Vista Antivirus Pro 2010

View previous topic View next topic Go down

Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 12:17 am

Alright, I have the "Vista Antivirus Pro 2010" >_> and now I need help getting rid of it... I recieved it at the beginning of the week, it randomly just popped up and started bothering me. I researched some online about it and found out that malware bytes is a good program to use to get rid of it.. I used it and thought the problem had went away, only for it to come back and it has now disabled malware bytes and my other virus scanners. It also does not like to let me use my internet browsers, or research anything to do with the trojan itself.. basically, it does not want me to get rid of it. I looked on this board some and saw that one thing that is often asked to do is download OTL by OldTimer and post the two logs here, so I have already done this and my next two post will be the results of that scan..

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 12:17 am

OTL Extras logfile created on: 2/28/2010 3:50:19 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Case\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 253.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 39.00% Paging File free
Paging file location(s): c:\pagefile.sys 1521 1521 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 12.57 Gb Free Space | 17.20% Space Free | Partition Type: NTFS
Drive D: | 1.46 Gb Total Space | 1.32 Gb Free Space | 90.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOTHERSHIP
Current User Name: Case
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\Case\AppData\Local\av.exe ()
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001FC2DB-29AF-4BEE-A4FD-D91D5F213518}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{268B3C95-36F2-4F31-B689-EA74BA16A8BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{31A22214-77DE-4C11-A332-9A3E1D47EBAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2A1BD77-FFB8-49AF-A41C-B61A3DF7928A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE4039A3-025E-4542-A866-07965484F6D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FFAA937-DB1C-4EB1-912C-45FF9E04BBA6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1C1252BC-3D56-4F05-AB9F-6D988BC996D5}" = protocol=6 | dir=out | app=system |
"{1DB7EF44-F2FC-4DD7-8424-5B6F17A63E8E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{2498C841-CBC8-415F-A310-2494DCEBFEA7}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{3B492BA3-545D-4325-B538-CC5F2C88541C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{449FCCBF-33A9-48D8-9E38-A37828722291}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{551666F4-C4D5-4F01-8783-AF316DB2390D}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{618933AF-728C-43E1-B6D7-2B68C32040CC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{78FF889C-6C6C-4A5E-996A-3C2730C9B9B4}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{7B13C6E7-1420-4A43-8F3B-78A7D4AE421A}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{7C144C84-BD52-4442-8471-5197DB3FF1A3}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{887EFBB9-93E1-482A-9D75-FCE9D9E246E3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8B56A525-5A90-4ADD-8721-4356DC5BB595}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8D9D028C-C3E4-4744-9214-8B1A11F9A100}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8FED234E-097E-486A-A5E5-4517D3502671}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{934215F6-9E87-4A45-BE7A-2B91ABD1983F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{999DA5EF-C2D5-45E4-997C-16BAF11BFF01}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{9C689E8F-6978-4BC3-AA2D-C827E4329765}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A1500901-BA60-4B53-B81D-A05F633677AA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A86BD6B5-408F-4D6E-A137-75F943483D9F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B55653C2-C50C-4746-BD98-EACA15A661D2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BED2F4C2-FAEA-49CD-854A-19AA6B620A30}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C08F6C49-C4CB-423F-A73E-E919B6B9B8E3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C5C57FCA-4FB5-4BAE-B22F-3C5CE7CEE132}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C7DFA117-2F7F-4171-95C4-BC603CA00EEF}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{DA114A05-BDBB-47C6-B4B7-F2637B061CF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E939F8E9-9E57-4F98-A6D1-377255361B88}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{F0BB5050-C90C-4CC5-A8F8-ED6196160595}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{F54650B9-512F-4AE5-8155-65D775CADD8E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{F6C218C3-AD01-4991-B081-6840CCC919D9}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{F80D8E75-BD97-43E0-9D0F-1F5EA5F5D04C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{FE3BEA5E-25C0-4843-A77A-B3318B4C2FE7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FF470CEE-9DAB-4EB0-9D64-73BBD601EBB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{026DADF7-90D1-4A3E-9D1F-77C67FD5B9B7}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{24D99ECB-378E-4DD1-99C7-73F45F683705}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{2F5DC9D0-CBE0-4712-854B-DC427D2B5619}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"TCP Query User{7F8C7148-B2A4-4AB4-80A1-55A4F7E8B4BB}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{839C8932-E34E-402F-8CD3-05D008A5DCD6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{94E641F2-75BE-4B21-89CF-62542B04E896}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{365B2796-FAF2-4FC4-99BC-D6456CBE1B71}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{633FC16B-D674-4D2E-8320-F7DFADABC43E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{855F281E-32AC-4828-9F0B-BC697A6419A2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9944175E-86F0-4AC6-82E2-1BBB2F44726C}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{E45708C2-BB8A-4922-B18F-26ABF4D04176}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"UDP Query User{FA25E115-414C-4167-85B8-77E621C5A1F8}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A42414B-1E07-454B-97C4-4789D8DBD338}" = Multiverse Tools
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A644254B-92F6-4970-8635-AB0775371E72}" = InterVideo AVControlSDK
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{C833C7B6-1140-471D-932B-391B5CA66D7D}" = Digital Video
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}" = Opera 9.60
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EDE4AA32-ECD4-4FC2-BAD2-E50ED86219E6}" = MySQL Connector/ODBC 3.51
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = Philips PC Camera
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDC7DDD8-60F4-4AB4-A072-3A2B637CD7D9}" = Accessibility
"{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 1.1.5
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0
"AV WebCam Morpher 2.0" = AV WebCam Morpher 2.0
"AVG8Uninstall" = AVG 8.0
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CQC" = CQC
"CueCard" = CueCard (remove only)
"DATA BECKER Instant Photo Scanner" = DATA BECKER Instant Photo Scanner
"DVD Flick_is1" = DVD Flick
"ffdshow_is1" = ffdshow [rev 1692] [2007-12-09]
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"FrostWire" = FrostWire 4.18.6
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IndiePix Disc Factory_is1" = IndiePix Disc Factory v1.0.06
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"Jpeg Enhancer_is1" = Jpeg Enhancer 1.8
"Lexmark 1300 Series" = Lexmark 1300 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LimeWire" = LimeWire 5.4.6
"LMS" = C-Dilla Licence Management System
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.3 build 8
"MAGIX Music Maker 15 Trial US" = MAGIX Music Maker 15 Trial 15.0.1.8 (US)
"MAGIX Screenshare US" = MAGIX Screenshare 4.3.6.1987 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manga Studio EX Demo 3.0" = Manga Studio EX Demo 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MID Converter 4.2" = MID Converter 4.2
"mIRC" = mIRC
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Multiple Choice Quiz Maker_is1" = Multiple Choice Quiz Maker 5.0.0
"No-IP.com DUC" = No-IP.com DUC (remove only)
"oggcodecs" = oggcodecs 0.71.0946
"ordrumbox_is1" = ordrumbox-0.7.07
"Papagayo_is1" = Papagayo 1.2
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"PosteRazor_is1" = PosteRazor
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"SQLyog Community" = SQLyog Community 6.03
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uophx" = uophx Screen Saver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Web Photo Album_is1" = Web Photo Album 1.1
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"WT022084" = Bejeweled 2 Deluxe
"WT022085" = Blackhawk Striker 2
"WT022090" = Mah Jong Quest
"WT022091" = Penguins!
"WT022092" = Polar Bowler
"WT022093" = Polar Golfer
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"One Night 1.8" = One Night 1.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 12:20 am

OTL logfile created on: 2/28/2010 3:50:19 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Case\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 253.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 39.00% Paging File free
Paging file location(s): c:\pagefile.sys 1521 1521 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 12.57 Gb Free Space | 17.20% Space Free | Partition Type: NTFS
Drive D: | 1.46 Gb Total Space | 1.32 Gb Free Space | 90.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOTHERSHIP
Current User Name: Case
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/28 15:47:36 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Case\Desktop\OTL.exe
PRC - [2010/02/28 12:27:10 | 000,155,136 | ---- | M] () -- C:\Windows\msa.exe
PRC - [2010/02/25 20:29:04 | 000,197,632 | -HS- | M] () -- C:\Users\Case\AppData\Local\av.exe
PRC - [2010/02/24 20:44:52 | 000,158,208 | ---- | M] () -- C:\Users\Case\AppData\Local\Temp\Ddq.exe
PRC - [2009/12/22 09:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 23:04:30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/04 13:08:56 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\case.exe
PRC - [2008/07/28 02:47:42 | 000,156,912 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
PRC - [2007/05/25 01:38:38 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdcserv.exe
PRC - [2007/05/25 01:38:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
PRC - [2007/05/17 13:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/27 19:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/04/24 15:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/03/22 16:09:28 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/03/16 00:24:02 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbccoms.exe
PRC - [2007/02/05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007/01/25 16:50:26 | 000,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 16:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/03 16:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006/11/02 04:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/11/02 01:45:50 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2006/11/02 01:45:37 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
PRC - [2006/10/23 00:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 17:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/02/07 14:10:14 | 000,106,496 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe


========== Modules (SafeList) ==========

MOD - [2010/02/28 15:47:36 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Case\Desktop\OTL.exe
MOD - [2007/09/06 15:52:11 | 000,165,376 | ---- | M] () -- C:\Users\Case\AppData\Local\uyejoyexa.dll
MOD - [2007/05/10 08:20:48 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/22 13:30:00 | 003,067,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/03/05 23:04:30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/06 14:19:48 | 000,902,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/04/06 14:19:44 | 000,282,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/01/21 19:27:06 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/09/06 16:10:09 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/16 13:17:24 | 000,098,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/05/25 01:38:38 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV - [2007/05/25 01:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2007/05/17 13:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/05/10 09:14:30 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/04/27 19:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/16 00:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbccoms.exe -- (lxbc_device)
SRV - [2007/02/05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007/01/25 16:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 16:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/03 16:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2006/11/02 04:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 17:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 14:10:14 | 000,106,496 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2004/10/22 00:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/10 15:56:26 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/17 13:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/06 14:21:13 | 000,012,424 | ---- | M] (GRISOFT, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2008/04/06 14:21:04 | 000,067,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\avgwfpx.sys -- (AvgWfpX)
DRV - [2008/04/06 14:20:55 | 000,026,184 | ---- | M] (GRISOFT, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/06 14:20:18 | 000,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2007/10/31 07:47:24 | 002,011,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/10/31 07:47:24 | 002,011,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/07/06 14:58:40 | 000,002,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\AV WebCam Morpher\WebCamHelper.sys -- (WebCamHelper)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/27 19:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/13 15:20:00 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/10 13:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/04/09 19:13:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/03/02 13:17:32 | 000,324,096 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/02/28 17:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/12/14 14:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 00:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 00:51:31 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 22:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/18 02:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/18 02:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 02:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/27 19:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/09/19 09:46:00 | 000,016,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\TdeIo.sys -- (TDEIO)
DRV - [2006/02/14 10:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 15:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/04/06 13:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2002/10/01 14:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spca561.sys -- (CA561) ICatch (VI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.2.119
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.0.7.1
FF - prefs.js..extensions.enabledItems: {65349F92-FF2F-4B44-AA1D-BE3485148DD1}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2008/04/06 14:19:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2008/04/07 08:42:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{65349F92-FF2F-4B44-AA1D-BE3485148DD1}: C:\Users\Case\AppData\Local\{65349F92-FF2F-4B44-AA1D-BE3485148DD1}
FF - HKLM\software\mozilla\Firefox\Extensions\\{A72EF5FF-A3A0-4F22-9C40-CE50AC223818}: C:\Users\Case\AppData\Local\{A72EF5FF-A3A0-4F22-9C40-CE50AC223818}\ [2010/02/28 13:55:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 18:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 16:41:50 | 000,000,000 | ---D | M]

[2010/02/15 11:12:13 | 000,000,000 | ---D | M] -- C:\Users\Case\AppData\Roaming\Mozilla\Extensions
[2008/10/19 11:50:29 | 000,000,000 | ---D | M] -- C:\Users\Case\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/02/15 11:12:13 | 000,000,000 | ---D | M] -- C:\Users\Case\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/04/09 07:59:21 | 000,000,000 | ---D | M] -- C:\Users\Case\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/27 03:22:09 | 000,000,000 | ---D | M] -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\extensions
[2008/07/13 02:37:22 | 000,000,000 | ---D | M] (Gaia Online Toolbar) -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\extensions\{2e768a0b-9ee3-4e60-babc-9ff4bc4aacfb}
[2009/03/31 18:31:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/07/25 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\extensions\ibeatyouvideoplugin@ibeatyou.com
[2010/01/21 00:00:34 | 000,000,000 | ---D | M] -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\extensions\toolbar@ask.com
[2009/10/21 12:35:17 | 000,001,490 | ---- | M] () -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\searchplugins\AIM Search.xml
[2008/07/13 02:38:57 | 000,000,653 | ---- | M] () -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\searchplugins\yahoo-search.xml
[2009/08/25 18:52:07 | 000,000,872 | ---- | M] () -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\searchplugins\yahoo.gif
[2009/08/25 18:52:07 | 000,000,464 | ---- | M] () -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\searchplugins\yahoo.src
[2009/08/25 18:52:03 | 000,001,765 | ---- | M] () -- C:\Users\Case\AppData\Roaming\Mozilla\Firefox\Profiles\zi4j12k6.default\searchplugins\yahoo.xml
[2010/02/27 03:22:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/26 00:43:46 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2010/01/28 23:16:11 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 12:21 am

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SBLAHCASEY\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVGTOOLBAR) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Inc. )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Zango) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVGTOOLBAR) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Inc. )
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Zango) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVGTOOLBAR) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [35529024] C:\ProgramData\35529024\35529024.exe File not found
O4 - HKLM..\Run: [61881832] C:\ProgramData\61881832\61881832.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found
O4 - HKLM..\Run: [CTFMON] C:\Windows\Temp\_ex-08.exe ()
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()
O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [notepad] C:\Windows\System32\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Rgebecebe] C:\Users\Case\AppData\Local\uyejoyexa.DLL ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [LosAlamos] C:\Windows\System32\sshnas21.DLL ()
O4 - HKCU..\Run: [notepad] C:\Windows\System32\config\systemprofile\ntload.dll (Microsoft)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RTHDBPL] C:\Users\Case\AppData\Roaming\SystemProc\lsass.exe ( )
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\SBLAHCASEY\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Users\Case\AppData\Local\Temp\Ddq.exe ()
O4 - HKCU..\Run: [WeatherDPA] C:\Program Files\Zango\bin\10.1.181.0\Weather.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yxiviri] C:\Users\Case\AppData\Local\d2nPLAlp.DLL ([You must be registered and logged in to see this link.]
O4 - Startup: C:\Users\Case\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Case\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe File not found
O4 - Startup: C:\Users\Case\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O4 - Startup: C:\Users\Case\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sismkw32.exe (TWX Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Case\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SBLAHCASEY\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: comcast.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: runescape.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([games] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([games] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{077b3d4f-9af4-11dd-a1e8-001a92faec1a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{a5cdeafd-ae9f-11dc-bbeb-001a92faec1a}\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe
O33 - MountPoints2\{bf953760-4b6d-11dd-b47a-001a92faec1a}\Shell - "" = AutoRun
O33 - MountPoints2\{bf953760-4b6d-11dd-b47a-001a92faec1a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 15:47:34 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Case\Desktop\OTL.exe
[2010/02/28 13:55:20 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Local\{A72EF5FF-A3A0-4F22-9C40-CE50AC223818}
[2010/02/28 13:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\61881832
[2010/02/28 00:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/28 00:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\SBLAHCASEY
[2010/02/26 00:43:48 | 000,000,000 | -HSD | C] -- C:\Users\Case\AppData\Roaming\SystemProc
[2010/02/24 21:07:55 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Local\Threat Expert
[2010/02/23 19:14:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 19:13:24 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 19:13:24 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 19:13:23 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 19:13:23 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 19:13:23 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 19:13:22 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 19:13:22 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 19:13:22 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 19:13:22 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/21 22:47:22 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Local\Blizzard Entertainment
[2010/02/21 20:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/02/21 16:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/02/21 14:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/02/21 14:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/02/21 12:55:57 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/02/21 12:55:56 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/02/21 12:55:56 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/02/21 12:55:49 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/02/21 12:55:49 | 000,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/02/21 12:55:37 | 000,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/02/21 12:55:37 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/02/21 12:55:31 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/02/21 12:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/21 12:55:26 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Roaming\PC Tools
[2010/02/21 12:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/02/21 12:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/21 12:01:02 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Local\bkbfwi
[2010/02/21 11:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft.temp
[2010/02/21 11:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment.temp
[2010/02/20 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Case\Documents\My Received Files
[2010/02/20 14:10:50 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Roaming\Malwarebytes
[2010/02/20 14:10:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/20 14:10:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/20 14:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/20 14:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/20 13:36:28 | 000,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/02/20 00:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/02/20 00:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/02/20 00:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/02/20 00:21:48 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Roaming\NCH Swift Sound
[2010/02/20 00:11:45 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Roaming\AVS4YOU
[2010/02/20 00:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/02/20 00:07:46 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2010/02/20 00:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/02/15 11:15:58 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Roaming\Vivox
[2010/02/12 03:20:17 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/02/12 03:20:16 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/02/12 03:20:14 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/02/12 03:20:14 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/02/12 03:20:13 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/02/12 03:20:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/02/12 03:20:07 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/02/12 03:20:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/02/10 14:39:56 | 003,467,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 14:39:50 | 003,502,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 14:39:34 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/02/10 14:39:34 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/02/10 14:39:25 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 14:39:23 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 14:39:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 14:39:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 14:39:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/01/30 02:26:51 | 000,000,000 | ---D | C] -- C:\Users\Case\AppData\Roaming\e frontier
[2010/01/30 02:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\e frontier
[2008/08/02 22:07:21 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2008/08/02 22:07:21 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2008/08/02 22:07:20 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2008/08/02 22:07:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2008/08/02 22:07:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2008/08/02 22:07:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2008/08/02 22:07:18 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2008/08/02 22:07:18 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2008/08/02 22:07:18 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[2008/08/02 22:07:10 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2008/08/02 22:07:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2008/08/02 22:07:07 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2008/02/07 04:29:48 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDChcp.dll
[2008/02/07 04:29:47 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdcinpa.dll
[2008/02/07 04:29:47 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdciesc.dll
[2008/02/07 04:29:46 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdcserv.dll
[2008/02/07 04:29:46 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdcusb1.dll
[2008/02/07 04:29:46 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdcprox.dll
[2008/02/07 04:29:46 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdcpplc.dll
[2008/02/07 04:29:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdcpmui.dll
[2008/02/07 04:29:45 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdclmpm.dll
[2008/02/07 04:29:43 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdchbn3.dll
[2008/02/07 04:29:41 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdccomm.dll
[2008/02/07 04:29:40 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdccomc.dll
[2007/09/06 15:52:10 | 000,047,104 | ---- | C] ([You must be registered and logged in to see this link.] -- C:\Users\Case\AppData\Local\d2nPLAlp.dll
[2006/10/11 17:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/10/11 16:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/10/11 16:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/10/11 16:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/10/11 16:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/10/11 16:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/10/11 16:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/10/11 16:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/10/11 16:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/10/11 16:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/10/11 16:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/28 16:06:33 | 004,980,736 | -HS- | M] () -- C:\Users\Case\NTUSER.DAT
[2010/02/28 16:04:06 | 000,009,736 | -HS- | M] () -- C:\Users\Case\AppData\Local\UYxp8qC
[2010/02/28 16:02:43 | 000,792,064 | ---- | M] () -- C:\Windows\System32\drivers\oelyhf.sys
[2010/02/28 16:02:41 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/28 15:53:55 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/28 15:53:55 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/28 15:47:36 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Case\Desktop\OTL.exe
[2010/02/28 15:32:18 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/28 15:30:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/28 15:24:43 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/02/28 13:55:23 | 000,000,120 | ---- | M] () -- C:\Users\Case\AppData\Local\Mmokanede.dat
[2010/02/28 13:55:21 | 000,000,000 | ---- | M] () -- C:\Users\Case\AppData\Local\Lsexivewava.bin
[2010/02/28 13:51:20 | 000,000,024 | ---- | M] () -- C:\Users\Case\AppData\Roaming\glchvt.dat
[2010/02/28 13:51:12 | 000,000,004 | ---- | M] () -- C:\Users\Case\AppData\Roaming\avdrn.dat
[2010/02/28 12:27:10 | 000,155,136 | ---- | M] () -- C:\Windows\msa.exe
[2010/02/28 12:27:08 | 000,189,440 | ---- | M] () -- C:\Windows\System32\sshnas21.dll
[2010/02/28 10:21:30 | 000,267,997 | ---- | M] () -- C:\Users\Case\Desktop\wp_Hatsune_Miku_Easter_1024x768.jpg
[2010/02/28 09:53:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/28 00:50:45 | 176,519,017 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/28 00:39:35 | 000,000,961 | ---- | M] () -- C:\Users\Case\Desktop\Spybot - Search & Destroy.lnk
[2010/02/27 12:08:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/02/27 12:08:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/02/27 11:57:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/02/27 11:57:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/02/27 11:52:37 | 003,424,470 | -H-- | M] () -- C:\Users\Case\AppData\Local\IconCache.db
[2010/02/27 11:51:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/02/27 11:51:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/02/26 22:11:46 | 000,000,813 | -HS- | M] () -- C:\Users\Case\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2010/02/25 20:29:04 | 000,197,632 | -HS- | M] () -- C:\Users\Case\AppData\Local\av.exe
[2010/02/25 20:29:04 | 000,000,008 | ---- | M] () -- C:\ProgramData\mswintmp.dat
[2010/02/25 18:40:48 | 000,010,908 | -HS- | M] () -- C:\Users\Case\AppData\Local\7EgpN4
[2010/02/25 17:16:12 | 000,009,704 | ---- | M] () -- C:\Users\Case\Desktop\Untitled.jpg
[2010/02/25 16:17:45 | 000,009,820 | -HS- | M] () -- C:\Users\Case\AppData\Local\BnDHfux
[2010/02/24 16:47:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/02/24 16:47:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/02/24 03:32:38 | 000,097,424 | ---- | M] () -- C:\Users\Case\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 03:24:43 | 000,341,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 15:43:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/02/23 15:43:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/02/22 16:31:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/02/22 16:31:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/02/22 03:18:24 | 079,020,032 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/02/22 03:18:22 | 002,654,208 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/02/22 03:18:22 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/02/21 19:58:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/02/21 19:58:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/02/21 16:45:42 | 000,215,552 | ---- | M] () -- C:\Users\Case\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 15:23:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/02/21 15:23:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/02/21 12:55:35 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/02/21 12:39:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/02/21 12:39:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/02/21 12:29:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/02/21 12:29:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/02/21 04:01:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/02/21 04:01:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/02/21 00:09:17 | 056,007,005 | ---- | M] () -- C:\Users\Case\Desktop\Movie_0001.wmv
[2010/02/20 23:34:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/02/20 23:34:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/02/20 23:22:11 | 578,071,552 | ---- | M] () -- C:\Users\Case\Desktop\Movie.avi
[2010/02/20 22:49:48 | 566,158,336 | ---- | M] () -- C:\Users\Case\Desktop\Finished.avi
[2010/02/20 19:23:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/02/20 19:23:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/02/20 14:10:43 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\case.lnk
[2010/02/20 11:47:13 | 000,000,835 | ---- | M] () -- C:\Users\Case\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2010/02/20 03:48:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/02/20 03:48:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/02/20 00:21:55 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2010/02/19 03:44:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/02/19 03:44:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/02/18 20:39:17 | 001,453,170 | ---- | M] () -- C:\Users\Case\Desktop\Untitled-1.jpg
[2010/02/18 20:19:09 | 000,416,804 | ---- | M] () -- C:\Users\Case\Desktop\IMG00195.jpg
[2010/02/18 03:44:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/02/18 03:44:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/02/17 03:48:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/02/17 03:48:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/02/15 03:43:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/02/15 03:43:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/02/14 03:44:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/02/14 03:44:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/02/13 03:45:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/02/13 03:45:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/01/30 04:14:20 | 009,521,152 | ---- | M] () -- C:\Users\Case\Desktop\ichiko-01-magic-of-love.mp3
[2010/01/30 02:36:51 | 000,066,188 | ---- | M] () -- C:\Users\Case\Desktop\012910193422.jpeg
[2010/01/30 02:26:02 | 000,003,120 | ---- | M] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
[2010/01/30 02:26:01 | 000,003,120 | ---- | M] () -- C:\Windows\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 13:52:36 | 000,792,064 | ---- | C] () -- C:\Windows\System32\drivers\oelyhf.sys
[2010/02/28 13:51:20 | 000,000,024 | ---- | C] () -- C:\Users\Case\AppData\Roaming\glchvt.dat
[2010/02/28 13:51:12 | 000,000,004 | ---- | C] () -- C:\Users\Case\AppData\Roaming\avdrn.dat
[2010/02/28 12:28:02 | 000,155,136 | ---- | C] () -- C:\Windows\msa.exe
[2010/02/28 12:27:30 | 000,000,238 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/28 12:27:08 | 000,189,440 | ---- | C] () -- C:\Windows\System32\sshnas21.dll
[2010/02/28 00:39:35 | 000,000,961 | ---- | C] () -- C:\Users\Case\Desktop\Spybot - Search & Destroy.lnk
[2010/02/25 20:29:07 | 000,009,740 | -HS- | C] () -- C:\Users\Case\AppData\Local\UYxp8qC
[2010/02/25 20:29:04 | 000,197,632 | -HS- | C] () -- C:\Users\Case\AppData\Local\av.exe
[2010/02/25 20:29:04 | 000,000,008 | ---- | C] () -- C:\ProgramData\mswintmp.dat
[2010/02/25 19:19:00 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/25 17:40:38 | 000,010,908 | -HS- | C] () -- C:\Users\Case\AppData\Local\7EgpN4
[2010/02/25 17:16:11 | 000,009,704 | ---- | C] () -- C:\Users\Case\Desktop\Untitled.jpg
[2010/02/25 02:17:02 | 000,009,820 | -HS- | C] () -- C:\Users\Case\AppData\Local\BnDHfux
[2010/02/21 21:12:17 | 000,267,997 | ---- | C] () -- C:\Users\Case\Desktop\wp_Hatsune_Miku_Easter_1024x768.jpg
[2010/02/21 14:40:45 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/02/21 12:55:57 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/02/21 12:55:57 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/02/21 12:55:57 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/02/21 12:55:57 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/02/21 12:55:56 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/02/21 12:55:49 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/02/21 12:55:38 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/02/21 12:55:37 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/02/21 12:55:35 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/02/21 12:55:31 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/02/21 00:02:59 | 056,007,005 | ---- | C] () -- C:\Users\Case\Desktop\Movie_0001.wmv
[2010/02/20 23:20:09 | 578,071,552 | ---- | C] () -- C:\Users\Case\Desktop\Movie.avi
[2010/02/20 22:25:17 | 566,158,336 | ---- | C] () -- C:\Users\Case\Desktop\Finished.avi
[2010/02/20 17:10:55 | 176,519,017 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/20 14:10:43 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\case.lnk
[2010/02/20 13:21:11 | 000,000,120 | ---- | C] () -- C:\Users\Case\AppData\Local\Mmokanede.dat
[2010/02/20 13:21:11 | 000,000,000 | ---- | C] () -- C:\Users\Case\AppData\Local\Lsexivewava.bin
[2010/02/20 00:21:55 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2010/02/18 20:19:07 | 000,416,804 | ---- | C] () -- C:\Users\Case\Desktop\IMG00195.jpg
[2010/02/15 11:14:15 | 000,000,835 | ---- | C] () -- C:\Users\Case\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2010/01/30 04:14:18 | 009,521,152 | ---- | C] () -- C:\Users\Case\Desktop\ichiko-01-magic-of-love.mp3
[2010/01/30 02:36:51 | 000,066,188 | ---- | C] () -- C:\Users\Case\Desktop\012910193422.jpeg
[2010/01/30 02:26:02 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
[2010/01/30 02:26:01 | 000,003,120 | ---- | C] () -- C:\Windows\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx
[2009/12/27 17:50:33 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/12/26 19:24:09 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\D72CD155C2.sys
[2009/12/26 19:24:04 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/08/16 02:57:42 | 000,000,552 | ---- | C] () -- C:\Users\Case\AppData\Local\d3d8caps.dat
[2009/07/08 11:45:17 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/22 17:08:24 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/01/27 13:21:16 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2009/01/20 12:35:19 | 000,000,283 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/28 23:42:40 | 000,000,004 | ---- | C] () -- C:\Users\Case\AppData\Roaming\998058
[2008/10/28 23:42:39 | 000,870,128 | ---- | C] () -- C:\Users\Case\AppData\Roaming\mcs.rma
[2008/09/19 13:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 13:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 13:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 13:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/19 11:07:38 | 000,000,680 | ---- | C] () -- C:\Users\Case\AppData\Local\d3d9caps.dat
[2008/08/02 22:16:03 | 000,000,142 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/08/02 22:07:21 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2008/08/02 22:07:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2008/07/05 20:30:19 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2008/07/05 20:19:59 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008/07/05 20:16:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008/07/05 20:09:17 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/07/04 22:18:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/07/04 22:18:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/06/26 13:06:25 | 000,000,736 | ---- | C] () -- C:\ProgramData\lxdc
[2008/04/01 20:03:34 | 000,000,194 | ---- | C] () -- C:\Windows\frontpg.ini
[2008/04/01 19:37:44 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/23 10:45:29 | 000,000,113 | ---- | C] () -- C:\Windows\CyData.ini
[2008/03/23 01:32:19 | 000,000,024 | ---- | C] () -- C:\Windows\data.ini
[2008/03/22 22:01:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2008/03/22 15:57:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\vbDABL.dll
[2008/03/22 15:57:47 | 000,031,232 | ---- | C] () -- C:\Windows\System32\alphablt.dll
[2008/03/22 15:57:44 | 000,221,184 | ---- | C] () -- C:\Windows\System32\COMSocketServer.dll
[2008/03/22 15:57:43 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2008/03/22 11:07:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MD5.dll
[2008/02/07 04:36:42 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdccoin.dll
[2008/02/07 04:31:56 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdcrwrd.ini
[2008/02/07 04:29:48 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDCinst.dll
[2008/02/07 04:29:43 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdcgrd.dll
[2008/01/12 23:56:49 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2008/01/12 23:56:47 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2007/11/03 21:21:17 | 000,024,206 | ---- | C] () -- C:\Users\Case\AppData\Roaming\UserTile.png
[2007/10/31 07:54:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1364.dll
[2007/09/08 10:47:21 | 000,001,080 | ---- | C] () -- C:\Users\Case\AppData\Roaming\wklnhst.dat
[2007/09/06 15:52:10 | 000,165,376 | ---- | C] () -- C:\Users\Case\AppData\Local\uyejoyexa.dll
[2007/09/04 18:40:50 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2007/09/03 14:53:25 | 000,215,552 | ---- | C] () -- C:\Users\Case\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/05/10 09:33:54 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{c94a5114-ff1a-11db-ae27-001a92a80021}.TMContainer00000000000000000002.regtrans-ms
[2007/05/10 09:33:54 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{c94a5114-ff1a-11db-ae27-001a92a80021}.TMContainer00000000000000000001.regtrans-ms
[2007/05/10 09:33:54 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{c94a5114-ff1a-11db-ae27-001a92a80021}.TM.blf
[2007/05/10 09:33:53 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{c94a5104-ff1a-11db-ae27-001a92a80021}.TMContainer00000000000000000002.regtrans-ms
[2007/05/10 09:33:53 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{c94a5104-ff1a-11db-ae27-001a92a80021}.TMContainer00000000000000000001.regtrans-ms
[2007/05/10 09:33:52 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/05/10 09:33:52 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{c94a5104-ff1a-11db-ae27-001a92a80021}.TM.blf
[2007/05/10 09:33:52 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/05/10 09:33:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/05/10 09:29:33 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/10 09:29:33 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/10 09:29:33 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/10 09:29:33 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/10 09:29:33 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/10 09:29:33 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/10 08:59:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/10 08:35:32 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/10 08:35:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/10 08:35:32 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/10 08:35:32 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/04/10 13:46:48 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2007/03/30 11:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/02/22 17:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/28 09:31:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2006/10/20 19:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/10/20 19:06:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/10/20 19:03:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/10/20 18:57:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/10/20 18:56:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/10/20 18:55:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/10/20 18:54:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/10/20 18:48:38 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/10/20 18:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/09/22 06:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/06 05:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/05/17 18:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdcvs.dll
[2006/04/24 14:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 18:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/10/25 13:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[1998/06/09 23:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Case\Documents\Willis.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Case\Documents\background.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Case\Documents\Ad.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Case\Desktop\Finished.avi:TOC.WMV
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Belahzur on 1st March 2010, 12:30 am

Hello.

Wow, what a mess.

Please visit this website, and download SRE (System Repair Engineer)
[You must be registered and logged in to see this link.]

  1. Download the zip file you your Desktop, then extract it.
  2. Double click to run SREngLdr.EXE.
  3. Go down to "Smart Scan", untick everything apart from "File Associations", then press the Scan button.

  4. In the window that opens, press Save Report, and save it to your Desktop.
  5. Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 12:35 am

Code:


2010-02-28,16:34:36

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition  (Build 6000) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    File Associations
    API HOOK
    Hidden Process


Boot Items
Registry
N/A

==================================
Startup Folders
N/A

==================================
Services
N/A

==================================
Drivers
N/A

==================================
Browser Add-ons
N/A

==================================
Running Processes
N/A

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  Error. [secfile]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS  Error. []
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
N/A

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================



Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Belahzur on 1st March 2010, 12:44 am

Hello.

Good job, now lets put this right.


  1. Re-open SRE, and this time, go into the System Repair option.
  2. Tick the box for .EXE file, and hit repair.
  3. Let it run, then close SRE.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/02/28 12:27:10 | 000,155,136 | ---- | M] () -- C:\Windows\msa.exe
    PRC - [2010/02/25 20:29:04 | 000,197,632 | -HS- | M] () -- C:\Users\Case\AppData\Local\av.exe
    PRC - [2010/02/24 20:44:52 | 000,158,208 | ---- | M] () -- C:\Users\Case\AppData\Local\Temp\Ddq.exe
    O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (Zango) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Zango) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - HKLM..\Run: [35529024] C:\ProgramData\35529024\35529024.exe File not found
    O4 - HKLM..\Run: [61881832] C:\ProgramData\61881832\61881832.exe ()
    O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found
    O4 - HKLM..\Run: [CTFMON] C:\Windows\Temp\_ex-08.exe ()
    O4 - HKLM..\Run: [notepad] C:\Windows\System32\notepad.DLL (Microsoft)
    O4 - HKLM..\Run: [Rgebecebe] C:\Users\Case\AppData\Local\uyejoyexa.DLL ()
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [LosAlamos] C:\Windows\System32\sshnas21.DLL ()
    O4 - HKCU..\Run: [notepad] C:\Windows\System32\config\systemprofile\ntload.dll (Microsoft)
    O4 - HKCU..\Run: [RTHDBPL] C:\Users\Case\AppData\Roaming\SystemProc\lsass.exe ( )
    O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Users\Case\AppData\Local\Temp\Ddq.exe ()
    O4 - HKCU..\Run: [WeatherDPA] C:\Program Files\Zango\bin\10.1.181.0\Weather.exe File not found
    O4 - HKCU..\Run: [Yxiviri] C:\Users\Case\AppData\Local\d2nPLAlp.DLL ([You must be registered and logged in to see this link.]
    [2010/02/28 13:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\61881832
    [2010/02/28 16:04:06 | 000,009,736 | -HS- | M] () -- C:\Users\Case\AppData\Local\UYxp8qC
    [2010/02/28 16:02:43 | 000,792,064 | ---- | M] () -- C:\Windows\System32\drivers\oelyhf.sys
    [2010/02/28 16:02:41 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/02/28 15:32:18 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010/02/28 13:55:23 | 000,000,120 | ---- | M] () -- C:\Users\Case\AppData\Local\Mmokanede.dat
    [2010/02/28 13:55:21 | 000,000,000 | ---- | M] () -- C:\Users\Case\AppData\Local\Lsexivewava.bin
    [2010/02/28 13:51:20 | 000,000,024 | ---- | M] () -- C:\Users\Case\AppData\Roaming\glchvt.dat
    [2010/02/28 13:51:12 | 000,000,004 | ---- | M] () -- C:\Users\Case\AppData\Roaming\avdrn.dat
    [2010/02/28 12:27:10 | 000,155,136 | ---- | M] () -- C:\Windows\msa.exe
    [2010/02/25 20:29:04 | 000,197,632 | -HS- | M] () -- C:\Users\Case\AppData\Local\av.exe
    [2010/01/30 02:26:02 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
    [2008/10/28 23:42:40 | 000,000,004 | ---- | C] () -- C:\Users\Case\AppData\Roaming\998058

    :files
    C:\ProgramData\35529024
    C:\ProgramData\61881832
    C:\sqmdata**.sqm
    C:\sqmnoopt**.sqm


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 12:50 am


Tick the box for .EXE file, and hit repair.

When I opened it and went to system repair, it already had a tick next to .exe and a tick next to .js

should I untick .js before I continue on with your instructions?

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Belahzur on 1st March 2010, 12:54 am

Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 1:10 am

========== OTL ==========
Process msa.exe killed successfully!
Process av.exe killed successfully!
Process Ddq.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1BACF55-35E1-4E47-9247-2D48660E5545}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1BACF55-35E1-4E47-9247-2D48660E5545}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E1BACF55-35E1-4E47-9247-2D48660E5545} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1BACF55-35E1-4E47-9247-2D48660E5545}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\35529024 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\61881832 deleted successfully.
C:\ProgramData\61881832\61881832.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BearShare deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON deleted successfully.
C:\Windows\Temp\_ex-08.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\notepad deleted successfully.
C:\Windows\System32\notepad.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Rgebecebe deleted successfully.
C:\Users\Case\AppData\Local\uyejoyexa.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
C:\Program Files\DNA\btdna.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LosAlamos deleted successfully.
C:\Windows\System32\sshnas21.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\notepad deleted successfully.
C:\Windows\System32\config\systemprofile\ntload.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDBPL deleted successfully.
C:\Users\Case\AppData\Roaming\SystemProc\lsass.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC deleted successfully.
C:\Users\Case\AppData\Local\Temp\Ddq.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherDPA deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yxiviri deleted successfully.
C:\Users\Case\AppData\Local\d2nPLAlp.dll moved successfully.
C:\ProgramData\61881832 folder moved successfully.
C:\Users\Case\AppData\Local\UYxp8qC moved successfully.
File move failed. C:\Windows\System32\drivers\oelyhf.sys scheduled to be moved on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\Users\Case\AppData\Local\Mmokanede.dat moved successfully.
C:\Users\Case\AppData\Local\Lsexivewava.bin moved successfully.
C:\Users\Case\AppData\Roaming\glchvt.dat moved successfully.
C:\Users\Case\AppData\Roaming\avdrn.dat moved successfully.
C:\Windows\msa.exe moved successfully.
C:\Users\Case\AppData\Local\av.exe moved successfully.
C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll moved successfully.
C:\Users\Case\AppData\Roaming\998058 moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\35529024 not found.
File\Folder C:\ProgramData\61881832 not found.
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.

OTL by OldTimer - Version 3.1.30.3 log created on 02282010_165736

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\oelyhf.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Belahzur on 1st March 2010, 1:23 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 1:37 am

Apperently after I ran OTL last and it rebooted, it rebooted with a new one called "Security Tool," which is basically acting the same way... It won't let me visit the download page for combofix in Firefox or IE... I can visit the page in Opera but it doesn't let me rename combofix before downloading..

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Belahzur on 1st March 2010, 1:48 am

Okay, download it that way, but try running Combofix without renaming.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 2:04 am

Its not wanting to let me download anything.. can I download it with my other computer on to my external hard drive and transfer it over that way?

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 1st March 2010, 5:15 am

Alright I was able to get combofix to download with opera, and I was also able to rename it to svchost.exe during transfer.. I had to download it in safemode (I am currently in safemode.. this new malware apperently wont let me download, and it also has blacked out my desktop).. anyway, right now combofix says

Combofix has detected the following real time scanner(s) to be active:
AntiVir Destop
McAfee VirusScan
AVG Antivirus

and it says I need to disable them before clicking ok.. I dont have AVG running right now, and I dont have McAfee to my knowledge? X_x and i've never seen AntiVir Desktop...

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Belahzur on 1st March 2010, 8:13 pm

Okay, stay in Safe Mode and run Combofix anyhow, ignore the warning.

The antivirus doesn't have to be on the system for that, it's a leftover registry key that Combofix is detecting.

AVG and Avira don't tend to be as aggressive as Mcafee does, and if I don't see much left of Mcafee.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Notalious on 2nd March 2010, 12:41 am

Alright, did exactly what you said and haven't had any problems sense running combofix...

my computer restarted afterwords however, and It said not to open anything else until the log was completed.. I copyed the log and closed out, and than apperently it never saved correctly >_> so I dont have one to post..

Notalious
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-28
OS OS : Vista
Points Points : 24903
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Vista Antivirus Pro 2010

Post by Belahzur on 2nd March 2010, 1:43 pm

Can you post the Combofix log? once I see what's what, we can use Combofix to get rid of 2 out of the 3 AV's.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum