\Common Files\Apple
2010-07-12 13:44 . 2010-07-12 13:42 -------- d-----w- c:\program files\QuickTime
2010-07-12 13:39 . 2010-07-12 13:39 -------- d-----w- c:\program files\Apple Software Update
2010-07-12 13:32 . 2010-07-12 13:32 -------- d-----w- c:\program files\Bonjour
2010-07-10 16:34 . 2008-01-05 18:24 -------- d-----w- c:\program files\LimeWire
2010-07-02 09:13 . 2009-04-05 10:12 -------- d-----w- c:\program files\Avanquest update
2010-06-30 00:55 . 2010-06-30 00:55 -------- d-----w- c:\documents and settings\Raf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-06-29 23:08 . 2010-06-29 23:08 -------- d-----w- c:\documents and settings\Raf\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-06-29 21:06 . 2009-03-07 20:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-29 21:01 . 2010-06-29 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-29 20:56 . 2005-08-30 10:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-29 20:53 . 2010-06-29 20:53 -------- d-----w- c:\program files\Adobe Media Player
2010-06-29 20:52 . 2005-08-29 19:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 20:49 . 2010-06-29 20:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-29 20:48 . 2008-07-19 00:07 38784 ----a-w- c:\documents and settings\Raf\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-15 19:01 . 2010-06-15 19:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2005-08-30 01:11 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 23:01 . 2008-01-11 22:38 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2005-08-30 09:22 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2005-08-30 09:22 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2005-08-30 09:22 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2009-03-31 21:47 . 2008-12-31 21:01 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [BU]
"VeohPlugin "= "c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [BU]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"DLD.EXE "= "c:\program files\Download Direct\DLD.exe" [BU]
"Rhababex "= "c:\windows\msrnsht.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"VZRemoteCommander "= "c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"PDService.exe "= "c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"PivotSoftware "= "c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-01-12 688128]
"DT HPW "= "c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-01-16 280576]
"VAIO Update 3 "= "c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 546936]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2007-12-20 37376]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [BU]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"F5D7050v3 "= "c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard "= "c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager "= "c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Mfacibiqorefub "= "c:\windows\egakutege.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2008-1-5 778240]

c:\documents and settings\Administrator.RAFI.009\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2008-1-5 778240]

c:\documents and settings\Guest.RAFI\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2008-1-5 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Recording Status.lnk - c:\program files\Sony\vaio entertainment\VzTrayIcon.exe [2008-1-5 299008]
Wireless Client Manager.lnk - c:\program files\Wireless\Client Manager\Cmags.exe [2008-1-5 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 21:07 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe "=
"c:\\Program Files\\iTunes\\iTunesHelper.exe "=
"c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe "=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\LimeWire\\LimeWire 5 Pro\\LimeWire.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10605:TCP "= 10605:TCP:BitComet 10605 TCP
"10605:UDP "= 10605:UDP:BitComet 10605 UDP
"1034:TCP "= 1034:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16/05/2009 11:45 130936]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [29/04/2009 16:23 96384]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/08/2010 01:09 165456]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 15:07 45627]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29/08/2005 19:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/08/2010 01:09 17744]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 11:06 21632]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [04/10/2004 05:47 98304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [31/01/2009 15:49 17152]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [29/04/2009 16:17 155648]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [26/02/2008 22:08 29183504]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [05/04/2009 11:10 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [05/04/2009 11:10 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [05/04/2009 11:10 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [05/04/2009 11:10 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [05/04/2009 11:10 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [05/04/2009 11:10 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [05/04/2009 11:10 115752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/05/2009 11:45 348752]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/02/2008 12:38 715248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-RAFI-Raf.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-29 02:44]

2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-08-23 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-12-23 17:08]

2010-08-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-12-23 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
Trusted Zone: adobe.com\eurostore
Trusted Zone: adobe.com\istore
Trusted Zone: club-vaio.com\www
Trusted Zone: moodlogic.com\www
Trusted Zone: sony-europe.com
Trusted Zone: sony-europe.com\www.club-vaio
Trusted Zone: sony-europe.com\www.vaio
Trusted Zone: sonystyle-europe.com
Trusted Zone: sonystyle-europe.com\shop
Trusted Zone: sonystyle-europe.com\www
Trusted Zone: symantecstore.com\www
Trusted Zone: tvtv.co.uk\www
Trusted Zone: tvtv.de\www
Trusted Zone: tvtv.es\www
Trusted Zone: tvtv.fr\www
Trusted Zone: tvtv.it\www
Trusted Zone: tvtv.nl\www
Trusted Zone: utimaco.com\www
Trusted Zone: vaio-link.com
Trusted Zone: yahoo.com\*.personals
Trusted Zone: yahoo.com\*.rd
FF - ProfilePath - c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\documents and settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {E04C0294-C936-40FA-96AA-3D6F3B18D721} - c:\documents and settings\Raf\Local Settings\Application Data\{E04C0294-C936-40FA-96AA-3D6F3B18D721}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2927975292-1060120474-3591987657-1007\Software\G*e*n*i*e* "!\FM Genie Scout 2009 XE]
"GameDir "= "c:\\Documents and Settings\\Raf\\My Documents\\Sports Interactive\\Football Manager 2009\\games "
"ShortlistDir "= "c:\\Documents and Settings\\Raf\\My Documents\\Sports Interactive\\Football Manager 2009\\shortlists "
"ScreenshotsDir "= "c:\\Documents and Settings\\Raf\\My Documents\\Sports Interactive\\Football Manager 2009 "
"SaveDir "= "c:\\Documents and Settings\\Raf\\My Documents\\Sports Interactive\\Football Manager 2009\\ "
"HistoryDir "= "c:\\DOCUME~1\\Raf\\LOCALS~1\\Temp\\Rar$EX00.515\\FM Genie Scout 2009 XE\\History Points "
"LangDB "= "d:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat "
"LastSaveGame "=" "
"Language "= "English "
"LoadLangDB "=dword:00000001
"CompressHistoryPoints "=dword:00000000
"HighlightedAttributes "=dword:00000000
"MinCondition "=dword:00000050
"SkinName "= "Champions League "
"LastUpdateCheck "=dword:00000000
"HighQualityGUI "=dword:00000001
"AutomaticallyUpdateCheck "=dword:00000001
"AdvancedGeneration "=dword:00000000
"TranslateStaffSkills "=dword:00000001
"TranslatePlayerSkills "=dword:00000001
"TranslatePositions "=dword:00000001
"ShowHistory "=dword:00000001
"Version "=dword:00000067
"UniqueID "= "74-0850-603F "
"UseProxy "=dword:00000000
"ProxyHost "=" "
"ProxyPort "=" "
"UseAuthentication "=dword:00000000
"UserName "=" "
"UserPassword "=" "
"Currency "=dword:00000056
"GraphStep "=dword:00000000

[HKEY_LOCAL_MACHINE\software\Portrait Displays\DisplayTune\PLUG_AP\APPS\{15733AD1-1CEF-459A-9245-0924FC63BDD5}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\HID\Vid_054c&Pid_01db&MI_01&Col05\7&18445798&0&0004\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\LMIinit.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\msv1_0.dll
.
Completion time: 2010-08-23 19:48:11
ComboFix-quarantined-files.txt 2010-08-23 18:48
ComboFix2.txt 2010-08-20 12:32

Pre-Run: 1,521,717,248 bytes free
Post-Run: 1,506,320,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 685E6FF5EF71D9F637915D3F2535120A

broni · 2010/08/23

It looks much better

How is computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Raf18 · 2010/08/24

Thanks. It seems to be running smoother. Not sure if the random tab openings have stopped. Was only on the computer for a short period after the last set of instructions.

OTL.txt - PART 1

OTL logfile created on: 24/08/2010 18:13:13 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Raf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 177.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 2.42 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
Drive D: | 216.59 Gb Total Space | 1.13 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
Drive E: | 166.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 558.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAFI
Current User Name: Raf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 18:12:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raf\Desktop\OTL.exe
PRC - [2010/07/25 12:18:32 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/25 12:18:26 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/24 14:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/02/04 15:11:28 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/07/02 16:16:20 | 000,393,216 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2008/06/20 22:18:05 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/20 16:16:24 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007/10/30 22:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
PRC - [2007/10/25 16:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 16:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 16:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/02/10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/01/25 21:41:00 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/01/16 18:12:04 | 000,280,576 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
PRC - [2007/01/16 18:10:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/01/16 18:10:08 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2007/01/12 16:39:26 | 000,688,128 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/01/12 16:39:10 | 000,688,128 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2005/06/17 20:14:22 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe
PRC - [2005/06/17 20:04:48 | 000,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
PRC - [2005/06/17 18:54:12 | 000,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
PRC - [2005/06/17 07:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/06/15 12:17:46 | 000,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
PRC - [2005/06/15 12:17:44 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/06/15 12:17:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/06/15 12:17:38 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/01/31 11:10:44 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
PRC - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/07/06 15:15:38 | 000,040,960 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PRC - [2003/08/27 06:28:12 | 000,315,392 | ---- | M] () -- C:\Program Files\Wireless\Client Manager\Cmags.exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 18:12:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raf\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/01/12 16:39:30 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/23 11:23:41 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3745.dll -- (Akamai)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/09 06:49:54 | 001,680,928 | ---- | M] (南京纳加软件有限公司) [Auto | Stopped] -- C:\Program Files\putv\tvcode\najia\vjocx.dll -- (vvdsvc)
SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/02/26 22:08:50 | 029,183,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/02/10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/16 18:10:14 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/06/12 14:03:34 | 001,957,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/05/22 12:34:12 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/17 17:19:26 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/06/17 20:04:48 | 000,397,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005/06/17 18:54:12 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005/06/15 12:17:46 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/06/15 12:17:44 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/06/15 12:17:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/06/15 12:17:38 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/06/07 04:38:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/05 14:06:36 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\image converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/01/04 11:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)
SRV - [2004/10/04 05:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\yeddef.sys -- (yeddef)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091231.041\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091231.041\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Raf\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/11/06 11:44:26 | 000,155,648 | R--- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV - [2008/10/17 22:08:05 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/10/17 22:08:04 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/12 17:06:12 | 000,096,384 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\archlp.sys -- (archlp)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/12 02:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2008/02/02 12:38:46 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/12 03:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 02:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/12 02:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/01/12 16:40:40 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/01/12 16:40:38 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/11/28 14:17:14 | 000,246,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/11/16 18:31:40 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2006/11/16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/03/31 17:27:06 | 001,155,672 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/02 16:30:00 | 003,199,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/06/17 15:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/23 18:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 18:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 18:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 02:16:44 | 000,786,816 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/07/06 15:07:06 | 000,045,627 | ---- | M] (Utimaco Safeware AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\privatediskm.sys -- (PrivateDisk)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E04C0294-C936-40FA-96AA-3D6F3B18D721}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/12 07:46:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E04C0294-C936-40FA-96AA-3D6F3B18D721}: C:\Documents and Settings\Raf\Local Settings\Application Data\{E04C0294-C936-40FA-96AA-3D6F3B18D721} [2010/08/04 14:58:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 12:18:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 20:18:31 | 000,000,000 | ---D | M]

[2010/07/10 17:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Mozilla\Extensions
[2010/07/10 17:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/24 15:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions
[2009/08/25 16:18:42 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/25 01:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/30 13:12:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/24 09:59:07 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2010/07/28 12:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\qk41mv49.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/24 15:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/06/12 01:10:42 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/12 01:10:42 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/12 01:10:42 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/12 01:10:42 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/23 19:42:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [Mfacibiqorefub] C:\WINDOWS\egakutege.DLL File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VAIO Update 3] C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe (Sony Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe File not found
O4 - HKCU..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe File not found
O4 - HKCU..\Run: [Rhababex] C:\WINDOWS\msrnsht.DLL File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Recording Status.lnk = C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Client Manager.lnk = C:\Program Files\Wireless\Client Manager\Cmags.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\image converter 2\menu.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe ()
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adobe.com ([eurostore] http in Trusted sites)
O15 - HKCU\..Trusted Domains: adobe.com ([istore] https in Trusted sites)
O15 - HKCU\..Trusted Domains: club-vaio.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: moodlogic.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony-europe.com ([www.club-vaio] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sony-europe.com ([www.vaio] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([shop] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: symantecstore.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tvtv.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tvtv.de ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tvtv.es ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tvtv.fr ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tvtv.it ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tvtv.nl ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: utimaco.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([*.personals] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([*.rd] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199560942718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Raf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Raf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 02:12:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/13 08:37:00 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/10/27 22:44:05 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.at3 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm ()
Drivers32: msacm.CoreFLAC_ACM - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm ()
Drivers32: msacm.divxa32 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.imc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\imc32.acm (Intel Corporation)
Drivers32: msacm.l3acm - D:\Program Files\ACE Mega CoDecS Pack\SystemS\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - D:\Program Files\ACE Mega CoDecS Pack\SystemS\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.pcdv - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm (Canopus Co., Ltd.)
Drivers32: msacm.qmpeg - D:\Program Files\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm (QDesign Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - D:\Program Files\ACE Mega CoDecS Pack\SystemS\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\Program Files\ACE Mega CoDecS Pack\SystemS\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - D:\Program Files\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.aas4 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.aasc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.advj - D:\Program Files\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)
Drivers32: vidc.advs - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Adaptec\dvc.dll (Adaptec)
Drivers32: vidc.aflc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.afli - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.ap41 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.asv1 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll ()
Drivers32: vidc.asv2 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()
Drivers32: vidc.asvx - D:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()
Drivers32: vidc.avi1 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.avi2 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.avrn - D:\Program Files\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)
Drivers32: vidc.bt20 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)
Drivers32: vidc.cdvc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\csccdvc.dll (Canopus Co., Ltd.)

Raf18 · 2010/08/24

OTL.txt - PART 2

Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cram - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.cscd - D:\Program Files\ACE Mega CoDecS Pack\SystemS\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - D:\Program Files\ACE Mega CoDecS Pack\SystemS\iccvid.dll (Compression Technologies, Inc.)
Drivers32: vidc.davc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll (dicas)
Drivers32: vidc.dcap - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.dcmj - D:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.ddvc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\cscdvsd.dll (Canopus Co., Ltd.)
Drivers32: vidc.div3 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.div4 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.div5 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.div6 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dmb2 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.dv25 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.dvc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvcp - D:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)
Drivers32: vidc.dvcs - D:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvsd - D:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvx4 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\DivX4.dll (DivXNetworks, Inc.)
Drivers32: vidc.em2v - D:\Program Files\ACE Mega CoDecS Pack\SystemS\etxcodec.dll (Etymonix Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.frwa - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll (Darim Vision Co.)
Drivers32: vidc.frwd - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwt - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwu - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll (Darim Vision Co.)
Drivers32: vidc.gepj - D:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.glzw - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Gabest\glzw.dll (Gabest)
Drivers32: vidc.gpeg - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Gabest\gpeg.dll (Gabest)
Drivers32: vidc.gpjm - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.hfyu - D:\Program Files\ACE Mega CoDecS Pack\SystemS\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv (Intel Corporation)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.ipdv - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.ir21 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()
Drivers32: vidc.iv30 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv31 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv33 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv34 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv35 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv36 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv37 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv38 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv39 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv40 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv41 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv42 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv43 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv44 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv45 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv46 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv47 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv48 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv49 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.lead - D:\Program Files\ACE Mega CoDecS Pack\SystemS\LEAD\lcodccmp.dll (LEAD Technologies, Inc.)
Drivers32: vidc.m261 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv (Microsoft Corporation)
Drivers32: vidc.m263 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)
Drivers32: vidc.miro - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.mjpa - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.mjpx - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mkvc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll ()
Drivers32: vidc.mmes - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mmjp - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mp41 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp42 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp43 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp4s - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp4v - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mpg3 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.mpg4 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mrle - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msmc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.msvc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.mszh - D:\Program Files\ACE Mega CoDecS Pack\SystemS\avimszh.dll ()
Drivers32: vidc.mtx1 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx2 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx3 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx4 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx5 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx6 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx7 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx8 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx9 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mwv1 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll (Aware Inc.)
Drivers32: vidc.nt00 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll (NewTek, Inc)
Drivers32: vidc.pdvc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.pim1 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.pimj - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll (Pegasus Imaging Corporation)
Drivers32: vidc.png1 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll ()
Drivers32: vidc.pvw2 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll (Pegasus Imaging Corporation)
Drivers32: vidc.q1.0 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)
Drivers32: vidc.qpeg - D:\Program Files\ACE Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)
Drivers32: vidc.rmp4 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll ()
Drivers32: vidc.rt21 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()
Drivers32: vidc.rud0 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll (nico)
Drivers32: vidc.s422 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll ()
Drivers32: vidc.sjpg - D:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.sony - D:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)
Drivers32: vidc.t420 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.tscc - D:\Program Files\ACE Mega CoDecS Pack\SystemS\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vcr1 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll (ATI Technologies, Inc.)
Drivers32: vidc.vcr2 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll (ATI Technologies, Inc.)
Drivers32: vidc.vifp - D:\Program Files\ACE Mega CoDecS Pack\SystemS\vfcodec.dll ()
Drivers32: vidc.vixl - D:\Program Files\ACE Mega CoDecS Pack\SystemS\MIRO\miroxl32.dll (Pinnacle Systems)
Drivers32: vidc.vp30 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)
Drivers32: vidc.vp31 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)
Drivers32: vidc.vp60 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)
Drivers32: vidc.vssv - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll (Vanguard Software Solutions, Inc.)
Drivers32: vidc.wmv3 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.wnv1 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll (Winnov)
Drivers32: vidc.wrpr - D:\Program Files\ACE Mega CoDecS Pack\SystemS\aviwrap.dll ()
Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.y411 - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.y41p - D:\Program Files\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.zlib - D:\Program Files\ACE Mega CoDecS Pack\SystemS\avizlib.dll ()
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 18:12:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Raf\Desktop\OTL.exe
[2010/08/24 18:11:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/24 16:10:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/23 19:10:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/23 18:46:55 | 000,254,120 | ---- | C] (Kontiki Inc.) -- C:\Documents and Settings\Raf\Desktop\KClean.exe
[2010/08/22 14:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/20 12:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/08 09:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/08/07 01:09:26 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/07 01:09:26 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/07 01:09:26 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/07 01:09:26 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/07 01:09:25 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/07 01:09:25 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/07 01:09:25 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/07 01:09:14 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/07 01:09:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/07 01:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/07 00:37:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Raf\Desktop\mbam-setup(2).exe
[2010/08/07 00:32:27 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Raf\Desktop\Norton_Removal_Tool.exe
[2010/08/07 00:31:46 | 000,137,568 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Raf\Desktop\buDump.exe
[2010/08/04 18:26:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/08/04 16:47:39 | 000,000,000 | ---D | C] -- C:\c4046617ce317c1dbc27373519
[2010/08/04 16:47:20 | 000,000,000 | ---D | C] -- C:\397a74c4e09d3f23bc4b
[2010/08/03 01:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/03 01:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/31 10:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Local Settings\Application Data\{E04C0294-C936-40FA-96AA-3D6F3B18D721}
[2010/07/30 22:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Desktop\Applications
[2010/07/30 20:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/07/30 20:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/07/30 16:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/30 16:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Local Settings\Application Data\Temp
[2010/07/30 16:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/07/30 15:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/28 12:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/28 12:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/12 14:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/12 14:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/12 14:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/12 14:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/12 14:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/30 01:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/30 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Desktop\backgrounds
[2010/06/30 00:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/29 22:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/29 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/29 21:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/29 20:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\My Documents\Downloads
[2010/06/29 20:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Desktop\Adobe CS5
[2010/06/29 20:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/06/29 16:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Desktop\Tottenham 0910
[2010/06/29 16:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Desktop\P
[2010/06/29 15:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\Desktop\OFFICE CD
[2010/06/29 14:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\My Documents\STUDIES
[2010/06/29 14:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\My Documents\Old Desktop stuff that wasnt deleted
[2010/06/29 14:36:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/06/07 14:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raf\My Documents\6LR
[9 C:\Documents and Settings\Raf\Desktop\*.tmp files -> C:\Documents and Settings\Raf\Desktop\*.tmp -> ]
[36 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Raf\My Documents\*.tmp files -> C:\Documents and Settings\Raf\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/24 18:12:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raf\Desktop\OTL.exe
[2010/08/24 17:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2010/08/24 13:37:13 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\Raf\ntuser.dat
[2010/08/24 13:10:44 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/24 13:09:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 13:09:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 13:09:28 | 1071,845,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 08:30:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Raf\ntuser.ini
[2010/08/23 22:28:09 | 000,411,609 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\cv.pdf
[2010/08/23 22:25:29 | 000,304,640 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\cv.doc
[2010/08/23 19:43:01 | 000,009,415 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/23 19:42:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/23 19:10:18 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/23 19:04:58 | 000,258,760 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\1.JPG
[2010/08/23 18:46:55 | 000,254,120 | ---- | M] (Kontiki Inc.) -- C:\Documents and Settings\Raf\Desktop\KClean.exe
[2010/08/23 17:36:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/23 01:20:07 | 000,192,000 | ---- | M] () -- C:\Documents and Settings\Raf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 15:30:58 | 214,144,182 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\Stoke_City_vs._Tottenham_Hotspur_8-21-2010_2nd_Half.asf
[2010/08/22 14:32:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 14:24:43 | 209,518,182 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\Stoke_City_vs._Tottenham_Hotpsur_8-21-2010_1st_Half.asf
[2010/08/21 18:50:22 | 002,110,174 | -H-- | M] () -- C:\Documents and Settings\Raf\Local Settings\Application Data\IconCache.db
[2010/08/21 14:00:25 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/21 14:00:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/21 13:55:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 12:10:09 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\combofix.bmp
[2010/08/20 09:41:18 | 246,682,441 | ---- | M] () -- C:\Documents and Settings\Raf\My Documents\Internacional_vs._Chivas_Guadalajara_8-18-2010_2nd_Half.wmv
[2010/08/20 09:09:18 | 137,548,617 | ---- | M] () -- C:\Documents and Settings\Raf\My Documents\Internacional_vs._Chivas_Guadalajara_8-18-2010_1st_Half.wmv
[2010/08/20 08:23:03 | 000,616,712 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/20 08:23:03 | 000,134,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/09 10:51:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/09 02:00:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-RAFI-Raf.job
[2010/08/07 12:04:30 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/08/07 00:37:29 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Raf\Desktop\mbam-setup(2).exe
[2010/08/07 00:33:27 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\MBRCheck.exe
[2010/08/07 00:33:12 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\setup_av_free.exe
[2010/08/07 00:33:03 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\lkrtj75r.exe
[2010/08/07 00:32:27 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Raf\Desktop\Norton_Removal_Tool.exe
[2010/08/07 00:31:46 | 000,137,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Raf\Desktop\buDump.exe
[2010/08/06 18:27:12 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\dds.scr
[2010/08/06 09:45:03 | 000,105,672 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/08/06 09:05:43 | 003,668,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/04 18:16:12 | 000,743,458 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/04 18:12:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/04 18:08:56 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/04 17:45:47 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/31 11:40:32 | 000,082,964 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/31 11:30:18 | 000,105,672 | ---- | M] () -- C:\Documents and Settings\Raf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/30 16:17:07 | 000,001,467 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\DivX Movies.lnk
[2010/07/30 16:12:59 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/30 16:11:49 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/12 14:43:31 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/10 17:35:06 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\Raf\Desktop\LimeWire 5.5.8.lnk
[2010/07/02 20:00:04 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Raf\Application Data\Adobe PNG Format CS5 Prefs
[2010/06/29 17:20:42 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 02:19:33 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Raf\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/26 02:19:33 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[9 C:\Documents and Settings\Raf\Desktop\*.tmp files -> C:\Documents and Settings\Raf\Desktop\*.tmp -> ]
[36 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Raf\My Documents\*.tmp files -> C:\Documents and Settings\Raf\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/23 22:28:08 | 000,411,609 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\cv.pdf
[2010/08/23 22:25:29 | 000,304,640 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\cv.doc
[2010/08/23 19:10:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/23 19:10:11 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/23 19:04:58 | 000,258,760 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\1.JPG
[2010/08/22 15:03:38 | 214,144,182 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\Stoke_City_vs._Tottenham_Hotspur_8-21-2010_2nd_Half.asf
[2010/08/22 13:54:26 | 209,518,182 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\Stoke_City_vs._Tottenham_Hotpsur_8-21-2010_1st_Half.asf
[2010/08/21 13:55:13 | 1071,845,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/20 12:10:08 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\combofix.bmp
[2010/08/20 09:09:49 | 246,682,441 | ---- | C] () -- C:\Documents and Settings\Raf\My Documents\Internacional_vs._Chivas_Guadalajara_8-18-2010_2nd_Half.wmv
[2010/08/20 08:50:52 | 137,548,617 | ---- | C] () -- C:\Documents and Settings\Raf\My Documents\Internacional_vs._Chivas_Guadalajara_8-18-2010_1st_Half.wmv
[2010/08/19 16:44:43 | 000,057,045 | ---- | C] () -- C:\Documents and Settings\Raf\My Documents\article-1165610-0425137A000005DC-188_468x677.jpg
[2010/08/18 15:16:53 | 013,893,632 | ---- | C] () -- C:\Documents and Settings\Raf\ntuser.dat
[2010/08/07 01:09:27 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/07 00:33:27 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\MBRCheck.exe
[2010/08/07 00:33:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\lkrtj75r.exe
[2010/08/07 00:32:49 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\setup_av_free.exe
[2010/08/06 18:27:12 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\dds.scr
[2010/08/04 18:08:56 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/30 16:17:07 | 000,001,467 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\DivX Movies.lnk
[2010/07/30 16:12:59 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/30 16:11:49 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/12 14:54:59 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/12 14:43:31 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/10 17:35:06 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\Raf\Desktop\LimeWire 5.5.8.lnk
[2010/06/30 00:23:34 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Raf\Application Data\Adobe PNG Format CS5 Prefs
[2010/06/30 00:07:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-RAFI-Raf.job
[2009/12/25 12:55:07 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/08 21:02:10 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2009/09/05 16:56:27 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Raf\Application Data\setup_ldm.iss
[2009/09/03 15:19:15 | 000,823,296 | ---- | C] () -- C:\WINDOWS\j3dcore-d3d.dll
[2009/09/03 15:19:15 | 000,163,840 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl.dll
[2009/09/03 15:19:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl-chk.dll
[2009/09/03 15:19:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl-cg.dll
[2009/08/16 10:09:31 | 000,000,041 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/02 11:52:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2009/08/02 11:52:46 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2009/08/02 11:52:44 | 000,001,175 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009/04/29 16:23:25 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\archlp.sys
[2009/04/29 16:21:07 | 000,000,659 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2009/04/29 16:20:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2009/04/29 16:20:11 | 000,001,980 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/04/29 16:17:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/03/22 20:33:44 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/10 19:21:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Raf\Local Settings\Application Data\PUTTY.RND
[2008/09/22 17:41:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/09/22 17:39:37 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/18 14:13:20 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/09/18 14:13:19 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2008/09/05 11:59:57 | 000,006,353 | ---- | C] () -- C:\WINDOWS\UN070618.INI
[2008/08/12 10:44:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/08/12 10:44:09 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/19 08:59:51 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/04/02 19:18:06 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Raf\Local Settings\Application Data\fusioncache.dat
[2008/01/22 23:37:00 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/11 21:03:43 | 000,579,602 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/01/09 18:36:39 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/09 18:36:36 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/05 19:22:37 | 000,192,000 | ---- | C] () -- C:\Documents and Settings\Raf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/05 15:46:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2008/01/05 15:40:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/05 15:35:19 | 000,000,211 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/05 15:33:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/08/09 13:08:04 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/05/22 12:47:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/05/21 22:56:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/08/30 14:52:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/30 11:22:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/30 11:22:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/30 11:22:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/30 11:22:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/30 11:22:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/30 11:22:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/30 11:04:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/30 02:14:52 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/29 19:00:51 | 000,001,906 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/02 16:30:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 16:30:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/08/02 16:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 16:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/08 17:40:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010/08/07 01:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/04/05 11:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/11/05 20:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/07/01 13:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/08/02 11:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2010/06/29 22:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/04/05 11:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/12/03 22:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/08/23 18:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/12 14:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/25 10:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 11:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/04 20:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\AutoTransfer
[2009/07/24 10:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\BraCa_Soft
[2010/06/30 01:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/02 21:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\DAEMON Tools
[2008/01/05 15:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\DisplayTune
[2009/09/05 12:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\EA
[2008/11/05 20:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\GlobalSCAPE
[2009/08/26 13:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\gtk-2.0
[2008/02/29 15:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\InterVideo
[2009/03/07 13:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Livestation
[2009/07/14 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\ManyCam
[2009/09/22 18:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Opera
[2008/12/31 17:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\PCToolsFirewallPlus
[2008/12/31 17:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\PCToolsSpamMonitorPlus
[2008/11/15 23:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\PowerChallenge
[2009/08/02 11:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\PPLive
[2009/08/02 11:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\ppStream
[2008/04/02 19:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Publish Providers
[2008/09/22 17:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Samsung
[2009/04/30 13:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Serif
[2009/05/04 15:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Sony
[2008/09/18 12:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Sony Setup
[2010/04/13 20:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Sports Interactive
[2009/07/05 10:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Spotify
[2010/06/30 00:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008/02/08 21:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\streamripper
[2009/04/20 23:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\TeamViewer
[2009/05/08 14:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raf\Application Data\Thinstall

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/03/25 17:49:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2005/08/30 02:12:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/01/05 15:22:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/23 19:10:18 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/23 19:48:13 | 000,041,608 | ---- | M] () -- C:\ComboFix.txt
[2005/08/30 02:12:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/24 10:11:17 | 000,000,135 | ---- | M] () -- C:\error.log
[2010/08/24 13:09:28 | 1071,845,376 | -HS- | M] () -- C:\hiberfil.sys
[2005/08/30 02:12:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/30 02:12:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/09 16:31:58 | 000,000,007 | ---- | M] () -- C:\NOTACER.ID
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/21 10:50:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/24 13:09:22 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/01/05 15:46:40 | 000,000,172 | ---- | M] () -- C:\pdisdk.log
[2008/01/05 15:46:20 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2009/01/01 19:59:00 | 000,007,052 | ---- | M] () -- C:\rapport.txt
[2009/11/27 17:25:28 | 000,005,873 | ---- | M] () -- C:\Rescued document.txt
[2008/07/07 12:30:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/07/13 00:27:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/08/12 14:48:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/09/04 13:37:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/13 23:16:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/14 00:55:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/28 13:35:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/11 23:08:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/06/12 21:54:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/07/03 14:25:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/07/04 11:50:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/06/25 09:49:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/06/25 09:50:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/06/25 09:50:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/06/28 15:57:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/06/28 16:25:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/06/30 12:30:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/06/30 12:33:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/06/30 15:39:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/07/01 13:36:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/07/07 12:30:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/07/13 00:27:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/08/12 14:48:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/09/04 13:37:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/13 23:16:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/14 00:55:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/28 13:35:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/06/11 23:08:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/06/12 21:54:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/07/03 14:25:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/07/04 11:50:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/06/25 09:49:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/06/25 09:50:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/06/25 09:50:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/06/28 15:57:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/06/28 16:25:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/06/30 12:30:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/06/30 12:33:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/06/30 15:39:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/07/01 13:36:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/12/31 18:13:21 | 000,000,027 | ---- | M] () -- C:\Tray.txt
[2010/08/06 10:36:48 | 000,000,690 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/10/17 22:07:59 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[36 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/29 19:07:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/29 19:07:33 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/29 19:07:32 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[36 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[36 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[36 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 424 bytes -> C:\Documents and Settings\Raf\My Documents\Site3EG.wpp:SummaryInformation
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\Raf\My Documents\V2.wpp:SummaryInformation
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\Raf\My Documents\V2 new colours.wpp:SummaryInformation
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\Raf\My Documents\prem.wpp:SummaryInformation
@Alternate Data Stream - 396 bytes -> C:\Documents and Settings\Raf\My Documents\FristSite.wpp:SummaryInformation
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

Raf18 · 2010/08/24

Extras.txt

OTL Extras logfile created on: 24/08/2010 18:13:14 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Raf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 177.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 2.42 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
Drive D: | 216.59 Gb Total Space | 1.13 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
Drive E: | 166.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 558.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAFI
Current User Name: Raf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10605:TCP" = 10605:TCP:*:Enabled:BitComet 10605 TCP
"10605:UDP" = 10605:UDP:*:Enabled:BitComet 10605 UDP
"1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\VAIO Event Service\VESMgr.exe" = C:\Program Files\Sony\VAIO Event Service\VESMgr.exe:*:Enabled:VESMgr -- (Sony Corporation)
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" = C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe:*:Enabled:apdproxy -- (Adobe Systems Incorporated)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire 5 Pro\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire 5 Pro\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01AE599F-7B72-4135-8C56-9191F4ACBA88}" = VAIO Edit Components
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BC428A-F2A5-4E11-8130-10C3237FD67B}" = Serif WebPlus X2 Resources
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25CF0627-2EF6-4FCE-A0DE-7D6350C774B2}" = VAIO Original Screen Saver VAIO Scene HD Normal Contents
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{275643A4-881B-4CEA-9F37-99CF7DA396C8}" = SICStus Prolog 4.0.5
"{27678F85-7234-4CEB-B84D-2C44E9C4B18E}" = Wireless Client Manager V3.30
"{29999594-B540-4C88-A8D3-C99CA43809FC}" = Image Converter 2
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0160040}" = Java(TM) SE Development Kit 6 Update 4
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{332B1B33-D0EE-4A0A-AB2F-12BF56BCE1C3}" = FaceGen Modeller 3.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{48E9DE14-39D1-4974-91A6-D4E1836F648D}" = SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version
"{51FD8515-2F15-4E6D-A93C-BC6988AEC29A}" = Sony Media Manager 2.3
"{531C0C3A-7112-4986-8222-5778FB547D81}" = VAIO Original Screen Saver VAIO Motion HD Normal Contents
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57689BE0-BFA7-11DD-AD8B-0800200C9A66}" = Livestation
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}" = Sony Vegas 6.0
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 4.0
"{7621164F-4F72-43DD-B116-9C5043359B22}" = Wireless Client
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7998F67D-655B-42E3-B651-18D96DD17268}" = Adobe Premiere Standard
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 4.2
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9E158BB9-37B9-464B-837E-CC1D5766291B}" = VAIO Update 3
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9E912C47-345C-4306-9272-36DC42E06B01}" = UScreenCapture (x86)
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{9F7F073B-CBC1-4588-9B21-D21971173301}" = FaceGen Modeller 3.2 Free
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43F939E-A863-433D-AC78-0897E44CFEB2}" = VAIO Launcher
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4870F16-380A-47D5-B30F-45A99FED3403}" = Click to DVD 2.4.12
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE86AE81-CD7F-496F-A39F-0210C985E71B}" = FM Modifier 2.25
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 4.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC5E5F8F-0BA2-480A-94C4-0E65D4FA8238}" = Click to DVD 2.4.12
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}" = Sony Media Manager 2.0
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}" = VAIO TV Tuner Library 1.4
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}" = VAIO Zone Remote Commander
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.4.12
"{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}" = VAIO Zone
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F727EF84-6C10-45B0-B57F-6AA6FF95980A}" = FaceGen Customizer 1.1
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Akamai" = Akamai NetSession Interface
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BitComet" = BitComet 0.98
"BlueJ_is1" = BlueJ 2.5.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ffdshow" = ffdshow
"FLV Player" = FLV Player 2.0, build 23
"fmXML_is1" = fmXML version 0.3
"Grand Theft Auto IV Screenshot" = Grand Theft Auto IV Screenshot Screen Saver
"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Incomedia WebSite X5 v8 - Evolution" = Incomedia WebSite X5 v8 - Evolution
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO Online Registration (English)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{A637BCEE-03EB-4F17-B1F2-BA61093A10A5}" = LimeWire
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F727EF84-6C10-45B0-B57F-6AA6FF95980A}" = FaceGen Customizer 1.1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.4
"KPT 6" = KPT 6
"LimeWire" = LimeWire 5.5.8
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.3 (remove only)
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MoodLogic" = MoodLogic
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"OPFlashSee" = FlashSee
"PROSet" = Intel(R) PRO Network Connections Drivers
"PUÃÃ¸Ã‚Ã§µÃ§ÃŠÃ“" = PUÃÃ¸Ã‚Ã§µÃ§ÃŠÃ“
"PuTTY_is1" = PuTTY version 0.60
"QcDrv" = Logitech® Camera Driver
"RapidLeecher" = RapidLeecher
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SohuPlayer" = Sogou PXP Accelerator 1.0.0.10
"SopCast" = SopCast 3.0.1
"Spyware Doctor" = Spyware Doctor 6.0
"The Cleaner_is1" = The Cleaner 2010
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.5.4
"UN070618" = BUFFALO TurboUSB for FLASH/HDD
"UnityWebPlayer" = Unity Web Player
"Videora iPod touch Converter" = Videora iPod touch Converter 3.08
"VLC media player" = VLC media player 0.9.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WM Capture" = WM Capture
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x264 Revision 527 x264.nl" = x264 Revision 527 x264.nl (remove only)
"XoftSpySE" = XoftSpySE
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo" = Zattoo 3.3.2 Beta

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/08/2010 11:59:47 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/08/2010 11:59:47 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30000

Error - 23/08/2010 11:59:47 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30000

Error - 23/08/2010 11:59:50 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/08/2010 11:59:50 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32125

Error - 23/08/2010 11:59:50 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32125

Error - 23/08/2010 11:59:52 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/08/2010 11:59:52 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34172

Error - 23/08/2010 11:59:52 | Computer Name = RAFI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34172

Error - 23/08/2010 13:16:53 | Computer Name = RAFI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 23/08/2010 14:27:06 | Computer Name = RAFI | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 23/08/2010 14:27:16 | Computer Name = RAFI | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 23/08/2010 14:27:45 | Computer Name = RAFI | Source = Service Control Manager | ID = 7034
Description = The Portrait Displays Display Tune Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 23/08/2010 14:27:45 | Computer Name = RAFI | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 24/08/2010 02:34:21 | Computer Name = RAFI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 24/08/2010 02:34:21 | Computer Name = RAFI | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 24/08/2010 02:34:32 | Computer Name = RAFI | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

Error - 24/08/2010 08:10:10 | Computer Name = RAFI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 24/08/2010 08:10:10 | Computer Name = RAFI | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 24/08/2010 13:09:45 | Computer Name = RAFI | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

broni · 2010/08/24

Keep me posted on this...

================================================================

You're running extremely low on C drive free space:

At this level, your computer may not boot anymore, couple of days from now.
You have to start moving stuff out.

==============================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

===============================================================

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [Mfacibiqorefub] C:\WINDOWS\egakutege.DLL File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe File not found
O4 - HKCU..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe File not found
O4 - HKCU..\Run: [Rhababex] C:\WINDOWS\msrnsht.DLL File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[9 C:\Documents and Settings\Raf\Desktop\*.tmp files -> C:\Documents and Settings\Raf\Desktop\*.tmp -> ]
[36 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Raf\My Documents\*.tmp files -> C:\Documents and Settings\Raf\My Documents\*.tmp -> ]
[2008/07/07 12:30:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/07/13 00:27:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/08/12 14:48:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/09/04 13:37:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/13 23:16:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/14 00:55:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/28 13:35:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/11 23:08:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/06/12 21:54:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/07/03 14:25:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/07/04 11:50:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/06/25 09:49:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/06/25 09:50:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/06/25 09:50:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/06/28 15:57:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/06/28 16:25:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/06/30 12:30:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/06/30 12:33:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/06/30 15:39:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/07/01 13:36:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/07/07 12:30:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/07/13 00:27:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/08/12 14:48:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/09/04 13:37:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/13 23:16:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/14 00:55:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/28 13:35:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/06/11 23:08:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/06/12 21:54:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/07/03 14:25:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/07/04 11:50:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/06/25 09:49:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/06/25 09:50:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/06/25 09:50:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/06/28 15:57:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/06/28 16:25:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/06/30 12:30:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/06/30 12:33:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/06/30 15:39:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/07/01 13:36:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
@Alternate Data Stream - 424 bytes -> C:\Documents and Settings\Raf\My Documents\Site3EG.wpp:SummaryInformation
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\Raf\My Documents\V2.wpp:SummaryInformation
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\Raf\My Documents\V2 new colours.wpp:SummaryInformation
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\Raf\My Documents\prem.wpp:SummaryInformation
@Alternate Data Stream - 396 bytes -> C:\Documents and Settings\Raf\My Documents\FristSite.wpp:SummaryInformation
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

broni · 2010/08/29

Are you still out there?

Log in or Sign up

Inactive svchost - taskbar turns grey,random tabs open, no internet

Raf18 Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive svchost - taskbar turns grey,random tabs open, no internet

Raf18 Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

Raf18 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches