66 replies to this topic

[Blade81]

Hi again,

DC++

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
  Remember to re-enable them afterwards.
  
  
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[ArthurOPlasty]

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Wow, that has me worried. What could the application end up doing? What would happen if I don't correctly disable my antivirus? I'm not sure I know how to do that properly. Do you know if the tool works? or is it something created by some random to intentionally damage your computer?

Edited by ArthurOPlasty, 19 February 2010 - 05:48 PM.

[Blade81]

Hi,

By following instructions you should be able to disable protection properly.

[ArthurOPlasty]

I've run Combofix, but soon after starting my computer came up with the blue screen and restarted. It said something about boot cleaning, on the black screen I selected start windows normally. The computer loaded up fine, and there were no malware pop ups at all this time.

I don't think the scan completed though, because the progress stages was not displayed on the screen, and there was no log saved (there is one Combofix file in C:, but it is not a text file and it is 15mb). I tried running it again, and the same thing happened. I have all my antivirus and malware programs disabled, as well as the firewall and have no programs open. What should I do now?

Edited by ArthurOPlasty, 19 February 2010 - 08:42 PM.

[Blade81]

Hi,

Please try to run ComboFix in safe mode.

[ArthurOPlasty]

Hi,

Please try to run ComboFix in safe mode.

After running in safe mode it completes the first 2 stages, then shows a pop up saying.


PEV.cfxxe - Corrupt File
The file or directory C:\Windows\System32\Drivers\en-US is corrupt and unreadable. Please run the Chkdsk utility. The only button is okay. I clicked it and it did not go away, After 30 minutes the scan was not progressing, so I tried closing it and it wouldn't close. In the blue window it says the system cannot find message text for message number 0x237b in the message file for Application. Should I try running chkdsk with this application still open or should I restart and then do it?

Edited by ArthurOPlasty, 20 February 2010 - 10:28 AM.

[Blade81]

Hi,

Try to run GMER by making sure that only these options are selected:
-IAT/EAT
-Devices
-Processes
-Threads

[ArthurOPlasty]

GMER has now been scanning for about 90 mins, is that normal?

Down the bottom it seems like it is getting through the files really slowly, it will pause for about 10seconds then flick through a few. It is still on the IAT.

I've noticed a few files that have been scanned twice, i think the scan might be looping over the same files over and over again.

Edited by ArthurOPlasty, 20 February 2010 - 03:31 PM.

[Blade81]

Hi,

Are you running the scan in normal or safe mode? Is protection software disabled? Running in normal mode takes usually more time since there're more processes running.

[ArthurOPlasty]

Hi,

Are you running the scan in normal or safe mode? Is protection software disabled? Running in normal mode takes usually more time since there're more processes running.

I was running it in normal mode. The scan finished now. It came up with a box saying GMER did not detect any system modifications. I can't seem to save the log, I click on save and nothing happens.

[Blade81]

Ok. Please post a fresh dds log. Let's see what we have left there.

[ArthurOPlasty]

Ok. Please post a fresh dds log. Let's see what we have left there.

here are the new DDS logs

Attached Files

•  Attach2.txt   4.79K   195 downloads
•  DDS2.txt   18.04K   132 downloads

[Blade81]

Hi,

Seems that situation is pretty much same as before ComboFix run. Let's use another tool.

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Copy-paste following contents into custom scan -area:
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  /md5stop
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

[ArthurOPlasty]

here is OTL.txt

OTL logfile created on: 22/02/2010 12:31:35 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Roo\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.46 Gb Total Space | 16.00 Gb Free Space | 7.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMMODORE64
Current User Name: Roo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Roop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Sony Handheld\HOTSYNC.EXE (Palm, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Roop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100128.002\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ROOTMODEM) -- C:\Windows\System32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (DELL_A02) -- C:\Windows\System32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys (Palm, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/19 08:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Roop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyPoker\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries0000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Users\Roop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c9bc3f9-17a2-11de-a5f7-001b24d1bbfd}\Shell\Auto\command - "" = fun.xls.exe
O33 - MountPoints2\{225fa650-555a-11de-879c-0013e8ed7b1f}\Shell - "" = AutoRun
O33 - MountPoints2\{225fa650-555a-11de-879c-0013e8ed7b1f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{225fa67e-555a-11de-879c-0013e8ed7b1f}\Shell - "" = AutoRun
O33 - MountPoints2\{225fa67e-555a-11de-879c-0013e8ed7b1f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{288de4c9-4b52-11de-826d-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{288de4c9-4b52-11de-826d-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{288de502-4b52-11de-826d-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{288de502-4b52-11de-826d-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{288de503-4b52-11de-826d-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{288de503-4b52-11de-826d-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8428931a-b12b-11dd-8b38-001b24d1bbfd}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{8428931a-b12b-11dd-8b38-001b24d1bbfd}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{8428931a-b12b-11dd-8b38-001b24d1bbfd}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{88b65114-2cca-11dd-a4a8-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{88b65114-2cca-11dd-a4a8-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8fe47b69-a1e6-11dd-a048-00037aba82cc}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{8fe47b69-a1e6-11dd-a048-00037aba82cc}\Shell\explore\Command - "" = E:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{8fe47b69-a1e6-11dd-a048-00037aba82cc}\Shell\open\Command - "" = E:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{a81e703c-d078-11dc-95bf-0013e8ed7b1f}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{bf532014-b779-11dd-8d89-00037aba82cc}\Shell - "" = AutoRun
O33 - MountPoints2\{bf532014-b779-11dd-8d89-00037aba82cc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d1e5be7c-d8ec-11dc-840a-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e5be7c-d8ec-11dc-840a-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ec1c97fd-4f55-11de-8e13-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{ec1c97fd-4f55-11de-8e13-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ed60110a-e6c7-11dc-9f5f-0013e8ed7b1f}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/22 00:28:50 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Roop\Desktop\OTL.exe
[2010/02/20 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Roop\Desktop\gmer
[2010/02/20 20:03:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/02/20 20:03:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/20 06:02:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/20 06:02:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/20 06:02:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/20 06:02:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/20 06:02:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/20 06:01:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/19 21:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/19 02:34:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Roop\Desktop\HijackThisInstaller.exe
[2010/02/07 00:54:20 | 000,000,000 | ---D | C] -- C:\Users\Roop\Desktop\reg backup
[2010/02/07 00:52:42 | 000,000,000 | ---D | C] -- C:\Users\Roop\Desktop\erunt
[2010/02/05 09:22:05 | 000,161,144 | ---- | C] (Symantec Corporation) -- C:\Users\Roop\Desktop\FxNetsky.exe
[7 C:\Users\Roop\Documents\*.tmp files -> C:\Users\Roop\Documents\*.tmp -> ]
[53 C:\Users\Roop\Desktop\*.tmp files -> C:\Users\Roop\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/22 00:31:05 | 003,145,728 | -HS- | M] () -- C:\Users\Roop\ntuser.dat
[2010/02/22 00:29:14 | 000,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/22 00:29:14 | 000,631,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/22 00:29:14 | 000,112,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/22 00:26:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/22 00:24:14 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/02/22 00:24:14 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/02/22 00:24:14 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/02/22 00:24:13 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/02/22 00:24:13 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/02/22 00:23:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/22 00:23:30 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/02/22 00:22:55 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/22 00:22:55 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/22 00:22:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/22 00:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/22 00:22:48 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/22 00:17:58 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Roop\Desktop\OTL.exe
[2010/02/21 22:45:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/20 20:00:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/20 20:00:10 | 002,187,872 | -H-- | M] () -- C:\Users\Roop\AppData\Local\IconCache.db
[2010/02/20 05:12:08 | 000,142,848 | ---- | M] () -- C:\Users\Roop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 03:50:30 | 003,865,026 | R--- | M] () -- C:\Users\Roop\Desktop\ComboFix.exe
[2010/02/19 21:37:25 | 000,001,885 | ---- | M] () -- C:\Users\Roop\Desktop\HijackThis.lnk
[2010/02/19 14:25:54 | 000,003,934 | ---- | M] () -- C:\Users\Roop\Desktop\Attach.rar
[2010/02/19 14:25:38 | 000,003,983 | ---- | M] () -- C:\Users\Roop\Desktop\Attach.zip
[2010/02/19 03:23:34 | 000,524,288 | ---- | M] () -- C:\Users\Roop\Desktop\dds.scr
[2010/02/19 02:29:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\IS15.exe
[2010/02/19 02:29:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\41.exe
[2010/02/19 02:29:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\helper32.dll
[2010/02/19 02:29:14 | 000,002,931 | ---- | M] () -- C:\Windows\System32\warning.html
[2010/02/15 02:07:53 | 000,039,936 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/02/06 18:42:10 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Roop\Desktop\HijackThisInstaller.exe
[2010/02/06 18:40:58 | 000,284,915 | ---- | M] () -- C:\Users\Roop\Desktop\gmer.zip
[2010/02/05 16:08:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\18467.exe
[2010/02/05 15:21:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\9961.exe
[2010/02/05 15:01:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\16827.exe
[2010/02/05 14:41:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\23281.exe
[2010/02/05 14:21:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\28145.exe
[2010/02/05 14:01:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\5705.exe
[2010/02/05 13:41:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\24464.exe
[2010/02/05 13:21:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\26962.exe
[2010/02/05 13:01:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\29358.exe
[2010/02/05 12:41:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\11478.exe
[2010/02/05 12:21:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\15724.exe
[2010/02/05 12:01:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\19169.exe
[2010/02/05 11:41:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\26500.exe
[2010/02/05 11:21:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\6334.exe
[2010/02/05 09:18:16 | 000,161,144 | ---- | M] (Symantec Corporation) -- C:\Users\Roop\Desktop\FxNetsky.exe
[2010/02/05 03:33:13 | 000,037,376 | ---- | M] () -- C:\Windows\System32\winlogon32.exe
[2010/02/05 01:52:20 | 368,474,152 | ---- | M] () -- C:\Users\Roop\Desktop\Friday.Night.Lights.S04E12.iNTERNAL.HDTV.XviD-QoS.avi
[2010/02/04 23:20:38 | 001,526,272 | ---- | M] () -- C:\Users\Roop\Desktop\rooms.doc
[2010/02/04 20:34:00 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2010/02/04 20:21:30 | 024,814,884 | ---- | M] () -- C:\Users\Roop\Desktop\FullTiltSetup.exe
[2010/02/02 04:08:03 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Roop.job
[2010/02/01 02:20:14 | 004,019,848 | ---- | M] () -- C:\Users\Roop\Desktop\NewsletterApril2006.pdf
[2010/01/27 22:05:00 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[7 C:\Users\Roop\Documents\*.tmp files -> C:\Users\Roop\Documents\*.tmp -> ]
[53 C:\Users\Roop\Desktop\*.tmp files -> C:\Users\Roop\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/22 00:24:14 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/02/22 00:24:14 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/02/22 00:24:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/02/22 00:24:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/02/22 00:24:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/02/20 23:33:16 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/20 06:02:19 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/20 06:02:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/20 06:02:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/20 06:02:19 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/20 06:02:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/20 05:50:13 | 003,865,026 | R--- | C] () -- C:\Users\Roop\Desktop\ComboFix.exe
[2010/02/19 21:37:25 | 000,001,885 | ---- | C] () -- C:\Users\Roop\Desktop\HijackThis.lnk
[2010/02/19 14:25:54 | 000,003,934 | ---- | C] () -- C:\Users\Roop\Desktop\Attach.rar
[2010/02/19 14:25:38 | 000,003,983 | ---- | C] () -- C:\Users\Roop\Desktop\Attach.zip
[2010/02/19 03:29:58 | 000,524,288 | ---- | C] () -- C:\Users\Roop\Desktop\dds.scr
[2010/02/19 02:34:23 | 000,284,915 | ---- | C] () -- C:\Users\Roop\Desktop\gmer.zip
[2010/02/19 02:29:14 | 000,002,931 | ---- | C] () -- C:\Windows\System32\warning.html
[2010/02/05 15:21:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\9961.exe
[2010/02/05 15:01:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\16827.exe
[2010/02/05 14:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\23281.exe
[2010/02/05 07:23:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\28145.exe
[2010/02/05 07:03:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\5705.exe
[2010/02/05 06:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\24464.exe
[2010/02/05 06:23:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\26962.exe
[2010/02/05 06:03:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\29358.exe
[2010/02/05 05:43:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\11478.exe
[2010/02/05 05:23:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\15724.exe
[2010/02/05 05:03:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\19169.exe
[2010/02/05 04:43:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\26500.exe
[2010/02/05 04:23:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\6334.exe
[2010/02/05 04:02:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\18467.exe
[2010/02/05 03:35:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\41.exe
[2010/02/05 03:34:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IS15.exe
[2010/02/05 03:34:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\helper32.dll
[2010/02/05 03:33:26 | 000,037,376 | ---- | C] () -- C:\Windows\System32\winlogon32.exe
[2010/02/05 01:51:47 | 368,474,152 | ---- | C] () -- C:\Users\Roop\Desktop\Friday.Night.Lights.S04E12.iNTERNAL.HDTV.XviD-QoS.avi
[2010/02/04 20:34:00 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2010/02/04 20:21:27 | 024,814,884 | ---- | C] () -- C:\Users\Roop\Desktop\FullTiltSetup.exe
[2010/02/01 02:20:14 | 004,019,848 | ---- | C] () -- C:\Users\Roop\Desktop\NewsletterApril2006.pdf
[2009/10/14 15:38:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/10/14 15:38:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/07/07 13:31:04 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/06/20 07:09:38 | 000,000,099 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009/06/05 21:10:37 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009/06/05 01:40:55 | 000,049,152 | ---- | C] () -- C:\Windows\System32\CoPrism.dll
[2009/03/23 20:17:51 | 000,000,680 | ---- | C] () -- C:\Users\Roop\AppData\Local\d3d9caps.dat
[2008/11/03 09:57:37 | 000,004,096 | -H-- | C] () -- C:\Users\Roop\AppData\Local\keyfile3.drm
[2008/10/03 18:53:15 | 000,018,169 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/08/27 12:13:03 | 000,139,264 | ---- | C] () -- C:\Windows\System32\msmmcdord.dll
[2008/07/05 12:53:10 | 000,023,888 | ---- | C] () -- C:\Users\Roop\AppData\Roaming\UserTile.png
[2008/02/17 13:09:37 | 000,001,024 | ---- | C] () -- C:\Users\Roop\AppData\Roaming\WavCodec.wff
[2008/02/06 12:02:05 | 000,000,092 | ---- | C] () -- C:\Users\Roop\AppData\Local\fusioncache.dat
[2008/02/01 16:02:01 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/01 15:22:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/01 14:58:55 | 000,142,848 | ---- | C] () -- C:\Users\Roop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/16 19:12:15 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/01/16 19:12:14 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/01/16 19:12:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/01/16 19:12:14 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/22 08:12:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/22 08:04:07 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/22 08:04:07 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/22 08:04:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/22 08:04:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/22 08:04:07 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/22 08:04:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/22 07:24:05 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/21 03:14:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1263.dll
[2007/05/21 03:14:13 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/21 03:14:13 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/10 04:25:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/22 06:26:58 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/26 02:52:03 | 000,009,839 | ---- | C] () -- C:\Windows\System32\mswmndore.dll
[2006/12/06 07:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/23 15:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/01/19 18:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 20:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 20:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 18:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 20:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 03:04:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/14 03:04:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 03:04:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 03:04:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 20:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 20:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2006/12/04 11:53:08 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=A23819D7B19E5ECF16AAD99D90291381 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 17:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/02/12 17:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\TOSAPINS\Intel-Matrix-Storage-Manager\Winall\Driver64\IaStor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\TOSAPINS\Intel-Matrix-Storage-Manager\Winall\Driver\iaStor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 18:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 20:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 20:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 20:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 20:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 18:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 20:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 20:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 18:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 18:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 20:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 20:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:8927A071
< End of report >

[ArthurOPlasty]

here is extras.txt

OTL Extras logfile created on: 22/02/2010 12:31:35 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Roo\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.46 Gb Total Space | 16.00 Gb Free Space | 7.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMMODORE64
Current User Name: Roo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4657F749-22F9-40DB-A5D7-EF410E3ECD17}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{68A89B02-35F9-4E67-8DCE-24CB5E622D05}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{75105EA1-60E1-46F5-8758-8D11165BC2A7}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{F07D775C-393A-46C3-877C-76C0EA95319B}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A45232F-65B2-4459-8563-264B27BBDEFE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{33B2A501-EA45-4245-A825-64D3FBB0F841}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{379DE29A-8A80-4D3B-9E3F-7C4877DD40F3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{450F52F3-6FAE-4F98-ACF5-EB551F6BB6F7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BA5404B2-C763-4029-A98A-F4DA5A2AFF33}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BAB9309C-D131-44C7-B777-87453CE1AEC1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D6A18C8E-2ADC-47F1-A922-6F6A5149F02C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D712357A-4B91-4BDC-ADDB-F1B13F53B366}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{E43ADA43-A657-434A-8D24-CE068DD3DA8F}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7F92CF44-17EF-43E8-ABD2-76150AEA8D28}" = SymNet
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B8513E0A-6744-4BBC-A18D-BADEC2F85D92}" = Symantec Real Time Storage Protection Component
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Applian FLV Player2.0.24" = Applian FLV Player
"AviSynth" = AviSynth 2.5
"bwin" = bwin Poker (remove only)
"bwin Poker_is1" = bwin Poker
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DC++" = DC++ 0.7091
"Dodo Wireless Broadband" = Dodo Wireless Broadband
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Mansion Poker" = MansionPoker
"Maple 11" = Maple 11
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nucleus Kernel Powerpoint Recovery - Evaluation Version_is1" = Nucleus Kernel Powerpoint Recovery Evaluation Version 4.05.01
"Optus Wireless Broadband" = Optus Wireless Broadband
"Pacific Poker" = Pacific Poker
"PartyPoker" = PartyPoker
"PDF Splitter and Merger 3.0" = PDF Splitter and Merger 3.0
"PokerRoom Home Game Organizer" = PokerRoom Home Game Organizer
"PokerStars" = PokerStars
"ProInst" = Intel® PROSet/Wireless Software
"PS3 Video 9" = PS3 Video 9 4.08
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Rainlendar2" = Rainlendar2 (remove only)
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Titan Poker" = Titan Poker
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VideoLAN VLC media player 0.8.6e
"voxware_is1" = Voxware Audio decoder 1.6
"WavePad" = WavePad Uninstall
"WinDjView" = WinDjView 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OANDA FXGame" = OANDA FXGame

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[Blade81]

Thanks for the logs. Let's continue.

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLO4 - HKLM..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not foundO4 - HKCU..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not foundO15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)O33 - MountPoints2\{1c9bc3f9-17a2-11de-a5f7-001b24d1bbfd}\Shell\Auto\command - "" = fun.xls.exeO33 - MountPoints2\{ed60110a-e6c7-11dc-9f5f-0013e8ed7b1f}\Shell\Auto\command - "" = infrom.exe:FilesC:\Windows\System32\IS15.exeC:\Windows\System32\41.exeC:\Windows\System32\helper32.dllC:\Windows\System32\warning.htmlC:\Windows\System32\18467.exeC:\Windows\System32\9961.exeC:\Windows\System32\16827.exeC:\Windows\System32\23281.exeC:\Windows\System32\28145.exeC:\Windows\System32\5705.exeC:\Windows\System32\24464.exeC:\Windows\System32\26962.exeC:\Windows\System32\29358.exeC:\Windows\System32\11478.exeC:\Windows\System32\15724.exeC:\Windows\System32\19169.exeC:\Windows\System32\26500.exeC:\Windows\System32\6334.exeC:\Windows\System32\winlogon32.exe:Commands[emptytemp][Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post results and a new OTL log. Note: you need to run OTL again to get new log (don't have to put anything in custom scans/fixes window this time).

Get updates 8.2 and 8.2.1 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

You should update Adobe Acrobat Professional too.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. Post back its report.

[ArthurOPlasty]

Here are the results of the run fix

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internetsecurity10.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internetsecurity10.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c9bc3f9-17a2-11de-a5f7-001b24d1bbfd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c9bc3f9-17a2-11de-a5f7-001b24d1bbfd}\ not found.
File fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed60110a-e6c7-11dc-9f5f-0013e8ed7b1f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed60110a-e6c7-11dc-9f5f-0013e8ed7b1f}\ not found.
File infrom.exe not found.
========== FILES ==========
C:\Windows\System32\IS15.exe moved successfully.
C:\Windows\System32\41.exe moved successfully.
C:\Windows\System32\helper32.dll moved successfully.
C:\Windows\System32\warning.html moved successfully.
C:\Windows\System32\18467.exe moved successfully.
C:\Windows\System32\9961.exe moved successfully.
C:\Windows\System32\16827.exe moved successfully.
C:\Windows\System32\23281.exe moved successfully.
C:\Windows\System32\28145.exe moved successfully.
C:\Windows\System32\5705.exe moved successfully.
C:\Windows\System32\24464.exe moved successfully.
C:\Windows\System32\26962.exe moved successfully.
C:\Windows\System32\29358.exe moved successfully.
C:\Windows\System32\11478.exe moved successfully.
C:\Windows\System32\15724.exe moved successfully.
C:\Windows\System32\19169.exe moved successfully.
C:\Windows\System32\26500.exe moved successfully.
C:\Windows\System32\6334.exe moved successfully.
C:\Windows\System32\winlogon32.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Roo
->Temp folder emptied: 2176503259 bytes
->Temporary Internet Files folder emptied: 89939830 bytes
->Java cache emptied: 77004777 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164803202 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,392.00 mb


OTL by OldTimer - Version 3.1.30.1 log created on 02222010_014846

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET7750.tmp not found!

Registry entries deleted on Reboot...

[ArthurOPlasty]

Here are the results of the latest OTL scan

OTL logfile created on: 22/02/2010 1:55:54 AM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Roo\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.46 Gb Total Space | 18.34 Gb Free Space | 8.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMMODORE64
Current User Name: Roo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Roo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Sony Handheld\HOTSYNC.EXE (Palm, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Roop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100128.002\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ROOTMODEM) -- C:\Windows\System32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (DELL_A02) -- C:\Windows\System32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys (Palm, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/19 08:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Roop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyPoker\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries0000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Users\Roop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{225fa650-555a-11de-879c-0013e8ed7b1f}\Shell - "" = AutoRun
O33 - MountPoints2\{225fa650-555a-11de-879c-0013e8ed7b1f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{225fa67e-555a-11de-879c-0013e8ed7b1f}\Shell - "" = AutoRun
O33 - MountPoints2\{225fa67e-555a-11de-879c-0013e8ed7b1f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{288de4c9-4b52-11de-826d-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{288de4c9-4b52-11de-826d-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{288de502-4b52-11de-826d-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{288de502-4b52-11de-826d-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{288de503-4b52-11de-826d-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{288de503-4b52-11de-826d-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8428931a-b12b-11dd-8b38-001b24d1bbfd}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{8428931a-b12b-11dd-8b38-001b24d1bbfd}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{8428931a-b12b-11dd-8b38-001b24d1bbfd}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{88b65114-2cca-11dd-a4a8-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{88b65114-2cca-11dd-a4a8-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8fe47b69-a1e6-11dd-a048-00037aba82cc}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{8fe47b69-a1e6-11dd-a048-00037aba82cc}\Shell\explore\Command - "" = E:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{8fe47b69-a1e6-11dd-a048-00037aba82cc}\Shell\open\Command - "" = E:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{a81e703c-d078-11dc-95bf-0013e8ed7b1f}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{bf532014-b779-11dd-8d89-00037aba82cc}\Shell - "" = AutoRun
O33 - MountPoints2\{bf532014-b779-11dd-8d89-00037aba82cc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d1e5be7c-d8ec-11dc-840a-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e5be7c-d8ec-11dc-840a-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ec1c97fd-4f55-11de-8e13-001b24d1bbfd}\Shell - "" = AutoRun
O33 - MountPoints2\{ec1c97fd-4f55-11de-8e13-001b24d1bbfd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/22 01:48:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/22 00:28:50 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Roop\Desktop\OTL.exe
[2010/02/20 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Roop\Desktop\gmer
[2010/02/20 20:03:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/02/20 20:03:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/20 06:02:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/20 06:02:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/20 06:02:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/20 06:02:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/20 06:02:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/20 06:01:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/19 21:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/19 02:34:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Roop\Desktop\HijackThisInstaller.exe
[2010/02/07 00:54:20 | 000,000,000 | ---D | C] -- C:\Users\Roop\Desktop\reg backup
[2010/02/07 00:52:42 | 000,000,000 | ---D | C] -- C:\Users\Roop\Desktop\erunt
[2010/02/05 09:22:05 | 000,161,144 | ---- | C] (Symantec Corporation) -- C:\Users\Roop\Desktop\FxNetsky.exe
[7 C:\Users\Roop\Documents\*.tmp files -> C:\Users\Roop\Documents\*.tmp -> ]
[53 C:\Users\Roop\Desktop\*.tmp files -> C:\Users\Roop\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/22 01:57:29 | 003,145,728 | -HS- | M] () -- C:\Users\Roop\ntuser.dat
[2010/02/22 01:54:53 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/22 01:52:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/22 01:52:21 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/02/22 01:51:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/22 01:51:52 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/22 01:51:51 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/22 01:51:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/22 01:51:41 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/22 01:50:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/22 01:43:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/22 00:29:14 | 000,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/22 00:29:14 | 000,631,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/22 00:29:14 | 000,112,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/22 00:17:58 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Roop\Desktop\OTL.exe
[2010/02/20 20:00:10 | 002,187,872 | -H-- | M] () -- C:\Users\Roop\AppData\Local\IconCache.db
[2010/02/20 05:12:08 | 000,142,848 | ---- | M] () -- C:\Users\Roop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 03:50:30 | 003,865,026 | R--- | M] () -- C:\Users\Roop\Desktop\ComboFix.exe
[2010/02/19 21:37:25 | 000,001,885 | ---- | M] () -- C:\Users\Roop\Desktop\HijackThis.lnk
[2010/02/19 14:25:54 | 000,003,934 | ---- | M] () -- C:\Users\Roop\Desktop\Attach.rar
[2010/02/19 14:25:38 | 000,003,983 | ---- | M] () -- C:\Users\Roop\Desktop\Attach.zip
[2010/02/19 03:23:34 | 000,524,288 | ---- | M] () -- C:\Users\Roop\Desktop\dds.scr
[2010/02/15 02:07:53 | 000,039,936 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/02/06 18:42:10 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Roop\Desktop\HijackThisInstaller.exe
[2010/02/06 18:40:58 | 000,284,915 | ---- | M] () -- C:\Users\Roop\Desktop\gmer.zip
[2010/02/05 09:18:16 | 000,161,144 | ---- | M] (Symantec Corporation) -- C:\Users\Roop\Desktop\FxNetsky.exe
[2010/02/05 01:52:20 | 368,474,152 | ---- | M] () -- C:\Users\Roop\Desktop\Friday.Night.Lights.S04E12.iNTERNAL.HDTV.XviD-QoS.avi
[2010/02/04 23:20:38 | 001,526,272 | ---- | M] () -- C:\Users\Roop\Desktop\rooms.doc
[2010/02/04 20:34:00 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2010/02/04 20:21:30 | 024,814,884 | ---- | M] () -- C:\Users\Roop\Desktop\FullTiltSetup.exe
[2010/02/02 04:08:03 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Roop.job
[2010/02/01 02:20:14 | 004,019,848 | ---- | M] () -- C:\Users\Roop\Desktop\NewsletterApril2006.pdf
[2010/01/27 22:05:00 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[7 C:\Users\Roop\Documents\*.tmp files -> C:\Users\Roop\Documents\*.tmp -> ]
[53 C:\Users\Roop\Desktop\*.tmp files -> C:\Users\Roop\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 23:33:16 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/20 06:02:19 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/20 06:02:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/20 06:02:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/20 06:02:19 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/20 06:02:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/20 05:50:13 | 003,865,026 | R--- | C] () -- C:\Users\Roop\Desktop\ComboFix.exe
[2010/02/19 21:37:25 | 000,001,885 | ---- | C] () -- C:\Users\Roop\Desktop\HijackThis.lnk
[2010/02/19 14:25:54 | 000,003,934 | ---- | C] () -- C:\Users\Roop\Desktop\Attach.rar
[2010/02/19 14:25:38 | 000,003,983 | ---- | C] () -- C:\Users\Roop\Desktop\Attach.zip
[2010/02/19 03:29:58 | 000,524,288 | ---- | C] () -- C:\Users\Roop\Desktop\dds.scr
[2010/02/19 02:34:23 | 000,284,915 | ---- | C] () -- C:\Users\Roop\Desktop\gmer.zip
[2010/02/05 01:51:47 | 368,474,152 | ---- | C] () -- C:\Users\Roop\Desktop\Friday.Night.Lights.S04E12.iNTERNAL.HDTV.XviD-QoS.avi
[2010/02/04 20:34:00 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2010/02/04 20:21:27 | 024,814,884 | ---- | C] () -- C:\Users\Roop\Desktop\FullTiltSetup.exe
[2010/02/01 02:20:14 | 004,019,848 | ---- | C] () -- C:\Users\Roop\Desktop\NewsletterApril2006.pdf
[2009/10/14 15:38:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/10/14 15:38:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/07/07 13:31:04 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/06/20 07:09:38 | 000,000,099 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009/06/05 21:10:37 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009/06/05 01:40:55 | 000,049,152 | ---- | C] () -- C:\Windows\System32\CoPrism.dll
[2009/03/23 20:17:51 | 000,000,680 | ---- | C] () -- C:\Users\Roop\AppData\Local\d3d9caps.dat
[2008/11/03 09:57:37 | 000,004,096 | -H-- | C] () -- C:\Users\Roop\AppData\Local\keyfile3.drm
[2008/10/03 18:53:15 | 000,018,169 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/08/27 12:13:03 | 000,139,264 | ---- | C] () -- C:\Windows\System32\msmmcdord.dll
[2008/07/05 12:53:10 | 000,023,888 | ---- | C] () -- C:\Users\Roop\AppData\Roaming\UserTile.png
[2008/02/17 13:09:37 | 000,001,024 | ---- | C] () -- C:\Users\Roop\AppData\Roaming\WavCodec.wff
[2008/02/06 12:02:05 | 000,000,092 | ---- | C] () -- C:\Users\Roop\AppData\Local\fusioncache.dat
[2008/02/01 16:02:01 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/01 15:22:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/01 14:58:55 | 000,142,848 | ---- | C] () -- C:\Users\Roop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/16 19:12:15 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/01/16 19:12:14 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/01/16 19:12:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/01/16 19:12:14 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/22 08:12:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/22 08:04:07 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/22 08:04:07 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/22 08:04:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/22 08:04:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/22 08:04:07 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/22 08:04:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/22 07:24:05 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/21 03:14:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1263.dll
[2007/05/21 03:14:13 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/21 03:14:13 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/10 04:25:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/22 06:26:58 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/26 02:52:03 | 000,009,839 | ---- | C] () -- C:\Windows\System32\mswmndore.dll
[2006/12/06 07:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/23 15:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:8927A071
< End of report >

[Blade81]

Good. I'll get back to this after Kaspersky online scanner report is ready

[ArthurOPlasty]

here is Kas results

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, February 22, 2010
Operating system: Microsoft Windows Vista Business Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, February 22, 2010 02:08:58
Records in database: 3614181
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 268479
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 04:22:24


File name / Threat / Threats count
C:\_OTL\MovedFiles2222010_014846\C_Windows\System32\warning.html Infected: Trojan.JS.Fraud.w 1
C:\_OTL\MovedFiles2222010_014846\C_Windows\System32\winlogon32.exe Infected: Packed.Win32.Krap.an 1

Selected area has been scanned.