Solved patah Hati.doc.exe worm cant remove.

chiefmissile · 2010/10/05

[Resolved] patah Hati.doc.exe worm cant remove.

Hi,

I have picked up this patah Hati worm from work and i can't remove it. It started on my USB flash drive and has now spead to my Lap tops C drive. All attempts to remove this worm using AVG and Microsoft Security Essentials have failed. I am unable to copy documents move documents or reformat the flash drive. Furthermore it is now on my C drive!!

Any attempts to remove it seems to one step ahead of the anti virus. Any help would be greatly appreciated thanks.

Andrew

PeteC · 2010/10/05

Please read this as indicated at the head of the forum and post the logs requested in this thread.

chiefmissile · 2010/10/05

DDS (Ver_10-03-17.01) - NTFSx86
Run by drew at 15:36:58.21 on 05/10/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.1265 [GMT 1:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Broadband Internet\Broadband Internet.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\drew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G471OT48\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.uk/
uWindow Title = Microsoft Internet Explorer
uDefault_Page_URL = hxxp://www.fujitsu-siemens.com/index2
mStart Page = about:blank
mDefault_Page_URL =
mDefault_Search_URL =
mSearch Page =
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe "
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
uPolicies-explorer: NoFolderOptions = 00000000
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoFolderOptions = 00000000
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090618123620
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280723831996
DPF: {7CF3E7C4-6112-4D72-A0CD-D0AD7EEB5467} - hxxp://www.packetix.net/en/special/files/vpn2_5350_en/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
TCP: {5AD045B9-20C6-4666-A899-05BE652F55BA} = 10.13.32.1
TCP: {97B90086-8B88-4B98-BEC4-A332BCA0A8C8} = 188.135.0.23 188.135.0.24
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\drew\appdata\roaming\mozilla\firefox\profiles\0x3g8mve.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://shop.thefreevpn.com/home.php
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm493YYOM&ptb=Wp5oZJJB9aIws8mXG46L0g&psa=&ind=2010040109&ptnrS=ZUxdm493YYOM&si=&st=kwd&n=77cec72d&searchfor=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\drew\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-1 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-1 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 243024]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2009-2-26 1940992]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-7-3 9216]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-2 21504]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-9-10 6628352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c4b316ffba0;Google Update Service (gupdate1c9c4b316ffba0);c:\program files\google\update\GoogleUpdate.exe [2009-4-24 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-7-14 113152]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [2009-4-1 8064]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-14 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Huawei;Vodafone Mobile Broadband - USB Smart Card Reader (Huawei);c:\windows\system32\drivers\ewdcsc.sys [2010-7-14 23424]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-5-6 42512]
S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2008-10-10 118784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-04 06:45:44 0 d-----w- c:\program files\Microsoft Security Essentials
2010-10-04 06:21:01 0 d-----w- c:\programdata\PC Tools
2010-10-02 16:44:52 328593747 ----a-w- c:\windows\MEMORY.DMP
2010-10-01 16:07:06 0 d-----w- C:\DVDVolume
2010-10-01 05:52:54 0 d-----w- C:\Rbackup
2010-09-29 11:09:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-22 13:39:11 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-22 13:39:11 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-22 13:39:11 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-22 13:39:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-22 13:39:10 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-22 13:39:10 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-22 13:39:10 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-22 13:39:10 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-22 13:39:10 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-22 13:39:10 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-22 13:39:10 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-22 13:39:10 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-22 13:37:28 0 d-----w- c:\program files\Feedback Tool
2010-09-22 08:04:20 0 d--h--w- C:\$AVG
2010-09-15 06:30:41 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:30:38 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:30:36 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:29:43 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 10:05:35 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-10 05:53:32 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-09-10 05:53:32 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-09-10 05:53:32 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-09-10 05:23:14 0 d-----w- c:\windows\system32\Lang
2010-09-10 05:23:13 997912 ----a-w- c:\windows\system32\igxpun.exe
2010-09-10 05:11:55 116 ----a-w- c:\windows\system32\SpywareCease.lie
2010-09-10 04:58:19 0 d-----w- c:\program files\MSN Toolbar
2010-09-10 04:56:36 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-09-10 04:56:36 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-09-10 04:56:20 0 d-----w- c:\program files\Realtek
2010-09-10 04:54:12 0 d-----w- c:\program files\MSN Toolbar Installer
2010-09-10 04:25:49 6628352 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2010-09-10 04:25:49 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-09-10 03:40:32 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-09-10 03:40:31 0 d-----w- c:\program files\Driver Checker
2010-09-10 03:16:35 0 d-----w- c:\program files\AdvancedDefrag
2010-09-10 03:08:02 42 ----a-w- c:\windows\system32\scud.udf
2010-09-10 02:57:08 42 ----a-w- c:\windows\system32\AK083E209605E394C.lie
2010-09-10 02:56:59 0 d-----w- c:\program files\Perfect Uninstaller
2010-09-10 02:48:09 42 ----a-w- c:\windows\system32\RegistryEasy.lie
2010-09-10 02:26:17 0 d-----w- c:\program files\Registry Easy

==================== Find3M ====================

2010-10-05 13:20:16 86016 ----a-w- c:\windows\inf\infpub.dat
2010-10-05 13:20:15 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-10-03 12:18:44 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-10 05:24:00 143360 ----a-w- c:\windows\inf\infstor.dat
2010-09-10 04:25:49 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2010-09-10 04:21:29 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-10 03:55:08 174 --sha-w- c:\program files\desktop.ini
2010-08-31 23:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-08-31 23:44:24 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-08-31 23:44:06 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-08-31 23:43:22 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-08-31 23:43:12 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-08-31 23:43:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-31 23:43:12 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-08-31 23:43:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 23:43:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 23:42:58 51200 ----a-w- c:\windows\system32\admparse.dll
2010-08-31 23:42:54 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-08-31 23:42:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-08-31 23:42:42 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-08-31 23:42:42 149504 ----a-w- c:\windows\system32\wextract.exe
2010-08-31 23:42:20 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-08-31 23:42:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-31 23:42:12 11264 ----a-w- c:\windows\system32\mshta.exe
2010-08-31 23:41:46 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-12 20:12:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 14:04:14 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-16 15:10:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-17 17:46:00 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-02-22 18:26:09 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-18 10:23:28 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-08-18 10:23:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2009-08-18 10:23:28 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2008-01-29 10:51:00 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:41:34.15 ===============

chiefmissile · 2010/10/05

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/10/2008 00:02:05
System Uptime: 10/05/2010 13:56:32 (3554 hours ago)

Motherboard: FUJITSU SIEMENS | | ESPRIMO Mobile V5505
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | U2E1 | 2000/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 231 GiB total, 76.905 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is CDROM ()
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP792: 21/09/2010 15:27:01 - Scheduled Checkpoint
RP793: 22/09/2010 05:07:10 - Scheduled Checkpoint
RP794: 22/09/2010 07:58:00 - Installed Windows 7 Upgrade Advisor
RP795: 22/09/2010 14:38:53 - Windows Update
RP796: 22/09/2010 14:40:10 - Windows Update
RP797: 22/09/2010 15:24:04 - Restore Operation
RP798: 22/09/2010 15:29:33 - Restore Operation
RP799: 22/09/2010 15:41:01 - Restore Operation
RP801: 23/09/2010 16:01:59 - Avg Update
RP803: 23/09/2010 16:04:53 - Avg Update
RP804: 25/09/2010 14:35:03 - Scheduled Checkpoint
RP805: 27/09/2010 14:59:25 - Scheduled Checkpoint
RP806: 29/09/2010 12:20:42 - Windows Update
RP807: 01/10/2010 05:31:25 - Removed Compatibility Pack for the 2007 Office system
RP809: 01/10/2010 05:47:46 - Removed SonicStage
RP810: 01/10/2010 06:37:04 - Removed Windows 7 Upgrade Advisor
RP811: 01/10/2010 10:29:45 - Windows Update
RP812: 01/10/2010 10:49:54 - Windows Update
RP813: 01/10/2010 11:05:15 - Windows Update
RP814: 01/10/2010 15:37:05 - Windows Update
RP815: 01/10/2010 15:38:57 - Windows Update
RP816: 01/10/2010 15:46:31 - Windows Update
RP817: 01/10/2010 17:08:36 - Windows Update
RP818: 01/10/2010 17:14:01 - Windows Update
RP819: 01/10/2010 17:44:12 - Windows Update
RP820: 01/10/2010 17:52:46 - Windows Update
RP821: 01/10/2010 17:53:51 - Windows Update
RP822: 01/10/2010 17:54:30 - Windows Update
RP823: 01/10/2010 18:02:21 - Windows Update
RP824: 02/10/2010 06:55:54 - Scheduled Checkpoint
RP825: 02/10/2010 08:30:34 - Windows Update
RP826: 02/10/2010 08:39:46 - Windows Update
RP827: 02/10/2010 08:55:15 - Windows Update
RP828: 03/10/2010 06:19:55 - Scheduled Checkpoint
RP829: 04/10/2010 07:30:46 - Windows Update
RP830: 04/10/2010 07:56:10 - Windows Update
RP832: 05/10/2010 12:41:42 - Avg Update
RP833: 05/10/2010 12:46:37 - Windows Update

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
AdvancedDefrag 5.0
AVG Free 9.0
Bluesoleil2.7.0.13 VoIP Release 071227
Bluetooth Stack for Windows by Toshiba
Broadband Internet
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.1
Canon MX850 series
Canon MX850 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CD-LabelPrint
Conexant HD Audio
Contextual Application Trueads
Crypto Chat 4 Skype - A simple Crypto Chat for Skype (TM)
DHTML Editing Component
Dorling Kindersley Application Database v1.4
Driver Checker v2.7.4
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD43 v3.7.0
Escritorio movistar
Feedback Tool
Getting Ready for School
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Driver Diagnostics
HUAWEI DataCard Driver 2.93
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 21
JonDo
Junk Mail filter update
Launch Manager V1.4.6
LiveUpdate (Symantec Corporation)
LizardTech DjVu Control
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.3)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My First CD-ROM - Getting Ready for School XP Update
Nero 7 Essentials
neroxml
OGA Notifier 2.0.0048.0
ooVoo
ooVoo_Chat Toolbar
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Perfect Uninstaller v6.3.3.8
PL-2303 USB-to-Serial
Presto! PageManager 7.15.20
QuickTime
Rapport
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista
Realtek USB 2.0 Card Reader
Registry Easy v5.6
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Serif PagePlus SE 1.0
Skype Toolbars
Skype™ 4.2
Smart Menus (Windows Live Toolbar)
SmartAudio
Synaptics Pointing Device Driver
Underground Ernie
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC_MergeModuleToMSI
Vodafone Mobile Connect Lite
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
youtube-search Toolbar

==== Event Viewer Messages From Past Week ========

05/10/2010 15:32:09, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 15:32:05, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 15:17:51, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 15:07:31, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 15:07:27, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:22:08, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:22:03, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:20:54, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:20:49, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:19:42, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:19:35, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:18:59, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:18:52, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:18:25, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:18:20, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:16:56, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:16:53, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:14:42, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:14:38, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 14:05:16, Error: Service Control Manager [7024] - The Distributed Transaction Coordinator service terminated with service-specific error 3221229627 (0xC000103B).
05/10/2010 14:02:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mailKmd
05/10/2010 14:01:40, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
05/10/2010 14:00:52, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
05/10/2010 13:47:12, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 13:46:47, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 13:44:33, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 13:43:51, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 13:42:05, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
05/10/2010 13:42:05, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Status: Signature Version: AV: 1.91.1122.0, AS: 1.91.1122.0 Engine Version: 1.1.6201.0
04/10/2010 19:09:51, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR44.
04/10/2010 10:38:52, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR24.
04/10/2010 09:52:49, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1040.0, AS: 1.91.1040.0 Engine Version: 1.1.6201.0
04/10/2010 09:52:43, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939 User: drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x8007045d Error description: The request could not be performed because of an I/O device error. Status: Signature Version: AV: 1.91.1040.0, AS: 1.91.1040.0 Engine Version: 1.1.6201.0
04/10/2010 07:02:37, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR21.
03/10/2010 04:23:05, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

==== End Of File ===========================

PeteC · 2010/10/05

Thanks

One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

Thank you for your patience.

chiefmissile · 2010/10/05

Many thanks, sorry for not posting the log in the first place

broni · 2010/10/05

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

chiefmissile · 2010/10/06

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4750

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

06/10/2010 09:38:40
mbam-log-2010-10-06 (09-38-40).txt

Scan type: Quick scan
Objects scanned: 144788
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0c408ccf-5296-eb74-7bc9-0da196fc6fa1 (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\drew\AppData\Roaming\Security Antivirus (Rogue.SecurityAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-4259484079-4017146746-3429084148-1000\$RHJ2L25.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Windows\System32\0c408ccf-5296-eb74-7bc9-0da196fc6fa1.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\drew\AppData\Roaming\Security Antivirus\cookies.sqlite (Rogue.SecurityAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

chiefmissile · 2010/10/06

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-10-06 09:44:14
Windows 6.0.6002 Service Pack 2
Running: vdge0h5d.exe; Driver: C:\Users\drew\AppData\Local\Temp\kwldapob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

chiefmissile · 2010/10/06

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: ESPRIMO Mobile V5505
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 162):
0x83648000 \SystemRoot\system32\ntkrnlpa.exe
0x83615000 \SystemRoot\system32\hal.dll
0x80608000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067F000 \SystemRoot\system32\PSHED.dll
0x80690000 \SystemRoot\system32\BOOTVID.dll
0x80698000 \SystemRoot\system32\CLFS.SYS
0x806D9000 \SystemRoot\system32\CI.dll
0x84001000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8407D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8408A000 \SystemRoot\system32\drivers\acpi.sys
0x840D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x840D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x840E1000 \SystemRoot\system32\drivers\pci.sys
0x84108000 \SystemRoot\System32\drivers\partmgr.sys
0x84117000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8411A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x84124000 \SystemRoot\system32\drivers\volmgr.sys
0x84133000 \SystemRoot\System32\drivers\volmgrx.sys
0x8417D000 \SystemRoot\system32\drivers\intelide.sys
0x84184000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x84192000 \SystemRoot\System32\drivers\mountmgr.sys
0x841A2000 \SystemRoot\system32\drivers\atapi.sys
0x841AA000 \SystemRoot\system32\drivers\ataport.SYS
0x841C8000 \SystemRoot\system32\drivers\msahci.sys
0x807B9000 \SystemRoot\system32\drivers\fltmgr.sys
0x841D2000 \SystemRoot\system32\drivers\fileinfo.sys
0x841E2000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x84204000 \SystemRoot\System32\Drivers\ksecdd.sys
0x84275000 \SystemRoot\system32\drivers\ndis.sys
0x84380000 \SystemRoot\system32\drivers\msrpc.sys
0x843AB000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA06000 \SystemRoot\System32\drivers\tcpip.sys
0x8BAF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BB0B000 \SystemRoot\System32\Drivers\vbtenum.sys
0x8BC04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD14000 \SystemRoot\system32\drivers\volsnap.sys
0x8BD4D000 \SystemRoot\System32\Drivers\spldr.sys
0x8BD55000 \SystemRoot\System32\Drivers\mup.sys
0x8BD64000 \SystemRoot\System32\drivers\ecache.sys
0x8BD8B000 \SystemRoot\system32\drivers\disk.sys
0x8BD9C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BDBD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BDC6000 \SystemRoot\System32\Drivers\BTHidMgr.sys
0x8BDEF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BB0F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BB18000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BB21000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FA0F000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x9030E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x903AF000 \SystemRoot\System32\drivers\watchdog.sys
0x903BB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BB30000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x903C6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BB6E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x903D5000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90809000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x90E65000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90E69000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90E7C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90E87000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90EB2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90EB4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90EBF000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0x90EC4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90EDC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90EDF000 \SystemRoot\System32\Drivers\VcommMgr.sys
0x90EE9000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x90EF9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90F28000 \SystemRoot\system32\DRIVERS\storport.sys
0x90F69000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90F7D000 \SystemRoot\system32\DRIVERS\blueletaudio.sys
0x90F84000 \SystemRoot\system32\DRIVERS\portcls.sys
0x90FB1000 \SystemRoot\system32\DRIVERS\drmk.sys
0x90FD6000 \SystemRoot\system32\DRIVERS\ks.sys
0x90F74000 \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
0x90800000 \SystemRoot\System32\Drivers\RootMdm.sys
0x903EA000 \SystemRoot\system32\drivers\modem.sys
0x843E6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91604000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91627000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91636000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9164A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9165F000 \SystemRoot\system32\DRIVERS\btnetdrv.sys
0x91662000 \SystemRoot\system32\DRIVERS\tapvpn.sys
0x9166D000 \SystemRoot\system32\DRIVERS\VComm.sys
0x91674000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9167E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9168E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91690000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9169A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x916A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x916DC000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x916E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91701000 \SystemRoot\system32\drivers\CHDRT32.sys
0x9174B000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x91773000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9178A000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x917A3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x917B8000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x917DB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x917E4000 \SystemRoot\System32\Drivers\Null.SYS
0x917EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x917F2000 \SystemRoot\System32\drivers\vga.sys
0x95A04000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x95A25000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x95A2D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x95A35000 \SystemRoot\System32\Drivers\Msfs.SYS
0x95A40000 \SystemRoot\System32\Drivers\Npfs.SYS
0x95A4E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x95A57000 \SystemRoot\system32\DRIVERS\tdx.sys
0x95A6D000 \SystemRoot\System32\Drivers\avgtdix.sys
0x95AA7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95AD9000 \SystemRoot\system32\DRIVERS\smb.sys
0x95AED000 \SystemRoot\system32\drivers\afd.sys
0x95B35000 \SystemRoot\system32\DRIVERS\pacer.sys
0x95B4B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x95B59000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95B6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x95BA8000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x95BD0000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys
0x95BDE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x95BE8000 \SystemRoot\System32\Drivers\Hotkey.SYS
0x91734000 \SystemRoot\System32\Drivers\dfsc.sys
0x95BEB000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x96202000 \SystemRoot\System32\Drivers\avgldx86.sys
0x96236000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9625E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x96274000 \SystemRoot\System32\Drivers\crashdmp.sys
0x96281000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9628C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9CAA0000 \SystemRoot\System32\win32k.sys
0x96296000 \SystemRoot\System32\drivers\Dxapi.sys
0x962A0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CCC0000 \SystemRoot\System32\TSDDD.dll
0x9CCE0000 \SystemRoot\System32\cdd.dll
0x962AF000 \SystemRoot\system32\drivers\luafv.sys
0x962DB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x962EB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96315000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9631F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96332000 \SystemRoot\system32\drivers\spsys.sys
0xB1E0F000 \SystemRoot\system32\drivers\HTTP.sys
0xB1E7C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB1E99000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB1EB2000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB1EC7000 \SystemRoot\system32\drivers\mrxdav.sys
0xB1EE8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB1F07000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB1F40000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB1F58000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB1F7F000 \SystemRoot\System32\DRIVERS\srv.sys
0xB4003000 \SystemRoot\system32\drivers\peauth.sys
0xB40E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB40EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB40F7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xB410C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xB411E000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB4123000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB4154000 \??\C:\Users\drew\AppData\Local\Temp\kwldapob.sys
0x76E60000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
544 C:\Windows\System32\smss.exe
624 csrss.exe
668 csrss.exe
676 C:\Windows\System32\wininit.exe
692 C:\Program Files\AVG\AVG9\avgchsvx.exe
700 C:\Program Files\AVG\AVG9\avgrsx.exe
748 C:\Windows\System32\winlogon.exe
760 C:\Windows\System32\services.exe
772 C:\Windows\System32\lsass.exe
784 C:\Windows\System32\lsm.exe
864 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1260 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1424 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1608 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1824 C:\Windows\System32\svchost.exe
1856 C:\Windows\System32\svchost.exe
1868 C:\Windows\System32\svchost.exe
1980 C:\Windows\System32\audiodg.exe
2000 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\SLsvc.exe
360 C:\Windows\System32\svchost.exe
588 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\spoolsv.exe
1684 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\alg.exe
1436 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1940 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
2280 C:\Windows\System32\taskeng.exe
2288 C:\Windows\System32\dwm.exe
2340 C:\Windows\explorer.exe
2384 C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
2684 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2764 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2784 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2852 C:\Windows\System32\svchost.exe
2940 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3016 C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
3028 C:\Windows\System32\svchost.exe
3140 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3168 C:\Windows\System32\svchost.exe
3220 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3268 C:\Windows\System32\SearchIndexer.exe
3400 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
3616 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3900 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3920 C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
3928 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
3936 C:\Program Files\Logitech\QuickCam\Quickcam.exe
3976 C:\Program Files\AVG\AVG9\avgtray.exe
3988 C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
3068 C:\Program Files\AVG\AVG9\avgnsx.exe
3340 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
2060 C:\Program Files\dvd43\DVD43_Tray.exe
4156 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
4256 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4388 C:\Windows\System32\igfxtray.exe
4464 C:\Program Files\Microsoft Security Essentials\msseces.exe
4520 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
4540 C:\Program Files\Windows Sidebar\sidebar.exe
4628 C:\Windows\ehome\ehtray.exe
5192 C:\Windows\ehome\ehmsas.exe
2876 C:\Windows\System32\wuauclt.exe
5516 C:\Program Files\Windows Media Player\wmpnetwk.exe
4736 C:\Windows\System32\svchost.exe
5892 C:\Program Files\Broadband Internet\Broadband Internet.exe
6864 C:\Windows\System32\igfxsrvc.exe
4356 C:\Windows\System32\svchost.exe
19692 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
19612 C:\Program Files\Internet Explorer\iexplore.exe
21768 C:\Program Files\Internet Explorer\iexplore.exe
25932 C:\Windows\System32\taskeng.exe
24776 C:\Program Files\Internet Explorer\iexplore.exe
27100 WUDFHost.exe
32196 C:\Program Files\Internet Explorer\iexplore.exe
25440 C:\Windows\System32\notepad.exe
31308 C:\Program Files\Internet Explorer\iexplore.exe
31872 C:\Windows\System32\SearchFilterHost.exe
32652 C:\Windows\System32\SearchProtocolHost.exe
31740 C:\Users\drew\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`80c12600 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

broni · 2010/10/06

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

chiefmissile · 2010/10/06

ComboFix 10-10-06.02 - drew 07/10/2010 5:06.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.1689 [GMT 1:00]
Running from: c:\users\drew\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-07 04:15 . 2010-10-07 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-07 03:44 . 2010-10-07 04:18 -------- d-----w- c:\users\drew\AppData\Local\temp
2010-10-06 07:46 . 2010-10-06 07:46 -------- d-----w- c:\users\drew\AppData\Roaming\Malwarebytes
2010-10-06 07:46 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 07:46 . 2010-10-06 07:46 -------- d-----w- c:\programdata\Malwarebytes
2010-10-06 07:46 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 07:46 . 2010-10-06 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 12:41 . 2010-10-05 12:41 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{074B3178-75C2-4CB5-ADD9-3BFE7F42A00A}-Patah Hati.doc .exe
2010-10-05 12:41 . 2010-10-05 12:41 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{D5ED2BED-3E31-47EA-81A2-02B98FE5C424}-Patah Hati.doc .exe
2010-10-05 11:42 . 2010-10-05 11:42 4100960 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-10-05 11:42 . 2010-10-05 11:42 2065760 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-10-05 11:42 . 2010-10-05 11:42 4394336 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-10-04 06:45 . 2010-10-04 06:46 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-04 06:21 . 2010-10-04 06:21 -------- d-----w- c:\programdata\PC Tools
2010-10-03 04:52 . 2010-10-03 04:52 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-01 16:07 . 2010-10-01 16:32 -------- d-----w- C:\DVDVolume
2010-10-01 05:52 . 2010-10-01 05:52 -------- d-----w- C:\Rbackup
2010-09-29 11:09 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-23 15:05 . 2010-09-23 15:05 3586912 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-09-23 15:05 . 2010-09-23 15:05 620896 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
2010-09-23 15:05 . 2010-09-23 15:05 1619296 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-09-23 15:05 . 2010-09-23 15:05 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 15:05 . 2010-09-23 15:05 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 15:05 . 2010-09-23 15:05 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 15:02 . 2010-09-23 15:02 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-22 13:39 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-22 13:39 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-22 13:39 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-22 13:39 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-22 13:39 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-22 13:39 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-22 13:39 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-22 13:39 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-22 13:39 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-22 13:39 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-22 13:39 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-22 13:39 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-22 13:37 . 2010-09-22 13:37 -------- d-----w- c:\program files\Feedback Tool
2010-09-22 08:10 . 2010-09-22 08:10 353512 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportMS.dll
2010-09-22 08:10 . 2010-09-22 08:10 12544 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys
2010-09-22 08:04 . 2010-09-22 08:04 -------- d-----w- C:\$AVG
2010-09-22 07:01 . 2010-09-22 07:01 -------- d-----w- c:\users\drew\AppData\Local\Microsoft Corporation
2010-09-15 06:30 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:30 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:30 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:29 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 10:05 . 2010-04-28 06:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-10 05:53 . 2009-02-26 10:05 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-09-10 05:53 . 2009-02-26 10:04 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-09-10 05:23 . 2010-09-10 05:53 -------- d-----w- c:\windows\system32\Lang
2010-09-10 05:23 . 2010-09-10 04:43 997912 ----a-w- c:\windows\system32\igxpun.exe
2010-09-10 04:58 . 2010-09-10 04:58 -------- d-----w- c:\program files\MSN Toolbar
2010-09-10 04:56 . 2010-09-10 04:29 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-09-10 04:56 . 2010-09-10 04:29 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-09-10 04:56 . 2010-09-10 04:56 -------- d-----w- c:\program files\Realtek
2010-09-10 04:54 . 2010-10-01 05:56 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-09-10 04:25 . 2010-09-10 04:25 6628352 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2010-09-10 04:25 . 2010-09-10 04:25 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-09-10 03:40 . 2008-12-03 16:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-09-10 03:40 . 2010-09-10 04:15 -------- d-----w- c:\program files\Driver Checker
2010-09-10 03:16 . 2010-09-29 11:04 -------- d-----w- c:\program files\AdvancedDefrag
2010-09-10 02:56 . 2010-10-01 05:52 -------- d-----w- c:\program files\Perfect Uninstaller
2010-09-10 02:26 . 2010-10-01 06:31 -------- d-----w- c:\program files\Registry Easy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 02:49 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infpub.dat
2010-10-07 02:49 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-10-04 18:01 . 2008-10-22 19:29 -------- d-----w- c:\users\drew\AppData\Roaming\Skype
2010-10-04 17:26 . 2008-10-22 19:31 -------- d-----w- c:\users\drew\AppData\Roaming\skypePM
2010-10-03 12:18 . 2009-04-08 09:14 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-10-02 05:16 . 2009-02-22 17:47 -------- d-----r- c:\program files\Skype
2010-10-01 16:26 . 2009-12-20 16:30 -------- d-----w- c:\programdata\DVD Shrink
2010-10-01 06:35 . 2008-11-21 14:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-01 05:56 . 2010-03-29 06:24 -------- d-----w- c:\program files\ooVoo_Chat
2010-10-01 05:56 . 2009-11-01 09:06 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-10-01 05:56 . 2009-07-26 11:26 -------- d-----w- c:\program files\youtube-search
2010-09-29 11:59 . 2008-10-10 16:26 -------- d-----w- c:\program files\Google
2010-09-17 02:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 10:03 . 2008-11-21 18:07 -------- d-----w- c:\program files\Windows Live
2010-09-10 05:53 . 2009-04-01 19:02 -------- d-----w- c:\program files\Intel
2010-09-10 05:24 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstor.dat
2010-09-10 05:22 . 2008-11-12 08:02 1356 ----a-w- c:\users\drew\AppData\Local\d3d9caps.dat
2010-09-10 04:56 . 2008-10-10 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-10 04:25 . 2009-09-17 06:57 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2010-09-10 04:21 . 2009-09-17 06:51 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-07 04:41 . 2009-08-09 07:13 -------- d-----w- c:\program files\ParetoLogic
2010-09-07 04:41 . 2009-08-09 07:13 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-09-07 04:40 . 2009-01-26 11:57 -------- d-----w- c:\programdata\DriverCure
2010-09-03 17:31 . 2008-12-01 22:53 -------- d-----w- c:\program files\QuickTime
2010-09-03 17:31 . 2010-09-03 17:25 -------- d-----w- c:\programdata\QuickTime
2010-09-03 17:13 . 2010-09-03 17:13 -------- d-----w- c:\program files\GSP
2010-09-03 17:10 . 2010-09-03 17:10 -------- d-----w- c:\program files\DKXP
2010-09-03 16:25 . 2010-09-03 16:25 -------- d-----w- c:\program files\DK Interactive Learning
2010-09-03 10:07 . 2008-10-10 15:53 -------- d-----w- c:\programdata\NOS
2010-09-03 10:07 . 2008-10-10 15:53 -------- d-----w- c:\program files\NOS
2010-09-03 10:06 . 2010-08-12 20:12 -------- d-----w- c:\program files\Java
2010-09-03 09:53 . 2010-09-03 09:02 -------- d-----w- c:\programdata\NOS(52)
2010-09-01 08:19 . 2010-05-05 06:04 -------- d-----w- c:\users\drew\AppData\Roaming\JonDo
2010-08-31 23:46 . 2010-09-22 13:40 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-08-31 23:44 . 2010-09-22 13:40 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-08-31 23:44 . 2010-09-22 13:40 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-08-31 23:43 . 2010-09-22 13:40 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-08-31 23:43 . 2010-09-22 13:40 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-08-31 23:43 . 2010-09-22 13:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-31 23:43 . 2010-09-22 13:40 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-08-31 23:43 . 2010-09-22 13:40 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 23:43 . 2010-09-22 13:40 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 23:42 . 2010-09-22 13:40 51200 ----a-w- c:\windows\system32\admparse.dll
2010-08-31 23:42 . 2010-09-22 13:40 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-08-31 23:42 . 2010-09-22 13:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-08-31 23:42 . 2010-09-22 13:40 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-08-31 23:42 . 2010-09-22 13:40 149504 ----a-w- c:\windows\system32\wextract.exe
2010-08-31 23:42 . 2010-09-22 13:40 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-08-31 23:42 . 2010-09-22 13:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-31 23:42 . 2010-09-22 13:40 11264 ----a-w- c:\windows\system32\mshta.exe
2010-08-31 23:41 . 2010-09-22 13:40 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-31 07:42 . 2008-12-02 09:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 03:47 . 2010-08-24 10:51 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-17 17:04 . 2009-08-09 07:13 -------- d-----w- c:\programdata\ParetoLogic
2010-08-12 20:13 . 2008-10-18 16:16 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 20:12 . 2010-06-11 19:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-12 16:24 . 2010-08-12 16:22 -------- d-----w- c:\programdata\EasyMP3Downloader
2010-08-12 16:22 . 2010-08-12 16:22 -------- d-----w- c:\users\drew\AppData\Roaming\EasyMP3Downloader
2010-08-02 13:11 . 2009-08-09 08:57 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-01 14:04 . 2008-12-30 17:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-16 15:10 . 2009-11-01 09:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 15:10 . 2010-07-16 15:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 15:09 . 2009-11-01 09:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2008-01-29 10:51 . 2007-09-10 04:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"WrtMon.exe "= "c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"dvd43 "= "c:\program files\dvd43\dvd43_tray.exe" [2005-12-05 691200]
"MobileConnect "= "c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-09-10 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-09-10 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-09-10 150552]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL "= 0 (0x0)
"NoDevMgrPage "= 0 (0x0)
"NoConfigPage "= 0 (0x0)
"NoVirtMemPage "= 0 (0x0)
"NoFileSysPage "= 0 (0x0)
"NoNetSetup "= 0 (0x0)
"NoNetSetupIDPage "= 0 (0x0)
"NoNetSetupSecurityPage "= 0 (0x0)
"NoWorkgroupContents "= 0 (0x0)
"NoEntireNetwork "= 0 (0x0)
"NoFileSharingControl "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 16:12 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-06-13 10:39 73728 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-10 03:57 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4259484079-4017146746-3429084148-1000]
"EnableNotificationsRef "=dword:00000001

R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c4b316ffba0;Google Update Service (gupdate1c9c4b316ffba0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2008-09-26 113152]
R3 flash;flash;c:\windows\system32\drivers\flash.sys [2005-11-17 8064]
R3 Huawei;Vodafone Mobile Broadband - USB Smart Card Reader (Huawei);c:\windows\system32\DRIVERS\ewdcsc.sys [2008-09-26 23424]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2008-11-20 1940992]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-09-10 6628352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 08:02]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 08:02]

2010-10-05 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-09-05 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-10-07 c:\windows\Tasks\User_Feed_Synchronization-{71ED678C-C26F-4ABD-964A-D9AD68E5DB89}.job
- c:\windows\system32\msfeedssync.exe [2010-09-22 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {5AD045B9-20C6-4666-A899-05BE652F55BA} = 10.13.32.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090618123620
DPF: {7CF3E7C4-6112-4D72-A0CD-D0AD7EEB5467} - hxxp://www.packetix.net/en/special/files/vpn2_5350_en/vpnweb.cab
FF - ProfilePath - c:\users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\0x3g8mve.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://shop.thefreevpn.com/home.php
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm493YYOM&ptb=Wp5oZJJB9aIws8mXG46L0g&psa=&ind=2010040109&ptnrS=ZUxdm493YYOM&si=&st=kwd&n=77cec72d&searchfor=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(14804)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-10-07 05:24:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-07 04:24
ComboFix2.txt 2010-10-07 03:44
ComboFix3.txt 2009-03-16 12:23

Pre-Run: 83,552,083,968 bytes free
Post-Run: 83,485,138,944 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=19 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
- - End Of File - - 1A2896303DD868A9B900DF9FDD284F75

broni · 2010/10/06

Uninstall Registry Easy.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

=================================================================

You're running two AV programs, AVG and MSE.
One of them has to go.
If AVG (preferably), make sure to use AVG Remover: http://www.avg.com/us-en/download-tools

=============================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Driver::
mailKmd

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-

DDS::
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm493YYOM&ptb=Wp5oZJJB9aIws8mXG46L0g&psa=&ind=2010040109 &ptnrS=ZUxdm493YYOM&si=&st=kwd&n=77cec72d&searchfor=
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

chiefmissile · 2010/10/07

ComboFix 10-10-06.02 - drew 07/10/2010 6:16.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.1825 [GMT 1:00]
Running from: c:\users\drew\Desktop\ComboFix.exe
Command switches used :: c:\users\drew\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mailKmd

((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-07 05:22 . 2010-10-07 05:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-07 05:22 . 2010-10-07 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-07 04:24 . 2010-10-07 05:38 -------- d-----w- c:\users\drew\AppData\Local\temp
2010-10-06 07:46 . 2010-10-06 07:46 -------- d-----w- c:\users\drew\AppData\Roaming\Malwarebytes
2010-10-06 07:46 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 07:46 . 2010-10-06 07:46 -------- d-----w- c:\programdata\Malwarebytes
2010-10-06 07:46 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 07:46 . 2010-10-06 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 12:41 . 2010-10-05 12:41 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{074B3178-75C2-4CB5-ADD9-3BFE7F42A00A}-Patah Hati.doc .exe
2010-10-05 12:41 . 2010-10-05 12:41 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{D5ED2BED-3E31-47EA-81A2-02B98FE5C424}-Patah Hati.doc .exe
2010-10-04 06:45 . 2010-10-04 06:46 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-04 06:21 . 2010-10-04 06:21 -------- d-----w- c:\programdata\PC Tools
2010-10-03 04:52 . 2010-10-03 04:52 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-01 16:07 . 2010-10-01 16:32 -------- d-----w- C:\DVDVolume
2010-10-01 05:52 . 2010-10-01 05:52 -------- d-----w- C:\Rbackup
2010-09-29 11:09 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-22 13:39 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-22 13:39 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-22 13:39 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-22 13:39 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-22 13:39 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-22 13:39 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-22 13:39 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-22 13:39 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-22 13:39 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-22 13:39 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-22 13:39 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-22 13:39 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-22 13:37 . 2010-09-22 13:37 -------- d-----w- c:\program files\Feedback Tool
2010-09-22 08:10 . 2010-09-22 08:10 353512 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportMS.dll
2010-09-22 08:10 . 2010-09-22 08:10 12544 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys
2010-09-22 08:04 . 2010-09-22 08:04 -------- d-----w- C:\$AVG
2010-09-22 07:01 . 2010-09-22 07:01 -------- d-----w- c:\users\drew\AppData\Local\Microsoft Corporation
2010-09-15 06:30 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:30 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:30 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:29 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 10:05 . 2010-04-28 06:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-10 05:53 . 2009-02-26 10:05 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-09-10 05:53 . 2009-02-26 10:04 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-09-10 05:23 . 2010-09-10 05:53 -------- d-----w- c:\windows\system32\Lang
2010-09-10 05:23 . 2010-09-10 04:43 997912 ----a-w- c:\windows\system32\igxpun.exe
2010-09-10 04:58 . 2010-09-10 04:58 -------- d-----w- c:\program files\MSN Toolbar
2010-09-10 04:56 . 2010-09-10 04:29 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-09-10 04:56 . 2010-09-10 04:29 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-09-10 04:56 . 2010-09-10 04:56 -------- d-----w- c:\program files\Realtek
2010-09-10 04:54 . 2010-10-01 05:56 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-09-10 04:25 . 2010-09-10 04:25 6628352 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2010-09-10 04:25 . 2010-09-10 04:25 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-09-10 03:40 . 2008-12-03 16:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-09-10 03:40 . 2010-09-10 04:15 -------- d-----w- c:\program files\Driver Checker
2010-09-10 03:16 . 2010-09-29 11:04 -------- d-----w- c:\program files\AdvancedDefrag
2010-09-10 02:56 . 2010-10-01 05:52 -------- d-----w- c:\program files\Perfect Uninstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 05:05 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infpub.dat
2010-10-07 05:05 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-10-07 05:02 . 2009-10-25 18:17 -------- d-----w- c:\programdata\avg9
2010-10-04 18:01 . 2008-10-22 19:29 -------- d-----w- c:\users\drew\AppData\Roaming\Skype
2010-10-04 17:26 . 2008-10-22 19:31 -------- d-----w- c:\users\drew\AppData\Roaming\skypePM
2010-10-03 12:18 . 2009-04-08 09:14 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-10-02 05:16 . 2009-02-22 17:47 -------- d-----r- c:\program files\Skype
2010-10-01 16:26 . 2009-12-20 16:30 -------- d-----w- c:\programdata\DVD Shrink
2010-10-01 06:35 . 2008-11-21 14:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-01 05:56 . 2010-03-29 06:24 -------- d-----w- c:\program files\ooVoo_Chat
2010-10-01 05:56 . 2009-07-26 11:26 -------- d-----w- c:\program files\youtube-search
2010-09-29 11:59 . 2008-10-10 16:26 -------- d-----w- c:\program files\Google
2010-09-17 02:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 10:03 . 2008-11-21 18:07 -------- d-----w- c:\program files\Windows Live
2010-09-10 05:53 . 2009-04-01 19:02 -------- d-----w- c:\program files\Intel
2010-09-10 05:24 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstor.dat
2010-09-10 05:22 . 2008-11-12 08:02 1356 ----a-w- c:\users\drew\AppData\Local\d3d9caps.dat
2010-09-10 04:56 . 2008-10-10 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-10 04:25 . 2009-09-17 06:57 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2010-09-10 04:21 . 2009-09-17 06:51 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-07 04:41 . 2009-08-09 07:13 -------- d-----w- c:\program files\ParetoLogic
2010-09-07 04:41 . 2009-08-09 07:13 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-09-07 04:40 . 2009-01-26 11:57 -------- d-----w- c:\programdata\DriverCure
2010-09-03 17:31 . 2008-12-01 22:53 -------- d-----w- c:\program files\QuickTime
2010-09-03 17:31 . 2010-09-03 17:25 -------- d-----w- c:\programdata\QuickTime
2010-09-03 17:13 . 2010-09-03 17:13 -------- d-----w- c:\program files\GSP
2010-09-03 17:10 . 2010-09-03 17:10 -------- d-----w- c:\program files\DKXP
2010-09-03 16:25 . 2010-09-03 16:25 -------- d-----w- c:\program files\DK Interactive Learning
2010-09-03 10:07 . 2008-10-10 15:53 -------- d-----w- c:\programdata\NOS
2010-09-03 10:07 . 2008-10-10 15:53 -------- d-----w- c:\program files\NOS
2010-09-03 10:06 . 2010-08-12 20:12 -------- d-----w- c:\program files\Java
2010-09-03 09:53 . 2010-09-03 09:02 -------- d-----w- c:\programdata\NOS(52)
2010-09-01 08:19 . 2010-05-05 06:04 -------- d-----w- c:\users\drew\AppData\Roaming\JonDo
2010-08-31 23:46 . 2010-09-22 13:40 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-08-31 23:44 . 2010-09-22 13:40 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-08-31 23:44 . 2010-09-22 13:40 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-08-31 23:43 . 2010-09-22 13:40 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-08-31 23:43 . 2010-09-22 13:40 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-08-31 23:43 . 2010-09-22 13:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-31 23:43 . 2010-09-22 13:40 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-08-31 23:43 . 2010-09-22 13:40 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 23:43 . 2010-09-22 13:40 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 23:42 . 2010-09-22 13:40 51200 ----a-w- c:\windows\system32\admparse.dll
2010-08-31 23:42 . 2010-09-22 13:40 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-08-31 23:42 . 2010-09-22 13:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-08-31 23:42 . 2010-09-22 13:40 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-08-31 23:42 . 2010-09-22 13:40 149504 ----a-w- c:\windows\system32\wextract.exe
2010-08-31 23:42 . 2010-09-22 13:40 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-08-31 23:42 . 2010-09-22 13:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-31 23:42 . 2010-09-22 13:40 11264 ----a-w- c:\windows\system32\mshta.exe
2010-08-31 23:41 . 2010-09-22 13:40 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-31 07:42 . 2008-12-02 09:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 03:47 . 2010-08-24 10:51 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-17 17:04 . 2009-08-09 07:13 -------- d-----w- c:\programdata\ParetoLogic
2010-08-12 20:13 . 2008-10-18 16:16 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 20:12 . 2010-06-11 19:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-12 16:24 . 2010-08-12 16:22 -------- d-----w- c:\programdata\EasyMP3Downloader
2010-08-12 16:22 . 2010-08-12 16:22 -------- d-----w- c:\users\drew\AppData\Roaming\EasyMP3Downloader
2010-08-02 13:11 . 2009-08-09 08:57 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-01 14:04 . 2008-12-30 17:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2008-01-29 10:51 . 2007-09-10 04:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"WrtMon.exe "= "c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"dvd43 "= "c:\program files\dvd43\dvd43_tray.exe" [2005-12-05 691200]
"MobileConnect "= "c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-09-10 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-09-10 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-09-10 150552]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL "= 0 (0x0)
"NoDevMgrPage "= 0 (0x0)
"NoConfigPage "= 0 (0x0)
"NoVirtMemPage "= 0 (0x0)
"NoFileSysPage "= 0 (0x0)
"NoNetSetup "= 0 (0x0)
"NoNetSetupIDPage "= 0 (0x0)
"NoNetSetupSecurityPage "= 0 (0x0)
"NoWorkgroupContents "= 0 (0x0)
"NoEntireNetwork "= 0 (0x0)
"NoFileSharingControl "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 16:12 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-06-13 10:39 73728 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-10 03:57 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4259484079-4017146746-3429084148-1000]
"EnableNotificationsRef "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c4b316ffba0;Google Update Service (gupdate1c9c4b316ffba0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2008-09-26 113152]
R3 flash;flash;c:\windows\system32\drivers\flash.sys [2005-11-17 8064]
R3 Huawei;Vodafone Mobile Broadband - USB Smart Card Reader (Huawei);c:\windows\system32\DRIVERS\ewdcsc.sys [2008-09-26 23424]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2008-11-20 1940992]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-09-10 6628352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 08:02]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 08:02]

2010-10-05 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-09-05 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-10-07 c:\windows\Tasks\User_Feed_Synchronization-{71ED678C-C26F-4ABD-964A-D9AD68E5DB89}.job
- c:\windows\system32\msfeedssync.exe [2010-09-22 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {5AD045B9-20C6-4666-A899-05BE652F55BA} = 10.13.32.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090618123620
DPF: {7CF3E7C4-6112-4D72-A0CD-D0AD7EEB5467} - hxxp://www.packetix.net/en/special/files/vpn2_5350_en/vpnweb.cab
FF - ProfilePath - c:\users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\0x3g8mve.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://shop.thefreevpn.com/home.php
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm493YYOM&ptb=Wp5oZJJB9aIws8mXG46L0g&psa=&ind=2010040109&ptnrS=ZUxdm493YYOM&si=&st=kwd&n=77cec72d&searchfor=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(15624)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Completion time: 2010-10-07 06:42:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-07 05:42
ComboFix2.txt 2010-10-07 04:24
ComboFix3.txt 2010-10-07 03:44
ComboFix4.txt 2009-03-16 12:23

Pre-Run: 84,293,464,064 bytes free
Post-Run: 84,082,081,792 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=19 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
- - End Of File - - F2648FEB8C640B0E60F4E00F270BB4BA

chiefmissile · 2010/10/07

Hi,

My USB flash stick still has this worm even though it has been removed from my C drive, here are the details. Every time i try to remove it Microsoft security says there was a problem, I/O device failure, looks like this worm does not want to go.

Worm:Win32/Pahati.A(?)
Encyclopedia entry
Published: Jul 29, 2008

Aliases
Not available

Alert Level(?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected. Detection initially created:
Definition: 1.45.287.0
Released: Oct 07, 2008

--------------------------------------------------------------------------------

SummaryThis threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.

broni · 2010/10/07

Combofix log looks good.

How is computer doing?

You shouldn't be connecting your USB drive without telling me first.

To protect your computer from USB infection, do this...

Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.

Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.

Wait until it has finished scanning and then exit the program.

Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine

Now, you can connect your flash drive and keep it connected, while we're performing next scans.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

chiefmissile · 2010/10/08

OTL logfile created on: 08/10/2010 09:09:00 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\drew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.87 Gb Total Space | 79.21 Gb Free Space | 34.31% Space Free | Partition Type: NTFS
Drive D: | 11.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.58% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DREW-PC
Current User Name: drew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/08 09:07:13 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\drew\Desktop\OTL.exe
PRC - [2010/09/21 14:18:22 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/07/14 22:06:54 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband Internet\Broadband Internet.exe
PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/03 11:40:40 | 002,328,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/20 16:07:54 | 001,940,992 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2008/10/10 23:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/12/27 15:39:30 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2007/12/27 15:39:20 | 000,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
PRC - [2006/10/30 17:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

========== Modules (SafeList) ==========

MOD - [2010/10/08 09:07:13 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\drew\Desktop\OTL.exe
MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\temp\logishrd\LVPrcInj01.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/08/18 00:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/11/20 16:07:54 | 001,940,992 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2008/10/10 23:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/08/01 16:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 16:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/27 15:39:30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2007/12/27 15:39:20 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/18 04:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\drew\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/10 05:43:12 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/09/10 05:43:12 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2010/09/10 05:25:51 | 006,628,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/12 16:54:14 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/09/15 21:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/15 14:01:56 | 000,042,880 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/01/14 18:46:04 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/12/11 18:02:20 | 000,054,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/10/08 06:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/10/06 17:56:38 | 000,137,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2008/09/26 18:04:22 | 000,113,152 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/09/26 18:04:10 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/26 18:03:26 | 000,023,424 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei) Vodafone Mobile Broadband - USB Smart Card Reader (Huawei)
DRV - [2008/08/27 18:01:56 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/08/22 13:50:34 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/07/26 16:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:26:00 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2008/07/26 16:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/03/25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/03/04 03:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/29 11:50:59 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/29 11:50:59 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/29 11:50:59 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/06/24 21:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/06/24 21:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/24 21:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/05/01 09:59:30 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/03/29 01:13:08 | 000,042,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/03/05 20:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 20:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 20:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 20:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 20:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2007/02/25 05:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/01/15 15:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 08:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/10/23 10:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/17 15:36:34 | 000,008,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\flash.sys -- (flash)
DRV - [2005/01/07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/04/26 23:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2003/04/28 19:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch "
FF - prefs.js..browser.startup.homepage: "http://shop.thefreevpn.com/home.php "
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm493YYOM&ptb=Wp5oZJJB9aIws8mXG46L0g&psa=&ind=2010040109&ptnrS=ZUxdm493YYOM&si=&st=kwd&n=77cec72d&searchfor= "

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/01 06:56:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 18:31:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/07 09:54:09 | 000,000,000 | ---D | M]

[2010/02/12 12:01:23 | 000,000,000 | ---D | M] -- C:\Users\drew\AppData\Roaming\Mozilla\Extensions
[2008/10/25 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\drew\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/09/22 08:05:52 | 000,000,000 | ---D | M] -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\0x3g8mve.default\extensions
[2010/08/24 11:45:00 | 000,000,000 | ---D | M] (ooVoo Video Chat Toolbar) -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\0x3g8mve.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}(90)
[2010/09/03 11:44:45 | 000,000,000 | ---D | M] -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2010/05/05 07:14:46 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/06/06 12:28:34 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2010/08/24 11:43:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(99)
[2010/08/24 11:43:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(100)
[2010/08/24 11:43:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(101)
[2010/08/24 11:43:32 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010/04/05 08:40:59 | 000,010,025 | ---- | M] () -- C:\Users\drew\AppData\Roaming\Mozilla\Firefox\Profiles\0x3g8mve.default\searchplugins\mywebsearch.xml
[2010/08/12 21:08:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/12 21:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/12 21:12:45 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/22 09:11:44 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/22 09:11:44 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/22 09:11:44 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/22 09:11:44 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/07 06:38:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetup = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupIDPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupSecurityPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoWorkgroupContents = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoEntireNetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSharingControl = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090618123620 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1280723831996 (MUWebControl Class)
O16 - DPF: {7CF3E7C4-6112-4D72-A0CD-D0AD7EEB5467} http://www.packetix.net/en/special/files/vpn2_5350_en/vpnweb.cab (VpnWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\drew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\drew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/24 14:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/07 16:41:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/08 09:07:09 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\drew\Desktop\OTL.exe
[2010/10/08 08:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/10/08 08:27:28 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Users\drew\Desktop\USBVaccineSetup.exe
[2010/10/08 08:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2010/10/07 09:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/07 09:53:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/07 06:42:11 | 000,000,000 | ---D | C] -- C:\Users\drew\AppData\Local\temp
[2010/10/07 06:38:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/07 06:22:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/07 06:14:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/07 06:13:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/06 08:46:59 | 000,000,000 | ---D | C] -- C:\Users\drew\AppData\Roaming\Malwarebytes
[2010/10/06 08:46:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/06 08:46:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/06 08:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/06 08:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/05 14:25:17 | 000,000,000 | ---D | C] -- C:\Users\drew\Desktop\New Folder
[2010/10/04 07:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/04 07:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/01 17:07:06 | 000,000,000 | ---D | C] -- C:\DVDVolume
[2010/10/01 06:52:54 | 000,000,000 | ---D | C] -- C:\Rbackup
[2010/09/22 14:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/09/22 09:04:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/09/22 08:01:11 | 000,000,000 | ---D | C] -- C:\Users\drew\AppData\Local\Microsoft Corporation
[2010/09/10 06:23:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/09/10 05:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/09/10 05:56:36 | 000,100,896 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
[2010/09/10 05:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/09/10 05:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/09/10 04:40:32 | 000,081,408 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\devcon_x64.exe
[2010/09/10 04:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Checker
[2010/09/10 04:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\AdvancedDefrag
[2010/09/10 03:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2010/09/03 18:31:24 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe
[2010/09/03 18:28:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/09/03 18:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2010/09/03 18:25:28 | 000,000,000 | ---D | C] -- C:\~QTWTMP.TMP
[2010/09/03 18:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\GSP
[2010/09/03 18:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\DKXP
[2010/09/03 18:10:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\backup
[2010/09/03 17:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\DK Interactive Learning
[2010/09/03 17:22:49 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010/09/03 10:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS(52)
[2010/08/24 11:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/08/12 21:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/12 17:22:29 | 000,000,000 | ---D | C] -- C:\Users\drew\AppData\Roaming\EasyMP3Downloader
[2010/08/12 17:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\EasyMP3Downloader
[2010/08/12 11:37:41 | 000,000,000 | ---D | C] -- C:\ss43_dll
[2010/08/12 10:16:03 | 000,000,000 | ---D | C] -- C:\Users\drew\Desktop\LocalCDInfo
[2010/08/02 09:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/14 22:09:12 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2010/07/14 22:09:12 | 000,113,152 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/07/14 22:09:12 | 000,101,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/07/14 22:09:12 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010/07/14 22:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Broadband Internet
[2010/07/14 09:51:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/05/05 06:57:13 | 012,378,640 | ---- | C] (JonDos GmbH) -- C:\ProgramData\JonDoFox.paf.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

chiefmissile · 2010/10/08

I have had to split thie otl log report into 2 as it was to big to post.

chiefmissile · 2010/10/08

OTL Extras logfile created on: 08/10/2010 09:09:00 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\drew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.87 Gb Total Space | 79.21 Gb Free Space | 34.31% Space Free | Partition Type: NTFS
Drive D: | 11.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.58% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DREW-PC
Current User Name: drew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4259484079-4017146746-3429084148-1000]
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067F3842-6432-421C-AA22-3A30991913CD}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{0D8DA3AC-3445-4C5D-9DC6-9E0067184C81}" = lport=445 | protocol=6 | dir=in | app=system |
"{1189F4F3-F0D7-4771-8100-32569233042B}" = rport=137 | protocol=17 | dir=out | app=system |
"{208C6B14-05DB-41B2-9018-76EB7E88FCE8}" = rport=139 | protocol=6 | dir=out | app=system |
"{367F845E-73F8-4F79-BD95-CD24FE21D729}" = lport=10243 | protocol=6 | dir=in | app=system |
"{36A409C9-B153-469A-98DB-8666A7FD9764}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{37754EE5-FD0D-4F74-9F5D-A70D86FB3D50}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B935BB1-58A3-4B7E-AF35-3FF6FC9A4D72}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6105353E-AB1B-45B2-ABFA-29ACBE2182D3}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{61075A53-143C-4DA3-B3AA-A8137A39516A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{61831A73-F75C-4145-A7B8-18394641E33E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78A1CF32-87F3-402A-83BA-C4CFF38022C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{797AA297-7862-49A3-BFC3-28F75ADF59AD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B0E538D-C4EB-4249-9E3E-532E579D4A9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F12A67B-CEB5-4A20-9341-64B248A619A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8CA67325-7676-41E3-BFDD-061CCB0A782A}" = rport=445 | protocol=6 | dir=out | app=system |
"{9561253A-174B-4A37-B770-C34FCB93B637}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A959F059-A0C8-4DAF-9FA2-39561905B52F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD9216B4-A569-453D-8780-67DA57293F67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B07B659E-1DE8-4379-9C79-1FD67C450906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4B00AA9-4180-40E3-B929-256062172D55}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6BF6EF0-F7C4-44A5-B712-E661DDCC0C27}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4A7B9B0-A0BE-409E-AD7E-24633F2DBCCA}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC3071DA-D059-4990-B995-B165362DBD12}" = lport=443 | protocol=6 | dir=in | app=system |
"{D3684DDD-F9CB-4670-83C0-D75F1A6A9CDC}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{E94C5FFE-67AD-4285-8147-D4514E385E87}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{FF5523ED-A7EA-4A1E-B3BF-1B0263F3655F}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BC4AC7-58FB-4A24-B655-2FB50E6FE0DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0174AFC3-E91A-43EF-A53A-E098FA3AA2AA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{034B2503-BAB4-4BC5-88AA-DBD42E82AD85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AF91761-D890-4396-B011-3BDBB3A94DE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D98A8AA-77D3-4324-A5AE-6CC3A566FE66}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{132D31CA-E7D2-4B29-B8B1-AD4D649D03B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15DB6F70-196E-40F6-9197-18512A8D99AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EC6EB38-CE61-4E8D-B2B2-DAA13136C312}" = protocol=6 | dir=out | app=system |
"{29A8631E-9184-4049-98E7-1494090E271B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A41164C-E0D1-48C0-B3B6-26861FE1654F}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{3BB7AB2F-F5FF-4F3E-906E-8F9996BEAD67}" = protocol=17 | dir=in | app=c:\program files\hotspot shield\bin\openvpntray.exe |
"{478F997D-6EAF-4774-BC77-A9A599094AD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D526C6F-A52F-48B0-A418-716876A95BE9}" = protocol=6 | dir=in | app=c:\program files\gizmo5\gizmo5.exe |
"{50C0DE8E-DE5B-49F9-AA65-2DB571686258}" = protocol=17 | dir=in | app=c:\program files\gizmo5\gizmo5.exe |
"{55E2AB44-6298-4B03-A874-AE0CB40B4573}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D82D595-A4EC-4614-AF66-62098654C3EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F34BC6D-E7B3-4183-A31D-C7569431088B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{718152DF-39D4-49AF-9AAD-3E1D996C8851}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{747F3108-1984-4046-8F5B-195D1648FA27}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{7B74E430-4689-4567-8A5A-6C02CA05AA60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E351AE6-537E-4EAC-8F75-F62951CD196D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{894A0D65-DC57-4F1E-A0E0-C3C09341FD76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B89F180-164B-4C1E-AADC-43C93B41666F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9019D45C-9927-494B-8CCF-A1E4582762FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92101734-FCBD-4238-9DC9-E890FE6BB484}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98326A6B-6146-4D70-AF28-F696B082C7B1}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9F40220B-F20C-492B-B3C6-F2A6DFC91916}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{A01D709A-DAF4-4873-9A4E-326D0F4C439E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AB573A0B-E678-478B-8158-D8B7105EEADA}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{AE1640C4-73CB-437B-B749-B222D84BA5A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF6A842B-78B7-49EE-ADF3-A8C44005EC19}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B0BB4957-9D08-44FD-A23C-D87EC8259AA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3AB5A71-535A-4556-BB19-6E50318C9A75}" = protocol=6 | dir=in | app=c:\program files\hotspot shield\bin\openvpntray.exe |
"{B650F0D0-88C7-45F5-935F-736EB9BD95DA}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{BFFC87E8-70B6-496D-917B-511A5CC96435}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{C42FCA2E-F6CA-48E1-8FD9-726A034B73CC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CE0200B5-C85F-4904-BD81-9527850EB712}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{DC100FB4-1EC6-45BF-87FA-CBD3ACB9389D}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E32C45A3-8D31-4859-B5C7-D297529382EF}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{E4EBAA4E-AE95-46C0-8A1A-CD68AE432341}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EEAD1126-7EAF-4770-B416-DFFFA4DE8C0C}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{EFB7F6E5-AF65-45BF-A960-AACF29CCD849}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"TCP Query User{08AB7A24-1DB0-4163-BD46-58DDC4680F99}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{180721F6-9DBA-4A76-BF29-F338D32C1CE0}C:\users\drew\desktop\freeu10.exe" = protocol=6 | dir=in | app=c:\users\drew\desktop\freeu10.exe |
"TCP Query User{26F5025B-4B1D-49E8-968F-4C2638638B40}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{4231E7C5-E686-46FC-BE0A-A3EC61B1CAB9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{4F898AF2-47AA-42D6-B2E7-B0765E5E429E}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{5B1811B1-B5F9-4D65-993A-147532205D88}C:\program files\paretologic\drivercure\drivercure.exe" = protocol=6 | dir=in | app=c:\program files\paretologic\drivercure\drivercure.exe |
"TCP Query User{63575328-1BB9-4890-828D-A3FF89825E9B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6485A9EF-337F-4137-974B-2F834804A8AA}C:\users\drew\appdata\local\temp\rar$ex00.080\freeu13.exe" = protocol=6 | dir=in | app=c:\users\drew\appdata\local\temp\rar$ex00.080\freeu13.exe |
"TCP Query User{77896F17-B830-454D-AEEC-7168BCDF6645}C:\program files\vidalia bundle\tor\tor.exe" = protocol=6 | dir=in | app=c:\program files\vidalia bundle\tor\tor.exe |
"TCP Query User{79B28530-2986-438C-8A9D-B2E31640D9DE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8C5805C1-F466-4EE4-A400-9E6EB5B105DB}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{9D9C06A3-52FE-4065-ABAA-642B817D892D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A5E15F9E-1AF0-46B6-88B0-1619FFEF4B67}C:\users\drew\desktop\freeu10.exe" = protocol=6 | dir=in | app=c:\users\drew\desktop\freeu10.exe |
"TCP Query User{B0D47292-C997-48E8-82EA-E6DBC4F4E9FA}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{B3D2E3AF-405D-48F0-BE23-093F792F44DA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F9DE4677-2B9D-4EF0-8CB5-1A744C1545BE}C:\program files\ip privacy\ip privacy.exe" = protocol=6 | dir=in | app=c:\program files\ip privacy\ip privacy.exe |
"UDP Query User{1153D1D2-1E39-478D-B9D8-A6FCCFEF819B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{24C0ADEC-DD6A-491E-AF94-68C594C75B05}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{2C5549F9-A5B3-477E-8E9D-F2C2934ACAAD}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{45381FE9-B163-4382-8B29-B5E8184B5564}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{549462F4-EC42-4434-AD6B-1CC2A5E20D34}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{5DFDA51E-3455-47A5-990B-72CF3A062916}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{5EAF80AE-E8BE-422F-9F60-F1FF80C35482}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{6D785354-11EE-4C74-9081-DB8C86C16429}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{897A750A-BD37-4738-8697-2A84C6EA3809}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9834DCA7-28C9-4B08-92FF-E0B2DCFF5941}C:\users\drew\appdata\local\temp\rar$ex00.080\freeu13.exe" = protocol=17 | dir=in | app=c:\users\drew\appdata\local\temp\rar$ex00.080\freeu13.exe |
"UDP Query User{9BA2202B-72CB-46A1-9E46-1DB173282148}C:\users\drew\desktop\freeu10.exe" = protocol=17 | dir=in | app=c:\users\drew\desktop\freeu10.exe |
"UDP Query User{A637AB1F-9C5A-448A-9D50-70089AF5B170}C:\users\drew\desktop\freeu10.exe" = protocol=17 | dir=in | app=c:\users\drew\desktop\freeu10.exe |
"UDP Query User{BD2820D0-D2FA-4479-8AAC-219736AE3489}C:\program files\vidalia bundle\tor\tor.exe" = protocol=17 | dir=in | app=c:\program files\vidalia bundle\tor\tor.exe |
"UDP Query User{D1069197-7DB7-460A-8B80-DC5BB6D60592}C:\program files\ip privacy\ip privacy.exe" = protocol=17 | dir=in | app=c:\program files\ip privacy\ip privacy.exe |
"UDP Query User{EC6B8AE1-B33B-4AD3-9C11-D21C89BB3A44}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{EE33C806-262B-46B9-AB00-76D69E54C882}C:\program files\paretologic\drivercure\drivercure.exe" = protocol=17 | dir=in | app=c:\program files\paretologic\drivercure\drivercure.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{472EDE3E-098A-460E-92C8-836BA35ED039}_is1" = AdvancedDefrag 5.0
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4
"{69f9566d-f2e9-4956-b9ca-3e96e6baa769}.sdb" = My First CD-ROM - Getting Ready for School XP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{abe7844e-4d49-4c7e-9d03-7329a6b9feac}.sdb" = Dorling Kindersley Application Database v1.4
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AD93B23A-D7F7-42A4-B1EB-731F268ED7BC}" = Underground Ernie
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D34D82E0-4600-407B-9478-8506C1DD1033}" = Nero 7 Essentials
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadband Internet" = Broadband Internet
"Canon MX850 series User Registration" = Canon MX850 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Driver Checker_is1" = Driver Checker v2.7.4
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v3.7.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Escritorio movistar" = Escritorio movistar
"Getting Ready for School" = Getting Ready for School
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 2.93
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"JonDoUninstall" = JonDo
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"ooVoo_Chat Toolbar" = ooVoo_Chat Toolbar
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QuickTime" = QuickTime
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"youtube-search Toolbar" = youtube-search Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c77c87855d1d373b" = Crypto Chat 4 Skype - A simple Crypto Chat for Skype (TM)
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/01/2010 11:05:40 | Computer Name = drew-PC | Source = RasClient | ID = 20227
Description =

Error - 28/01/2010 11:10:36 | Computer Name = drew-PC | Source = LoadPerf | ID = 3012
Description =

Error - 28/01/2010 11:10:36 | Computer Name = drew-PC | Source = LoadPerf | ID = 3011
Description =

Error - 29/01/2010 00:53:15 | Computer Name = drew-PC | Source = Google Update | ID = 20
Description =

Error - 29/01/2010 00:58:01 | Computer Name = drew-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18882 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1434 Start Time: 01caa09f115e5857 Termination Time: 46

Error - 29/01/2010 02:22:01 | Computer Name = drew-PC | Source = LoadPerf | ID = 3012
Description =

Error - 29/01/2010 02:22:01 | Computer Name = drew-PC | Source = LoadPerf | ID = 3011
Description =

Error - 29/01/2010 04:06:04 | Computer Name = drew-PC | Source = Google Update | ID = 20
Description =

Error - 29/01/2010 04:07:29 | Computer Name = drew-PC | Source = Application Hang | ID = 1002
Description = The program RealPlay.exe version 12.0.0.343 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1294 Start Time: 01caa0b9e2198e40 Termination Time: 5

Error - 29/01/2010 04:07:46 | Computer Name = drew-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18882 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 11e0 Start Time: 01caa0b9f33cea50 Termination Time: 9

[ System Events ]
Error - 07/10/2010 04:41:42 | Computer Name = drew-PC | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939

User:
drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm

Path:
Action: %%808 Error Code: 0x8007045d Error description: The request could not be
performed because of an I/O device error. Status: Signature Version: AV: 1.91.1231.0,
AS: 1.91.1231.0 Engine Version: 1.1.6201.0

Error - 07/10/2010 04:41:49 | Computer Name = drew-PC | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pahati.A&threatid=2147609939

User:
drew-PC\drew Name: Worm:Win32/Pahati.A ID: 2147609939 Severity: Severe Category: Worm

Path:
Action: %%809 Error Code: 0x8007045d Error description: The request could not be
performed because of an I/O device error. Status: Signature Version: AV: 1.91.1231.0,
AS: 1.91.1231.0 Engine Version: 1.1.6201.0

Error - 07/10/2010 04:53:23 | Computer Name = drew-PC | Source = DCOM | ID = 10005
Description =

Error - 07/10/2010 04:53:23 | Computer Name = drew-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 07/10/2010 04:53:23 | Computer Name = drew-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/10/2010 05:10:50 | Computer Name = drew-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 07/10/2010 10:15:09 | Computer Name = drew-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 07/10/2010 23:57:28 | Computer Name = drew-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 08/10/2010 03:36:14 | Computer Name = drew-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08/10/2010 03:37:23 | Computer Name = drew-PC | Source = Service Control Manager | ID = 7024
Description =

< End of report >

chiefmissile · 2010/10/08

Hi will be away from home with work until the 17th Oct, will resume with your help on my return. Thanks for all your efforts to date much appreciated.

Log in or Sign up

Solved patah Hati.doc.exe worm cant remove.

chiefmissile Well-Known Member Thread Starter

PeteC SuperGeek Staff

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

PeteC SuperGeek Staff

chiefmissile Well-Known Member Thread Starter

broni Moderator Malware Analyst

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

broni Moderator Malware Analyst

chiefmissile Well-Known Member Thread Starter

broni Moderator Malware Analyst

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

broni Moderator Malware Analyst

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved patah Hati.doc.exe worm cant remove.

chiefmissile Well-Known Member Thread Starter

PeteC SuperGeek Staff

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

PeteC SuperGeek Staff

chiefmissile Well-Known Member Thread Starter

broni Moderator Malware Analyst

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

broni Moderator Malware Analyst

chiefmissile Well-Known Member Thread Starter

broni Moderator Malware Analyst

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

broni Moderator Malware Analyst

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

chiefmissile Well-Known Member Thread Starter

Share This Page

Useful Searches